Getting Data In

Discussions

Thread Info

Props.conf and transforms.conf on a distributed and clustered environment

Greetings, This is my first question so I will try to make it as clear as possible I have an environment with o...

by New Member in

Why am I unable to filter out an event code?

I apologize since this has been answered before. I've tried all the solutions offered in the previous threads and am ...

by Explorer in

German umaulat Character is not getting recognized by Splunk Universal Forwarder

My PowerShell script results with "german umaulat" character into data. In our local lab Splunk Universal Forwarder r...

by Engager in

TailingProcessor - Ignoring path="/path/to/xyz" due to: Bug: tried to check/configure STData processing but have no pending metadata.

Splunk is having some problems importing some files. Whenever I drop the new file onto monitored directory the Splunk...

by Splunk Employee in

Multi value field extraction props.conf transforms.conf

Hello fellow Splunker, I have a question about my props.conf and transforms.conf. I want to extract a multi valued...

by Path Finder in

Universal Forwarder 6.5 on Windows Server 2008 32-bit?

Can I install Universal Forwarder 6.5 on Windows Server 32-bit by using the Windows 8, 8.1, and 10 installer? If not,...

by New Member in

Handling events with the same timestamp

I am extracting logs from a file which contain entries with two timestamp log entries: 1. eventTimestamp 2. timestamp...

by New Member in

Time format not being recognized as data point

I have a search with multiple time formats, and the "Duration" time format isn't being recognized when I to a chart. ...

by Communicator in

Source Transform Replace '/' with '_'

Hi, I created props and transforms files to put source value of file in raw event. I am sending these event to thi...

by Explorer in

trying to lexically parse a text field and group results into categories

I have an xml file with a text field. The text field may include trigger words. I have a list of those trigger words....

by New Member in

How to archive specific Splunk data?

All, I have legal telling me I must have a certain subset of data available in Splunk for 12-18 months depending....

by Builder in

query for searching passive hosts

Can someone please explain me what does the following query will do step by step ? type=hosts | sort -recentTime...

by Path Finder in

Why does set host by 'regex on path' work differently between Splunk Web and inputs.conf?

Hi Splunkers, I have a set of directories (syslog collector), created for logs from remote hosts and containing ho...

by Contributor in

Is there a way to break lines in props.conf on search head?

I have the ability to configure a search head but not the indexers. I am wondering if I can break multi-line netstat ...

by Path Finder in

The edits I made to props.conf and transforms.conf are not working to filter my data. Can anyone check to see where I went wrong?

Hello All, I have written the below props.conf and transforms.conf files, but am not able to filter my data, could...

by Communicator in

How to edit my configurations to fetch the client logs from VM to Splunk Enterprise?

i have configured Splunk Enterprise in my local and universal forwarder in my VM. now i need to fetch the tomcat logs...

by New Member in

How to edit props.conf to line break modsecurity events?

Hey guys. I want modsecurity events in Splunk, but can't make right config. I have events like this: --d021db15...

by Communicator in

How to implement Splunk on Linux Platform?

Hello. Friends am new to Splunk. I have Basic knowledge on Windows Platform and learning day by day. Need Help for I...

by New Member in

How to configure Splunk forwarder on Linux?

Hi Team, If we perform the installation of a forwarder on a windows box we could get a menu of items to be monitor...

by Path Finder in

When executing two different PowerShell scripts in inputs.conf, why does only one script work?

Hi I'm trying to execute 2 different powershell scripts with different sourcetypes but on the same index. one of them...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Props.conf and transforms.conf on a distributed and clustered environment

Why am I unable to filter out an event code?

German umaulat Character is not getting recognized by Splunk Universal Forwarder

TailingProcessor - Ignoring path="/path/to/xyz" due to: Bug: tried to check/configure STData processing but have no pending metadata.

Multi value field extraction props.conf transforms.conf

Universal Forwarder 6.5 on Windows Server 2008 32-bit?

Handling events with the same timestamp

Time format not being recognized as data point

Source Transform Replace '/' with '_'

trying to lexically parse a text field and group results into categories

How to archive specific Splunk data?

query for searching passive hosts

Why does set host by 'regex on path' work differently between Splunk Web and inputs.conf?

Is there a way to break lines in props.conf on search head?

The edits I made to props.conf and transforms.conf are not working to filter my data. Can anyone check to see where I went wrong?

How to edit my configurations to fetch the client logs from VM to Splunk Enterprise?

How to edit props.conf to line break modsecurity events?

How to implement Splunk on Linux Platform?

How to configure Splunk forwarder on Linux?

When executing two different PowerShell scripts in inputs.conf, why does only one script work?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Eventgen failing to parse csv- What am I doing wro...

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...