Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
splunk_force_as

How to monitor multiple data pipelines?

I'm planning to introduce index parallelization into our Splunk deployment given the additional resources we have on ...
by splunk_force_as Path Finder in Getting Data In 06-28-2016
0 6
0
6
rajendran

Where in Splunk are my log files indexed?

I am using Splunk 6.0. I configured a log file to be automatically indexed in Splunk by editing inputs.conf. I am abl...
by rajendran New Member in Getting Data In 06-28-2016
0 1
0
1
renanprado96

How to configure Splunk to parse uppercase field values and make them lowercase?

I have an index that has some data entering written in uppercase and other data in lowercase, but they are about the ...
by renanprado96 Path Finder in Getting Data In 06-28-2016
0 3
0
3
Shivangi_Saraf

How to view Security intelligence events from Sourcefire in Splunk?

I am logging events from my Defence centre to Splunk, however, while I do receive the Intrusion events, I am not rece...
by Shivangi_Saraf New Member in Getting Data In 06-28-2016
0 2
0
2
tkwaller

How do I edit my inputs.conf monitor stanzas to route data to the correct indexes?

Hello I have some VMware hosts that I want to put data into a specific index for, but it currently is going to anoth...
by tkwaller Builder in Getting Data In 06-28-2016
0 3
0
3
kpkvarma

Using Splunk's REST API to build aggregate reports, how do we view results in CDT with the correct time format?

We are using Splunk REST API (search/jobs/export) to build aggregated reports. Splunk server is in EDT, but we want ...
by kpkvarma Engager in Getting Data In 06-28-2016
0 1
0
1
Graham_Hanningt

How do I use requireHeader to override indexing settings for a TCP input?

The inputs.conf documentation describes a requireHeader setting for TCP inputs: requireHeader = bool Require a head...
by Graham_Hanningt Builder in Getting Data In 06-28-2016
1 6
1
6
nibinabr

Why is a .gz file created by log rotation indexed again by Splunk ?

I have a log file called test_logs.log and once hits a specific size, it rotates to create test_logs.log.1.gz. I moni...
by nibinabr Communicator in Getting Data In 06-27-2016
1 18
1
18
marellasunil

How can I monitor IIS Application pool state?

How can I monitor IIS Application pool state? Is it possible through WMI query or performance monitor? Can anyone h...
by marellasunil Communicator in Getting Data In 06-27-2016
0 1
0
1
marellasunil

How to edit my wildcard syntax to monitor logs from a file path that contains the current date?

I am trying to extract a log file using below configuration in inputs.conf C:/logs/28062016/*.log 28062016 is the ...
by marellasunil Communicator in Getting Data In 06-27-2016
0 1
0
1
meenuvn

How do I configure line breaking in props.conf based on my sample logs?

Wanted to do custom line breaking for a sourcetype. Logs looks like below. Currently every line is identified as an e...
by meenuvn Explorer in Getting Data In 06-27-2016
0 8
0
8
wangsimingxaxis

Trying to add an indexer on AWS, how to resolve error "Master is down! Make sure pass4SymmKey is matching if master is running."?

I created a Splunk environment on AWS by using Splunk AMI. 1 master 2 search heads 3 indexers They are in the same...
by wangsimingxaxis Explorer in Getting Data In 06-27-2016
0 3
0
3
daniel333

Is it expected behavior for 6.4.1 universal forwarders to work with 6.3.3 indexers?

All, We accidentally rolled out dozens of 6.4.1 Universal Forwarders, but we have 6.3.3 indexers. To my surprise, i...
by daniel333 Builder in Getting Data In 06-27-2016
0 1
0
1
saifuddin9122

Is it possible to configure props.conf to break events by source?

Hello My question is, can we write props.conf to break events I have written this in the following way. Can some b...
by saifuddin9122 Path Finder in Getting Data In 06-27-2016
0 6
0
6
diliptmonson

Is it possible to manually add data to an event collector index

I have created an event collector index and I have some past information which needs to be added in the same index to...
by diliptmonson Explorer in Getting Data In 06-27-2016
0 2
0
2
gcusello

How do I prevent duplicate events in the summary using a search with tscollect?

Hi at all, I'm using the BlueCoat App: this App uses tscollect to accelerate searches. My problem is that I haven't ...
by SplunkTrust SplunkTrust in Getting Data In 06-27-2016
1 2
1
2
email2vamsi

Can I set the clientName in deploymentclient.conf through the CLI?

Can I set the clientName in deploymentclient.conf through the CLI?
by email2vamsi Explorer in Getting Data In 06-24-2016
0 1
0
1
daniel333

Can you help me out with the time settings in this props.conf?

All, So here is my log - date="[22/Jun/2016:17:25:05 +0000]" xff="166.170.220.3" It's well formated. I am just...
by daniel333 Builder in Getting Data In 06-24-2016
0 4
0
4
jwalthour

How to set up time_format in props.conf when only have time

Splunk is indexing a log file that has a format like this: 11:03:51.319 Notify Host: HOST_STATUS_UNKNOWN {279, bdl58...
by jwalthour Communicator in Getting Data In 06-24-2016
0 2
0
2
sahils

Trying to upgrade our forwarder, why are we getting error "OpenSSL: error...handshake failure"?

Hello Team, We tried to upgrade our Splunk Forwarder on Uslv-dapp-mon07 and mon08, but getting the error below for b...
by sahils New Member in Getting Data In 06-24-2016
0 4
0
4
herms

Why am I unable to install Splunk Light 6.3.1 on Windows Server 2008 R2?

I'm unable to perform a fresh install Splunk Light 6.3.1 on Windows Server 2008 R2 running as Local System. I have tr...
by herms Explorer in Getting Data In 06-24-2016
1 6
1
6
scottrunyon

How do I add an API as a data source?

I would like to add an API as a new data source in Splunk. I did a search in Documentation, but all I was able to fin...
by scottrunyon Contributor in Getting Data In 06-23-2016
0 6
0
6
phoenixdigital

Is there documentation on forwarder behavior for various types of inputs when an indexer goes offline?

Now this could be a case of RTFM, but I can't find this in TFM  I am trying to find some documentation on what the ...
by phoenixdigital Builder in Getting Data In 06-23-2016
0 6
0
6
dhiraj027in

String to Date Time

I am new to splunk and currently trying to get the date and time difference (Opened vs Resolved) for an incident. Ba...
by dhiraj027in New Member in Getting Data In 06-23-2016
0 4
0
4
bdunstan

Rename sourcetype to a non-existent type

Hi, I am trying to reset/rename the sourcetype based on the filename - which appears to work fine, if the sourcetype...
by bdunstan Path Finder in Getting Data In 06-23-2016
0 1
0
1
Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...
Top Solution Authors
View All