Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
ccsfdave

How to blacklist a Universal Forwarder?

This should be relatively simple, but I cannot find discussion or documentation on it. I suspect that Splunk assumes ...
by ccsfdave Builder in Getting Data In 06-06-2016
0 7
0
7
dablackgoku1234

How to configure line breaking for a CSV file where line breaks are signified by a semicolon?

Hi everyone, I have a CSV file where the line breaks are signified by a semicolon ;. I am wondering how one would ...
by dablackgoku1234 New Member in Getting Data In 06-06-2016
0 6
0
6
tmaltizo

Trying to add a CSV file via Data Inputs in Splunk Web, why am I unable to preview data after entering the file and sourcetype?

I'm trying to add a .csv file via Data Inputs. Here are the steps I'm taking for this (v6.4): Settings > Data Inputs...
by tmaltizo Path Finder in Getting Data In 06-06-2016
0 4
0
4
Ayn

How can i change the time format in Splunk web?

The default time format when showing logs in the web interface is mm/dd/yyyy and the time specified in 12h format. At...
by Legend in Getting Data In 06-03-2016
19 6
19
6
coltwanger

CSV Field Contains Full XML Event

I have an ugly looking log format which has pipe-separated values, but one of the fields in the event is a full XML e...
by coltwanger Contributor in Getting Data In 06-03-2016
0 3
0
3
danielpa

How do I parse through my sample CSV type log to graph field values by date?

Hi, I am having trouble finding a good way of parsing through my log entries to try and grab the key-value pairs fo...
by danielpa New Member in Getting Data In 06-03-2016
0 1
0
1
szabados

How to monitor a file input with the same filename?

I have an input, which is a CSV file. I want to use this as a batch input. The file is generated every day, with the ...
by szabados Communicator in Getting Data In 06-03-2016
0 1
0
1
prakash007

How to blacklist a single source path on a universal forwarder?

I have the monitor stanza on one of my Universal Forwarders.....I tried to blacklist a particular JVM from which the ...
by prakash007 Builder in Getting Data In 06-03-2016
0 3
0
3
edroche

Splunk for Cisco ASA not show Data

Installed Splunk for ASA, install Google Maps, Sideview Utilities and TA-cisco_asa. I have confirmed that log from my...
by edroche New Member in Getting Data In 06-03-2016
0 2
0
2
jonnim

How to edit my props and transforms to extract the correct time from my sample DNS log from a Syslog encapsulated message?

I have DNS log format as follows: <14>May 25 23:59:19 COL02 Windows: {"Level":"4","Channel":"DNS Server","Version":...
by jonnim Explorer in Getting Data In 06-03-2016
1 2
1
2
reach2tushar

How to Filter part of data in an event during index time

Hi, I have a type of following event data which is coming from forwarder: Column1=XYZ+Column2=ABC+ColumnC=GGG.... ...
by reach2tushar Explorer in Getting Data In 06-03-2016
0 8
0
8
sumit29

If we currently have 5 heavy forwarders sending logs to a single indexer, how can we centrally forward all raw logs to another SIEM/Log management solution?

Dear Experts, We have a Distributed environment using around 5 heavy forwarders across various locations sending log...
by sumit29 Path Finder in Getting Data In 06-03-2016
0 1
0
1
qiaojing

How to implement a new Retention Policy, and what changes take effect after restarting Splunk?

Hi, I'm currently researching on the use of Retention Policy on Splunk by setting it to only keep data for 6 months...
by qiaojing Path Finder in Getting Data In 06-03-2016
0 1
0
1
lycollicott

Is it possible to reconfigure an existing universal forwarder to low-privilege mode?

Is it possible reconfigure an existing universal forwarder to low privileged mode? We installed our UFs as local sys...
by lycollicott Motivator in Getting Data In 06-02-2016
1 13
1
13
RecoMark0

What is the difference between the current_size_kb vs current_size in metrics.log for a universal forwarder?

Hello, I don't quite understand the difference between the current_size_kb value and current_size value in the metri...
by RecoMark0 Path Finder in Getting Data In 06-02-2016
0 2
0
2
bkeif

Why am I getting different GUI pages from the same URL?

I have two search heads (prod and QA). On https://prod/en-US/manager/search/datainputstats I get the desired DataInpu...
by bkeif Path Finder in Getting Data In 06-02-2016
0 18
0
18
tmarlette

If I have a single data input, how can I edit my inputs and outputs.conf to send this data to 2 different hosts, indexes, and sourcetypes?

I have a single data input (myLog.log) and I need to send this same data to 2 different hosts, indexes and sourcetype...
by tmarlette Motivator in Getting Data In 06-02-2016
0 6
0
6
tmarlette

Ingesting data from a syslog server, Splunk is truncating file paths before being written to the source field. How do I disable this?

I am ingesting data from a syslog server, and some of those file paths are pretty long. It appears that Splunk is tru...
by tmarlette Motivator in Getting Data In 06-02-2016
0 6
0
6
RecoMark0

Why am I getting "Failed to add peer to the master... Connection refused" trying to add an indexer to our current indexer cluster?

Hello, I am trying to add two more indexers to our current Splunk setup. Our current setup is a search head and two...
by RecoMark0 Path Finder in Getting Data In 06-02-2016
0 11
0
11
walderbachj1

How can I pull logs from a shared hosting account and get it into Splunk to index?

The hosting provider is Rackspace Cloud Sites. In the root of each site is a logs dir, ex. somesite.com/logs. There...
by walderbachj1 Engager in Getting Data In 06-02-2016
0 2
0
2
praveenakode

Does Splunk 6.4.1 support .7z files?

Does Splunk 6.4.1 support .7z extension? If it doesn't, is there anyway to write a script to be able to load .7z file...
by praveenakode New Member in Getting Data In 06-02-2016
0 2
0
2
skoelpin

How Do I get Splunk to Recognize a Log TimeStamp and Convert it?

I have log data that has a timestamp in this format 20160530/001020.670 I uploaded the log directly into Splunk to t...
by SplunkTrust SplunkTrust in Getting Data In 06-02-2016
0 1
0
1
Ari_McEwing

How to search the total sum of numerical values from a field in my events and visualize results in a pie chart?

Hello, I am a new user to Splunk Light and I am having trouble with the visualization of event data. I have a .CSV s...
by Ari_McEwing New Member in Getting Data In 06-02-2016
0 2
0
2
bravon

Why am I getting "WARN AuthorizationManager - Unknown role" errors in splunkd.log after deleting the VMware and Windows Infrastructure apps?

After removing the Windows Infrastructure and VMWare applications, we get the following errors in splunkd.log: WARN ...
by bravon Communicator in Getting Data In 06-02-2016
2 2
2
2
immortalraghava

Forwarding logs to a third party system using a universal forwarder with sendCookedData = false, can we see the set sourcetype at the receiving end?

Hi All, We are sending logs to a third party system. And in the inputs.conf monitor stanza, we have set: sendCooked...
by immortalraghava Path Finder in Getting Data In 06-02-2016
2 4
2
4
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...
Top Solution Authors
View All