Getting Data In

Community Activity

Forwarder fails, monitored file is archived, what happens? Hello, I have a hypothetical scenario which I hope someone can help me with. Let's say I have a Linux server with a... by roychen Path Finder in Getting Data In 07-07-2016 1 8	1	8
Can some data coming into Splunk via HTTP Event Collector be filtered to nullqueue based on sourcetype? When data is coming into Splunk through the HTTP Event Collector, can some of it be routed to the nullqueue based on ... by simpkins1958 Contributor in Getting Data In 07-07-2016 0 2	0	2
Can you tell me what I am doing wrong with my props.conf for this JSON file? All, I have the following little JSON dump which works perfectly out of the box. But for best practices I was writi... by daniel333 Builder in Getting Data In 07-06-2016 0 1	0	1
How to index logs of different source types in a single index? How can I index logs from different source types in the same index? Let's say Network ABC is having one AD and one Fi... by masterpiece Engager in Getting Data In 07-06-2016 0 1	0	1
How do I convert these timestamps to epoch? Need help converting these times to epoch so that I can do a DIFF between them. branchExecutionStartTime=Wed Jul 0... by kmccowen Path Finder in Getting Data In 07-06-2016 0 2	0	2
How would one investigate the sources/logic of a data model? I am reviewing data models that were created by another user. Is there an easy way to analyze them? by packet_hunter Contributor in Getting Data In 07-06-2016 0 1	0	1
How to resend the specific event log from Windows Universal Forwarder Hello Splunkers, We are collecting the Security Event Log from Windows 2012 Server which has Universal Forwarder ins... by kuga_mbsd New Member in Getting Data In 07-06-2016 0 4	0	4
Lookup- UnMatched Values http://docs.splunk.com/Documentation/Splunk/6.4.1/Knowledge/ConfigureCSVlookups#Prefilter_large_CSV_lookup_tables I ... by ashishlal82 Explorer in Getting Data In 07-06-2016 0 4	0	4
How to configure a Splunk 6.3.1 universal forwarder to prevent high CPU consumption? Hi, I have about 1500 Universal Forwarders installed in our environment. The UF version is 6.3.1 and installed on Wi... by omerr Explorer in Getting Data In 07-06-2016 0 3	0	3
How to reindex the same source I tried to reindex the following windows directories using "Monitor" from input data. d:\logs\appx d:\logs\appy d:\l... by vkakani60 Path Finder in Getting Data In 07-05-2016 0 5	0	5
Forward data to third-party systems Hello i am trying to forward all the indexed data to a non-splunk system. my questions is does we need to use any sp... by saifuddin9122 Path Finder in Getting Data In 07-05-2016 0 4	0	4
Array extraction with optional elements {<!-- --> "Version" : 2 Diagnostic: [ { Name: "Brian", School :"KVG" }, { Name: "Steve", School :"MKG" }, { Name: "Gerry" }... by psable Explorer in Getting Data In 07-05-2016 0 2	0	2
In an apps can I reuse lookup result to be used in another lookup? I am developing an apps, where I would like to normalize the value of a field coming from a lookup. From the documen... by ggoupil New Member in Getting Data In 07-05-2016 0 3	0	3
How to configure Splunk to recognize the timestamp format in my data where the Date and Time are not in the same line? Hello, I have a problem when I want to extract the timestamp from an event in adding data to Splunk. Here is a samp... by voshka New Member in Getting Data In 07-05-2016 0 3	0	3
Why is my indexer reporting "unconfigured/disabled/deleted index=wineventlog with source="source::WinEventLog:System"" I'm receiving the following message on my Splunk Indexer: Received event for unconfigured/disabled/deleted index=win... by stuntman2625 Explorer in Getting Data In 07-05-2016 0 6	0	6
Timestamp duplicated after splunk upgrade We use Splunk to forward our logs to a central server. On this server the logs are written to a local file with syslo... by grimmandreas New Member in Getting Data In 07-04-2016 0 4	0	4
How to set a realtime search to constantly run even with no attached dashboard Hi, I am trying to set up a realtime search which is running 24/7 but without having a dashboard attached to it. Th... by hhGA Communicator in Getting Data In 07-04-2016 0 7	0	7
How to remove data if I have already removed the index? Hello Splunkers, I really need your help! I have a large amount data within one index. For remove the data, it should... by Lindaiyu Path Finder in Getting Data In 07-04-2016 0 4	0	4
Getting logs in splunk using log location address Hi! I am a new to Splunk. I have an application on a linux server that produces logs in log4j format. I want to recei... by accuser123 New Member in Getting Data In 07-03-2016 0 2	0	2
Json extraction with optional embedded element HI, I am tryig to get elements extracted from array which looks like this : {<!-- --> "Version": 2, "diagnostic": [ ... by psable Explorer in Getting Data In 07-03-2016 0 1	0	1
Reading data from DBF files Hi, How can DBF files from Windows Server 2008 be read into splunk? by reggie_123 Explorer in Getting Data In 07-03-2016 0 1	0	1
How to configure timestamp to recognize multiline timestamp? I am a new Splunk user and I am having difficulties resolving this problem. I have an xml log file as an input struct... by iljubicic Engager in Getting Data In 07-03-2016 1 1	1	1
Sourcetypes on UDP syslog data When receiving syslog data via UDP:514, is there a way to specify the sourcetype based on the IP address of the devic... by timmy13 Communicator in Getting Data In 07-01-2016 0 2	0	2
Why is Splunk not parsing the correct datetime? I have logs that contain the following datetime format: 29-06-2016_00-08-17 The props contain: [odb] TIME_PREFIX ... by dpanych Communicator in Getting Data In 07-01-2016 0 15	0	15
How to set the timestamp for events with TIME_PREFIX after sourcetype renaming? Hi all, I have this kind of log from 1 source : DateLog=1459870479.000 ... TypeLog=Syslog ... Apr 5 17:34:37.618 .... by alexislh Explorer in Getting Data In 07-01-2016 0 2	0	2