Getting Data In

Ask a Question

Discussions

Thread Info

How do I get the logs from the servers into Splunk?

Dear All, I am new to Splunk. Just installed Splunk on my servers. Kindly let me know how I can start receiving th...

by New Member in

Why is source type override based on host not working?

Hi All, I have some switch logs which are configured to Splunk from 3 Universal Forwarders into one index. Based o...

by Path Finder in

Is there a way to return a search.log for a recent search job using the REST api?

I'd like to monitor for certain text in a search.log for recent jobs. Is there a way to return a search.log for a...

by Path Finder in

Added data not showing up in respective source types

I added some dummy data yesterday after creating an index and respective source type But today morning i found there ...

by Engager in

How to get repeated event for the same host and instance over the period?

I have some events on my server. I want to get events which are occurring repeatedly for same host and same instance ...

by Communicator in

In Splunk Free, could you help me with snmp_ta handling SNMP tables?

Hello Splunkers, I'm testing "snmp_ta" with Splunk Free and have a handle on capturing single OID and graphing, b...

by New Member in

How to resolve "Invalid username or password. Your license is Expired" error?

I've been contracted to install and setup Splunk Enterprise on Windows Server 2008R2 for a customer. I originally did...

by Explorer in

How to prevent splunk from merging few JSON strings into single event?

Example raw data: {"field1": "value1", "field2": "value2", ..., "string": "1" } {"field1": "value1", "field2": "...

by Explorer in

How to only see duplicates?

I have two profile settings. They both shouldn't be on at the same time. I am trying to see which devices have both o...

by Contributor in

How to get data from two indexes?

Good day everyone, i am dealing with an issue that i haven't been able to find an answer for so far. here is the prob...

by Path Finder in

Please help me identify why Splunk is omitting extracting milliseconds from my JSON

Hi folks, running into a strange issue here. Taking the following json: { [-] @timestamp: 2018-08-30T0...

by Builder in

REST in Splunk 7.0.1: Only 'nobody' allowed to access kvstores?

Hi, I am writing a script to push relevant data from our apps into a kvstore for use as a lookup. When querying...

by Engager in

Reading Data from ElasticSearch to Splunk

My goal is to forward all ES indexes data to splunk using logstash. I have installed logstash on ES node and crea...

by New Member in

Can you help me filter out wineventlog eventcode 4656 account names in transforms.conf?

I am trying to figure out how to filter out account names that end in $ for the 4656 event codes. i am currently usin...

by Path Finder in

How to parse and index fields from my unstructured data?

Hi, I'm trying to successfully parse out some fields from unstructured log file. Below is a snippet: Tue Ju...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I get the logs from the servers into Splunk?

Why is source type override based on host not working?

Is there a way to return a search.log for a recent search job using the REST api?

Added data not showing up in respective source types

How to get repeated event for the same host and instance over the period?

In Splunk Free, could you help me with snmp_ta handling SNMP tables?

How to resolve "Invalid username or password. Your license is Expired" error?

How to prevent splunk from merging few JSON strings into single event?

How to only see duplicates?

How to get data from two indexes?

Please help me identify why Splunk is omitting extracting milliseconds from my JSON

REST in Splunk 7.0.1: Only 'nobody' allowed to access kvstores?

Reading Data from ElasticSearch to Splunk

Can you help me filter out wineventlog eventcode 4656 account names in transforms.conf?

How to parse and index fields from my unstructured data?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

Moving Distributed environment to a different Lice...

Question regarding TA

Ingest Cayosoft Administrator logs into Splunk

Lopping Off Dot Notation Field Names

Splunk on GCP: what's the benefit of running dataf...