Getting Data In

Discussions

Thread Info

I created a field that has 3 values. How can I change one of the values from WARNING to WARN using lookups?

I created a field and it has 3 values. I just want change one of the values from WARNING to WARN using lookups(.CSV)....

by New Member in

fschange and legacy system logs app

Have an app that monitors system logs. Specifically files in the /etc/ path using fschange. I know that fschange is "...

by Builder in

ipv6 forwarders?

At one of the Splunklives last week, someone mentioned that they had a full-on ipv6 network and were unable to use sp...

by Splunk Employee in

Why does Splunk CSV export change the time format to Epoch time? How to fix it?

I am a newbie on Splunk. When I do a search on Splunk, time is shown as normal MM:DD:YYYY HH:MM:SS format However...

by New Member in

Using a csv lookup to exclude results from a query, but not working if more than one column of fields

I have a lookup table that I want to use to exclude results from a search. I want to exclude results if something in ...

by Explorer in

Is it possible for me to enable TCP data inputs on Splunk Cloud?

Hi, Could I enable TCP Data Inputs on Splunk Cloud? I'm trying to check which data inputs are available for Sp...

by Engager in

Are there any apps for Heroku on Splunk Cloud for event monitoring?

Hi Team, Do we have any apps for Heroku on Splunk Cloud for event monitoring, similar to the Splunk App for Salesf...

by Explorer in

How do I configure props.conf for Splunk to index a binary .dat file?

Hi, Today I encountered a strange thing in Splunk. I have Splunk 6.4.1 running on a Linux server. I tried t...

by Explorer in

We have a shortage of disk space in one indexer. Can we delete data present in the colddb directory?

We are currently running out of space in one Splunk indexer out of 5 indexers in our distributed environment. Using S...

by Motivator in

Need to prevent pattern from being parsed and shown in to the logs.

I am trying to parse this message and sending "Timer_ConnectionIdle" in to nullQueue. I am not using heavy forwarders...

by New Member in

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

Hello I'm newbie with Splunk. I would like to discover the product after a friend had talk to me about it. So I got t...

by New Member in

props.conf stanza and zip files containing logs

Hi everyone, yesterday I spent most of the day battling through transforms.conf and props.conf - with lucrative resul...

by Communicator in

Compare the time for the execution

Hello Champions, I come across a very complex logic to tag jobs on its start time. We have one calculated valu...

by Explorer in

Has Anyone put a Forwarder on a Tablet?

Has anyone captured Windows Event Logs from tablets and forwarded it to their indexer? We're currently trying to ...

by SplunkTrust in

Does Splunk index gzip files?

I'd like to index a directory of 50,000 gzip files. The files range in size from 1 KB to 5 MB. Can Splunk monitor the...

by Splunk Employee in

Event pattern for sourcetype

I'm troubleshooting some issues with one sourcetype and realized that Splunk is not indexing events very well. The fo...

by New Member in

Does a universal forwarder's persistent queue exist after a reboot?

According to this document: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/Usepersistentqueues The i...

by Builder in

Splunk date time format

In splunk, I have a file which has date in the format June 16th,2014 and I am trying to extract out the month_year va...

by New Member in

Whats causes "Cannot create another input for the event log "Application". One already exists"?

I have 2 remote locations with multiple PCs in both places. I have installed the forwarder on all devices (Windows PC...

by New Member in

Can I force a powershell input to execute the .ps1 script as an administrator?

Our Spunk service runs as a Mcrosoft Managed Service Account (MSA) and that MSA is an admin account and we have a Pow...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

I created a field that has 3 values. How can I change one of the values from WARNING to WARN using lookups?

fschange and legacy system logs app

ipv6 forwarders?

Why does Splunk CSV export change the time format to Epoch time? How to fix it?

Using a csv lookup to exclude results from a query, but not working if more than one column of fields

Is it possible for me to enable TCP data inputs on Splunk Cloud?

Are there any apps for Heroku on Splunk Cloud for event monitoring?

How do I configure props.conf for Splunk to index a binary .dat file?

We have a shortage of disk space in one indexer. Can we delete data present in the colddb directory?

Need to prevent pattern from being parsed and shown in to the logs.

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

props.conf stanza and zip files containing logs

Compare the time for the execution

Has Anyone put a Forwarder on a Tablet?

Does Splunk index gzip files?

Event pattern for sourcetype

Does a universal forwarder's persistent queue exist after a reboot?

Splunk date time format

Whats causes "Cannot create another input for the event log "Application". One already exists"?

Can I force a powershell input to execute the .ps1 script as an administrator?

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Why doesn't the Splunk event log show the IP addre...

How can Splunk detect wineventlog for "remote desk...

Delay in Access Logs from S3

Why is universal forwarder phonehome not interpret...

Why can't I see FortiAP logs?