Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to create a dynamic moving graph using CSV data?

Hi, I have data in a CSV file for the last 7 days. I want to plot a graph using that CSV file, but the graph shoul...

by Communicator in

How do I do mathematical operations (subtraction) with two timestamps in the same event?

I've been trying to: 1) convert two date stamps into epoch (timestamp and lastmodified). The lastmodified stamp will...

by Explorer in

How to compare 4 fields against multiple ranges and sum by number of sources?

I have four utilization fields (with 30 days worth of averages). Fields are inbound_avg_util, inbound_max_util, outbo...

by Explorer in

How to filter out WMI Windows events with blacklist in Splunk 6.1.3?

Hello there! We collect WMI Windows event with Splunk 6.1.3 and we want to filter some of these events. We tried w...

by New Member in

How to filter WMI event logs using blacklist, props or transforms in Splunk 6.* ?

Hello, everybody! I have some question. We collect WMI event log security. So sourcetype in splunk is "wmi:eventlo...

by Path Finder in

What would be the most efficient way of parsing pfSense 2.2 logs' new format? Regex, CSV or some other way?

Hi, I've been using Splunk for a while but only in a very basic way, by monitoring my Kiwi syslog files. pfSens...

by Engager in

Is it possible to retroactively split logs by deleting the universal forwarder off the server, then reinstall it with props.conf changes?

I have about 10 million events in one index and my manager wants me to split them up differently than they currently ...

by SplunkTrust in

convert time format

Hi , In splunk query i need to convert time format as below . Current format - Apr 13 17:58:35 Required Form...

by Path Finder in

How can I index login/logout logs from an Oracle database in Splunk?

Hi all, How can I index login/logout logs from an Oracle Database in Splunk? Thanks. Marco

by New Member in

Can I configure the source in the inputs.conf file?

This is on a forwarder. We have two forwarders receiving syslog from some appliances. The forwarders write the syslog...

by Path Finder in

this xml file does not appear to have any style

Hello everyone, Please if someone among you could help me resolving this problem: I juste imported the windows infras...

by New Member in

How to configure props.conf to merge two events into one?

I have a text file as shown below: (raw text file) cn=host1:1636,cn=host2:1389,ibm-replicaGroup=default,O=org1 ...

by Communicator in

AIX 7.1 64 bit

Hi Do splunk support AIX 7.1 64bit? recently we have a project they would want to apply FSCHANGE on AIX7.1 64bit. Tha...

by Explorer in

Can I create a minimum capability user role on a Linux Universal Forwarder so events can be accepted and forwarded to the indexer?

I have a Linux Universal Forwarder that will be receiving events via the REST interface's simple receiver. https:/...

by Path Finder in

Getting Data In

Discussions

How to create a dynamic moving graph using CSV data?

How do I do mathematical operations (subtraction) with two timestamps in the same event?

How to compare 4 fields against multiple ranges and sum by number of sources?

How to filter out WMI Windows events with blacklist in Splunk 6.1.3?

How to filter WMI event logs using blacklist, props or transforms in Splunk 6.* ?

What would be the most efficient way of parsing pfSense 2.2 logs' new format? Regex, CSV or some other way?

Is it possible to retroactively split logs by deleting the universal forwarder off the server, then reinstall it with props.conf changes?

convert time format

How can I index login/logout logs from an Oracle database in Splunk?

Can I configure the source in the inputs.conf file?

this xml file does not appear to have any style

How to configure props.conf to merge two events into one?

AIX 7.1 64 bit

Can I create a minimum capability user role on a Linux Universal Forwarder so events can be accepted and forwarded to the indexer?

Where is the admin/LDAP-groups API documentation?

Does Splunk take into consideration Timezone Daylight Saving ?

How archiving splunk logs to hdfs work

nullQueue for Windows event codes not working

Is there an app to index and view MySQL logs in Splunk?

Why an extracted CSV sent over email is line breaking at 990th character and how to change this setting?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Where does token gets stored when created by splun...

How does one ingest Email Metadata into Spunk Ent....

WebTools Add-on with Splunk cloud

config files for loading attack datasets from Splu...

VMware 7 Upgrade causing more volume

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >