Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
bfernandez

Bad default system timezone recognition

I am indexig aix_audit data from my splunk instance (AIX) The servers timezone seems to be ok - Tue Oct 9 17:08:02...
by bfernandez Communicator in Getting Data In 06-28-2016
2 9
2
9
vamsivasili

How do I convert the format of this timestamp in Splunk?

How do I convert 2016-06-17T14:16 to 2016-06-17 14:16:00 format in Splunk? Appreciate your help.
by vamsivasili New Member in Getting Data In 06-28-2016
0 3
0
3
pedromvieira

How to index zero byte files where the information is found in the name of the file?

How to index zero byte files? For some reason, a customer created a monitoring file that only contains information on...
by pedromvieira Communicator in Getting Data In 06-28-2016
0 4
0
4
max_edx

Splunk not matching files with wildcard in monitor path in inputs.conf

I'm running splunk forwarder 6.4.1 on Ubuntu 14.04. I'm attempting to use splunk to monitor Jenkins build logs, which...
by max_edx New Member in Getting Data In 06-28-2016
0 11
0
11
jcrival

Problems to collect data from Domain Controller (Active Directory)

Hi Guys, I have configured Splunk App for Windows Infraestructure on my Splunk Indexer. I also installed splunkforwa...
by jcrival New Member in Getting Data In 06-28-2016
0 4
0
4
splunk_force_as

How to monitor multiple data pipelines?

I'm planning to introduce index parallelization into our Splunk deployment given the additional resources we have on ...
by splunk_force_as Path Finder in Getting Data In 06-28-2016
0 6
0
6
rajendran

Where in Splunk are my log files indexed?

I am using Splunk 6.0. I configured a log file to be automatically indexed in Splunk by editing inputs.conf. I am abl...
by rajendran New Member in Getting Data In 06-28-2016
0 1
0
1
renanprado96

How to configure Splunk to parse uppercase field values and make them lowercase?

I have an index that has some data entering written in uppercase and other data in lowercase, but they are about the ...
by renanprado96 Path Finder in Getting Data In 06-28-2016
0 3
0
3
Shivangi_Saraf

How to view Security intelligence events from Sourcefire in Splunk?

I am logging events from my Defence centre to Splunk, however, while I do receive the Intrusion events, I am not rece...
by Shivangi_Saraf New Member in Getting Data In 06-28-2016
0 2
0
2
tkwaller

How do I edit my inputs.conf monitor stanzas to route data to the correct indexes?

Hello I have some VMware hosts that I want to put data into a specific index for, but it currently is going to anoth...
by tkwaller Builder in Getting Data In 06-28-2016
0 3
0
3
kpkvarma

Using Splunk's REST API to build aggregate reports, how do we view results in CDT with the correct time format?

We are using Splunk REST API (search/jobs/export) to build aggregated reports. Splunk server is in EDT, but we want ...
by kpkvarma Engager in Getting Data In 06-28-2016
0 1
0
1
Graham_Hanningt

How do I use requireHeader to override indexing settings for a TCP input?

The inputs.conf documentation describes a requireHeader setting for TCP inputs: requireHeader = bool Require a head...
by Graham_Hanningt Builder in Getting Data In 06-28-2016
1 6
1
6
nibinabr

Why is a .gz file created by log rotation indexed again by Splunk ?

I have a log file called test_logs.log and once hits a specific size, it rotates to create test_logs.log.1.gz. I moni...
by nibinabr Communicator in Getting Data In 06-27-2016
1 18
1
18
marellasunil

How can I monitor IIS Application pool state?

How can I monitor IIS Application pool state? Is it possible through WMI query or performance monitor? Can anyone h...
by marellasunil Communicator in Getting Data In 06-27-2016
0 1
0
1
marellasunil

How to edit my wildcard syntax to monitor logs from a file path that contains the current date?

I am trying to extract a log file using below configuration in inputs.conf C:/logs/28062016/*.log 28062016 is the ...
by marellasunil Communicator in Getting Data In 06-27-2016
0 1
0
1
meenuvn

How do I configure line breaking in props.conf based on my sample logs?

Wanted to do custom line breaking for a sourcetype. Logs looks like below. Currently every line is identified as an e...
by meenuvn Explorer in Getting Data In 06-27-2016
0 8
0
8
wangsimingxaxis

Trying to add an indexer on AWS, how to resolve error "Master is down! Make sure pass4SymmKey is matching if master is running."?

I created a Splunk environment on AWS by using Splunk AMI. 1 master 2 search heads 3 indexers They are in the same...
by wangsimingxaxis Explorer in Getting Data In 06-27-2016
0 3
0
3
daniel333

Is it expected behavior for 6.4.1 universal forwarders to work with 6.3.3 indexers?

All, We accidentally rolled out dozens of 6.4.1 Universal Forwarders, but we have 6.3.3 indexers. To my surprise, i...
by daniel333 Builder in Getting Data In 06-27-2016
0 1
0
1
saifuddin9122

Is it possible to configure props.conf to break events by source?

Hello My question is, can we write props.conf to break events I have written this in the following way. Can some b...
by saifuddin9122 Path Finder in Getting Data In 06-27-2016
0 6
0
6
diliptmonson

Is it possible to manually add data to an event collector index

I have created an event collector index and I have some past information which needs to be added in the same index to...
by diliptmonson Explorer in Getting Data In 06-27-2016
0 2
0
2
gcusello

How do I prevent duplicate events in the summary using a search with tscollect?

Hi at all, I'm using the BlueCoat App: this App uses tscollect to accelerate searches. My problem is that I haven't ...
by SplunkTrust SplunkTrust in Getting Data In 06-27-2016
1 2
1
2
email2vamsi

Can I set the clientName in deploymentclient.conf through the CLI?

Can I set the clientName in deploymentclient.conf through the CLI?
by email2vamsi Explorer in Getting Data In 06-24-2016
0 1
0
1
daniel333

Can you help me out with the time settings in this props.conf?

All, So here is my log - date="[22/Jun/2016:17:25:05 +0000]" xff="166.170.220.3" It's well formated. I am just...
by daniel333 Builder in Getting Data In 06-24-2016
0 4
0
4
jwalthour

How to set up time_format in props.conf when only have time

Splunk is indexing a log file that has a format like this: 11:03:51.319 Notify Host: HOST_STATUS_UNKNOWN {279, bdl58...
by jwalthour Communicator in Getting Data In 06-24-2016
0 2
0
2
sahils

Trying to upgrade our forwarder, why are we getting error "OpenSSL: error...handshake failure"?

Hello Team, We tried to upgrade our Splunk Forwarder on Uslv-dapp-mon07 and mon08, but getting the error below for b...
by sahils New Member in Getting Data In 06-24-2016
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...