Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
markwymer

create summary index in transforms.conf

Hi all, I currently have a scheduled search that runs every minute and filters certain events for the previous minut...
by markwymer Path Finder in Getting Data In 08-31-2016
0 4
0
4
wcgage

Add a custom Perfmon

I have a saved Perfmon that is installed on my environment. I'd like to bring that data in. for example: name of p...
by wcgage Path Finder in Getting Data In 08-31-2016
1 1
1
1
pallavibalasa

csv file could not be read.

I created a csv file and placed in splunk/var/run/splunk/csv/ folder and using the command |inputcsv filename.csv I ...
by pallavibalasa Explorer in Getting Data In 08-31-2016
0 4
0
4
JeremyHagan

Missing events from search for specific hosts running UF

I have around 80 identically configured branch office domain controllers. They all get their config from the deployme...
by JeremyHagan Communicator in Getting Data In 08-30-2016
0 2
0
2
herterich

How can we anonymize user date at search time?

I want to anonymize user data (for example email adresses) at searchtime and tried a couple of ways. I tried the rex ...
by herterich Explorer in Getting Data In 08-30-2016
4 8
4
8
user12345a_2

Why is my production environment breaking logs differently than my lab?

Good morning. So I have some TomCat logs of the format below that are parsing correctly in my lab but not in my produ...
by user12345a_2 Explorer in Getting Data In 08-30-2016
1 1
1
1
cpenkert

Windows Event Logs stop forwarding - why?

I have Splunk forwarder installed on many Windows 2008 systems, and recently, the Windows Event logs stopped showing ...
by cpenkert Path Finder in Getting Data In 08-30-2016
0 5
0
5
dbcase

How to configure Splunk to break my sample log data into separate events, not one combined event?

Hi, I have the below log data: 16:37:56.875 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-...
by dbcase Motivator in Getting Data In 08-30-2016
0 4
0
4
trevorQmulos

Search for users who have triggered multiple Windows Event Codes

I am looking for a way to show users who have matched three separate Windows Security Event Codes IE user X has (Eve...
by trevorQmulos New Member in Getting Data In 08-30-2016
0 2
0
2
markwymer

What are best practices with creating indexes and sourcetypes for two distinct sources of unstructured data from the same application?

Hi all, I couldn't find any definitive answers, so I'm hoping that the forum members' real life experiences may poin...
by markwymer Path Finder in Getting Data In 08-30-2016
0 2
0
2
shan_santosh

How to filter out the first 2 lines of an event?

I have a VB script to get Local users from Admin group. The event data from this script by default adds the below 2 l...
by shan_santosh Explorer in Getting Data In 08-30-2016
0 2
0
2
user12345a_2

Why are my Catalina logs not line breaking as expected when I set up a directory monitor in inputs.conf?

Hello, I'm trying to get some Tomcat Catalina logs to import correctly. Manually importing the files works fine, b...
by user12345a_2 Explorer in Getting Data In 08-30-2016
0 4
0
4
pxs0514

I have events that I need to split out according to an suffixed number on the end of the field names and then summarized with other events for the same Flow Name.

All of the fields ending in _1 need to be reported together, then all those ending in _2, etc. The number of suffixe...
by pxs0514 Explorer in Getting Data In 08-30-2016
0 1
0
1
jgcsco

Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"?

I have followed the following links for getting SNMP Data into Splunk: http://blogs.splunk.com/2013/11/06/adventures...
by jgcsco Path Finder in Getting Data In 08-29-2016
0 2
0
2
jgorman_THG

Is it normal to have both sourcetype UDP:514 and sourcetype syslog?

Hello, My colleague configured 1 heavy forwarder and I configured the other 2. In my Splunk, I see both sourcetype U...
by jgorman_THG Explorer in Getting Data In 08-29-2016
0 1
0
1
msantich

Why do I get "Invalid key in stanza [tcp-ssl://:1470] ... connection_host=dns your indexes and inputs are not internally consistent"?

Hello, Our /opt/splunk/etc/apps/search/local/inputs.conf file on our forwarder contains: [tcp-ssl://:1470] connecti...
by msantich Path Finder in Getting Data In 08-29-2016
0 6
0
6
bruceclarke

inputcsv returning no results

All, I am trying to read a csv file using the inputcsv command. I can't seem to figure out why, but the command isn...
by bruceclarke Contributor in Getting Data In 08-29-2016
1 6
1
6
vivek_manoj

In props.conf what does each term means??

INDEXED_EXTRACTIONS = csv NO_BINARY_CHECK = true category = Custom pulldown_type = 1 config = props
by vivek_manoj Explorer in Getting Data In 08-29-2016
0 3
0
3
Esky73

precedence in outputs.conf on heavy forwarders

I have 2 heavy forwarders that forward to 2 peer indexers their config is identical like so : [tcpout] defaultGroup=...
by Esky73 Builder in Getting Data In 08-28-2016
0 1
0
1
FRoth

Splunk learned app should stop learning / too_small / dispatch.evaluate

I defined a new input folder that receives gzipped server logs from a scp copy job on our servers. inputs.conf [mo...
by FRoth Contributor in Getting Data In 08-28-2016
1 2
1
2
ddrillic

How can we identify forwarders which are not connected to certain indexers?

The DMC shows us the following - It shows the connected forwarders to the four indexers, the yellow line is actua...
by ddrillic Ultra Champion in Getting Data In 08-28-2016
0 2
0
2
rajakannan

Splunk forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0

Splunk heavy forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0 , it's o...
by rajakannan Engager in Getting Data In 08-28-2016
0 2
0
2
dpanych

How come some data returns after doing pipe delete and a restart of indexers?

We're having issues when we delete some data (with |delete) and after an indexer restarts in the clustered environmen...
by dpanych Communicator in Getting Data In 08-26-2016
1 8
1
8
Cuyose

All indexed data from earlier than yesterday disappeared.

I was hoping someone could help me here. We had been ingesting data to an index just fine for weeks, Then all of the...
by Cuyose Builder in Getting Data In 08-26-2016
0 1
0
1
benbeard

How to purge old syslog events in Splunk?

I can't for the life of me figure out how to purge old syslog entries in Splunk. Tech details: My 1st time using Spl...
by benbeard New Member in Getting Data In 08-26-2016
0 1
0
1
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All