Getting Data In

Community Activity

Index zip files with hierarchical folder structure I have a folder with plenty of zip files. Every zip is a zipped folder with folder inside a folder and the deepest fo... by thirumalreddyb Communicator in Getting Data In 06-07-2016 0 1	0	1
Simple example of inputs.conf to monitor a logfile on a remote share I'v been looking for this but not finding it. I have this: [monitor://\\CAD1100092\\shared$\testing.log] disabled =... by skaboy71 Explorer in Getting Data In 06-07-2016 1 8	1	8
Can we redirect an index from a heavy forwarder to a different heavy forwarder? Hi, We are currently on version 6.3.3. The situation is the following: We had a configuration of a Universal Forwar... by dsmc_adv Path Finder in Getting Data In 06-06-2016 0 2	0	2
Getting error "Firefox can't establish a connection to the server at localhost:8000" in Splunk Free 6.3.2. How do I re-connect? My trial Splunk license release 6.3.2 started around 1/13/2016, and expired on 3/13/2016. I converted to free on 3/1... by pigulb New Member in Getting Data In 06-06-2016 0 2	0	2
Dynamic sourcetype based on source not working I'm trying to set sourcetype based on a regex from the source path during indexing, and it is not working. What am I ... by davebo1896 Communicator in Getting Data In 06-06-2016 0 3	0	3
How to blacklist a Universal Forwarder? This should be relatively simple, but I cannot find discussion or documentation on it. I suspect that Splunk assumes ... by ccsfdave Builder in Getting Data In 06-06-2016 0 7	0	7
How to configure line breaking for a CSV file where line breaks are signified by a semicolon? Hi everyone, I have a CSV file where the line breaks are signified by a semicolon ;. I am wondering how one would ... by dablackgoku1234 New Member in Getting Data In 06-06-2016 0 6	0	6
Trying to add a CSV file via Data Inputs in Splunk Web, why am I unable to preview data after entering the file and sourcetype? I'm trying to add a .csv file via Data Inputs. Here are the steps I'm taking for this (v6.4): Settings > Data Inputs... by tmaltizo Path Finder in Getting Data In 06-06-2016 0 4	0	4
How can i change the time format in Splunk web? The default time format when showing logs in the web interface is mm/dd/yyyy and the time specified in 12h format. At... by Ayn Legend in Getting Data In 06-03-2016 19 6	19	6
CSV Field Contains Full XML Event I have an ugly looking log format which has pipe-separated values, but one of the fields in the event is a full XML e... by coltwanger Contributor in Getting Data In 06-03-2016 0 3	0	3
How do I parse through my sample CSV type log to graph field values by date? Hi, I am having trouble finding a good way of parsing through my log entries to try and grab the key-value pairs fo... by danielpa New Member in Getting Data In 06-03-2016 0 1	0	1
How to monitor a file input with the same filename? I have an input, which is a CSV file. I want to use this as a batch input. The file is generated every day, with the ... by szabados Communicator in Getting Data In 06-03-2016 0 1	0	1
How to blacklist a single source path on a universal forwarder? I have the monitor stanza on one of my Universal Forwarders.....I tried to blacklist a particular JVM from which the ... by prakash007 Builder in Getting Data In 06-03-2016 0 3	0	3
Splunk for Cisco ASA not show Data Installed Splunk for ASA, install Google Maps, Sideview Utilities and TA-cisco_asa. I have confirmed that log from my... by edroche New Member in Getting Data In 06-03-2016 0 2	0	2
How to edit my props and transforms to extract the correct time from my sample DNS log from a Syslog encapsulated message? I have DNS log format as follows: <14>May 25 23:59:19 COL02 Windows: {"Level":"4","Channel":"DNS Server","Version":... by jonnim Explorer in Getting Data In 06-03-2016 1 2	1	2
How to Filter part of data in an event during index time Hi, I have a type of following event data which is coming from forwarder: Column1=XYZ+Column2=ABC+ColumnC=GGG.... ... by reach2tushar Explorer in Getting Data In 06-03-2016 0 8	0	8
If we currently have 5 heavy forwarders sending logs to a single indexer, how can we centrally forward all raw logs to another SIEM/Log management solution? Dear Experts, We have a Distributed environment using around 5 heavy forwarders across various locations sending log... by sumit29 Path Finder in Getting Data In 06-03-2016 0 1	0	1
How to implement a new Retention Policy, and what changes take effect after restarting Splunk? Hi, I'm currently researching on the use of Retention Policy on Splunk by setting it to only keep data for 6 months... by qiaojing Path Finder in Getting Data In 06-03-2016 0 1	0	1
Is it possible to reconfigure an existing universal forwarder to low-privilege mode? Is it possible reconfigure an existing universal forwarder to low privileged mode? We installed our UFs as local sys... by lycollicott Motivator in Getting Data In 06-02-2016 1 13	1	13
What is the difference between the current_size_kb vs current_size in metrics.log for a universal forwarder? Hello, I don't quite understand the difference between the current_size_kb value and current_size value in the metri... by RecoMark0 Path Finder in Getting Data In 06-02-2016 0 2	0	2
Why am I getting different GUI pages from the same URL? I have two search heads (prod and QA). On https://prod/en-US/manager/search/datainputstats I get the desired DataInpu... by bkeif Path Finder in Getting Data In 06-02-2016 0 18	0	18
If I have a single data input, how can I edit my inputs and outputs.conf to send this data to 2 different hosts, indexes, and sourcetypes? I have a single data input (myLog.log) and I need to send this same data to 2 different hosts, indexes and sourcetype... by tmarlette Motivator in Getting Data In 06-02-2016 0 6	0	6
Ingesting data from a syslog server, Splunk is truncating file paths before being written to the source field. How do I disable this? I am ingesting data from a syslog server, and some of those file paths are pretty long. It appears that Splunk is tru... by tmarlette Motivator in Getting Data In 06-02-2016 0 6	0	6
Why am I getting "Failed to add peer to the master... Connection refused" trying to add an indexer to our current indexer cluster? Hello, I am trying to add two more indexers to our current Splunk setup. Our current setup is a search head and two... by RecoMark0 Path Finder in Getting Data In 06-02-2016 0 11	0	11
How can I pull logs from a shared hosting account and get it into Splunk to index? The hosting provider is Rackspace Cloud Sites. In the root of each site is a logs dir, ex. somesite.com/logs. There... by walderbachj1 Engager in Getting Data In 06-02-2016 0 2	0	2

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

Index zip files with hierarchical folder structure

Simple example of inputs.conf to monitor a logfile on a remote share

Can we redirect an index from a heavy forwarder to a different heavy forwarder?

Getting error "Firefox can't establish a connection to the server at localhost:8000" in Splunk Free 6.3.2. How do I re-connect?

Dynamic sourcetype based on source not working

How to blacklist a Universal Forwarder?

How to configure line breaking for a CSV file where line breaks are signified by a semicolon?

Trying to add a CSV file via Data Inputs in Splunk Web, why am I unable to preview data after entering the file and sourcetype?

How can i change the time format in Splunk web?

CSV Field Contains Full XML Event

How do I parse through my sample CSV type log to graph field values by date?

How to monitor a file input with the same filename?

How to blacklist a single source path on a universal forwarder?

Splunk for Cisco ASA not show Data

How to edit my props and transforms to extract the correct time from my sample DNS log from a Syslog encapsulated message?

How to Filter part of data in an event during index time

If we currently have 5 heavy forwarders sending logs to a single indexer, how can we centrally forward all raw logs to another SIEM/Log management solution?

How to implement a new Retention Policy, and what changes take effect after restarting Splunk?

Is it possible to reconfigure an existing universal forwarder to low-privilege mode?

What is the difference between the current_size_kb vs current_size in metrics.log for a universal forwarder?

Why am I getting different GUI pages from the same URL?

If I have a single data input, how can I edit my inputs and outputs.conf to send this data to 2 different hosts, indexes, and sourcetypes?

Ingesting data from a syslog server, Splunk is truncating file paths before being written to the source field. How do I disable this?

Why am I getting "Failed to add peer to the master... Connection refused" trying to add an indexer to our current indexer cluster?

How can I pull logs from a shared hosting account and get it into Splunk to index?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation