Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
szabados

How to monitor a file input with the same filename?

I have an input, which is a CSV file. I want to use this as a batch input. The file is generated every day, with the ...
by szabados Communicator in Getting Data In 06-03-2016
0 1
0
1
prakash007

How to blacklist a single source path on a universal forwarder?

I have the monitor stanza on one of my Universal Forwarders.....I tried to blacklist a particular JVM from which the ...
by prakash007 Builder in Getting Data In 06-03-2016
0 3
0
3
edroche

Splunk for Cisco ASA not show Data

Installed Splunk for ASA, install Google Maps, Sideview Utilities and TA-cisco_asa. I have confirmed that log from my...
by edroche New Member in Getting Data In 06-03-2016
0 2
0
2
jonnim

How to edit my props and transforms to extract the correct time from my sample DNS log from a Syslog encapsulated message?

I have DNS log format as follows: <14>May 25 23:59:19 COL02 Windows: {"Level":"4","Channel":"DNS Server","Version":...
by jonnim Explorer in Getting Data In 06-03-2016
1 2
1
2
reach2tushar

How to Filter part of data in an event during index time

Hi, I have a type of following event data which is coming from forwarder: Column1=XYZ+Column2=ABC+ColumnC=GGG.... ...
by reach2tushar Explorer in Getting Data In 06-03-2016
0 8
0
8
sumit29

If we currently have 5 heavy forwarders sending logs to a single indexer, how can we centrally forward all raw logs to another SIEM/Log management solution?

Dear Experts, We have a Distributed environment using around 5 heavy forwarders across various locations sending log...
by sumit29 Path Finder in Getting Data In 06-03-2016
0 1
0
1
qiaojing

How to implement a new Retention Policy, and what changes take effect after restarting Splunk?

Hi, I'm currently researching on the use of Retention Policy on Splunk by setting it to only keep data for 6 months...
by qiaojing Path Finder in Getting Data In 06-03-2016
0 1
0
1
lycollicott

Is it possible to reconfigure an existing universal forwarder to low-privilege mode?

Is it possible reconfigure an existing universal forwarder to low privileged mode? We installed our UFs as local sys...
by lycollicott Motivator in Getting Data In 06-02-2016
1 13
1
13
RecoMark0

What is the difference between the current_size_kb vs current_size in metrics.log for a universal forwarder?

Hello, I don't quite understand the difference between the current_size_kb value and current_size value in the metri...
by RecoMark0 Path Finder in Getting Data In 06-02-2016
0 2
0
2
bkeif

Why am I getting different GUI pages from the same URL?

I have two search heads (prod and QA). On https://prod/en-US/manager/search/datainputstats I get the desired DataInpu...
by bkeif Path Finder in Getting Data In 06-02-2016
0 18
0
18
tmarlette

If I have a single data input, how can I edit my inputs and outputs.conf to send this data to 2 different hosts, indexes, and sourcetypes?

I have a single data input (myLog.log) and I need to send this same data to 2 different hosts, indexes and sourcetype...
by tmarlette Motivator in Getting Data In 06-02-2016
0 6
0
6
tmarlette

Ingesting data from a syslog server, Splunk is truncating file paths before being written to the source field. How do I disable this?

I am ingesting data from a syslog server, and some of those file paths are pretty long. It appears that Splunk is tru...
by tmarlette Motivator in Getting Data In 06-02-2016
0 6
0
6
RecoMark0

Why am I getting "Failed to add peer to the master... Connection refused" trying to add an indexer to our current indexer cluster?

Hello, I am trying to add two more indexers to our current Splunk setup. Our current setup is a search head and two...
by RecoMark0 Path Finder in Getting Data In 06-02-2016
0 11
0
11
walderbachj1

How can I pull logs from a shared hosting account and get it into Splunk to index?

The hosting provider is Rackspace Cloud Sites. In the root of each site is a logs dir, ex. somesite.com/logs. There...
by walderbachj1 Engager in Getting Data In 06-02-2016
0 2
0
2
praveenakode

Does Splunk 6.4.1 support .7z files?

Does Splunk 6.4.1 support .7z extension? If it doesn't, is there anyway to write a script to be able to load .7z file...
by praveenakode New Member in Getting Data In 06-02-2016
0 2
0
2
skoelpin

How Do I get Splunk to Recognize a Log TimeStamp and Convert it?

I have log data that has a timestamp in this format 20160530/001020.670 I uploaded the log directly into Splunk to t...
by SplunkTrust SplunkTrust in Getting Data In 06-02-2016
0 1
0
1
Ari_McEwing

How to search the total sum of numerical values from a field in my events and visualize results in a pie chart?

Hello, I am a new user to Splunk Light and I am having trouble with the visualization of event data. I have a .CSV s...
by Ari_McEwing New Member in Getting Data In 06-02-2016
0 2
0
2
bravon

Why am I getting "WARN AuthorizationManager - Unknown role" errors in splunkd.log after deleting the VMware and Windows Infrastructure apps?

After removing the Windows Infrastructure and VMWare applications, we get the following errors in splunkd.log: WARN ...
by bravon Communicator in Getting Data In 06-02-2016
2 2
2
2
immortalraghava

Forwarding logs to a third party system using a universal forwarder with sendCookedData = false, can we see the set sourcetype at the receiving end?

Hi All, We are sending logs to a third party system. And in the inputs.conf monitor stanza, we have set: sendCooked...
by immortalraghava Path Finder in Getting Data In 06-02-2016
2 4
2
4
asaste

How can I specify TIMESTAMP_FIELDS in props.conf for a CSV file without HEADERS?

I am loading CSV file without HEADERS in Splunk. File is getting correctly loaded in Splunk. For column names I have ...
by asaste Path Finder in Getting Data In 06-02-2016
0 3
0
3
nicocin

How to configure props.conf to use the date string at the beginning of my sample event as the event _time?

I have an event with multiple date strings, it looks like this: 2016-06-01 15:31:31 INFO - Transfer[sourceName=xxx,...
by nicocin Path Finder in Getting Data In 06-02-2016
0 5
0
5
kkossery

Question on Line Breaker for XML log

Hi Experts, We are trying to ingest a XML log file to splunk with the following data 2016-05-26 10:14:37 | R.R.serv...
by kkossery Communicator in Getting Data In 06-01-2016
0 9
0
9
cdstealer

How to remove spaces from CSV column names to get data into a pivot table?

Hi, I'm trying to ingest some CSV files that contain QOS metrics. The issue I have is that I need to get this data ...
by cdstealer Contributor in Getting Data In 06-01-2016
0 2
0
2
ramanapvr

How to configure a universal forwarder to send data coming from certain applications to specific indexes?

Dear All, I have a question on Splunk Universal Forwarder. Requirement: We have certain unique application server...
by ramanapvr New Member in Getting Data In 06-01-2016
0 1
0
1
sim_tcr

How to blacklist application event level "Information" on Windows 2012 servers?

Hello, How to blacklist application event Level "Information" on Windows 2012 servers. Already tried: [WinEventLog...
by sim_tcr Communicator in Getting Data In 06-01-2016
1 8
1
8
Top Labels
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...