Getting Data In

Discussions

Thread Info

Windows scripted input using output from splunk openssl command?

Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like...

by Motivator in

Why can't I delete knowledge objects as admin?

Looking at my saved searches, about 99% of them do not have the "delete" action listed. There are one or two that do ...

by Communicator in

How to search the average time between two timestamps?

Hello, I am trying to find the difference between two time stamps using the below search: index=abc | eval aver...

by Builder in

Only latest results from a constantly human updated CSV?

I have a use case where a CSV in a shared location is being updated daily by project manager(s). I'm attempting to bu...

by Path Finder in

Run a script on UF from SHC

Hi, I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert cr...

by Communicator in

configuring TIME_FORMAT

Hello, our logs have ISO 8601 date format with shorted year (YY instead of YYYY): "12-08-06 04:42:10". It is 6 of Aug...

by New Member in

Unable to fetch REST endpoint

I am getting the warning message "Unable to fetch REST endpoint '/services/search/jobs' from 'https://127.0.0.1:8089'...

by Path Finder in

Is there a Splunk Universal Forwarder version for HP-UX 11.00?

Hi, I have a few HP UX version 11.00 servers that I need logs sent to Splunk. I have successfully installed the f...

by Path Finder in

Where does Splunk log errors about malformed JSON input data?

I sent two events in JSON format to Splunk (Enterprise 6.4) via TCP. The second event was deliberately malformed: a s...

by Builder in

How to prevent large lookups from being replicated to Yarn / Hadoop from Hunk?

We have a user who has created a large csv lookup file (600 Mb). It seems that this file is being replicated to every...

by Path Finder in

Is an entry in props.conf required to allow an entry in transforms.conf to be effective?

When the following question was asked in this forum: What is the role of transforms.conf vs. props.conf for field ext...

by Path Finder in

How to combine lists of source and destination IPs into one unique list to match against a CSV file?

I have a list of source and destination IPs that I'm trying to concatenate into one unique list and check against a C...

by Engager in

how can we split forwarded windows event logs by host?

We are using windows event log forwarding to extract the security logs from 100 plus servers to a central location wh...

by Path Finder in

How to configure Splunk to set the event timestamp based on filename for date and events for time?

Hello, I don't know if it is possible get this setup. I should load into Splunk a log file with lots of events, b...

by Path Finder in

How do I write a search to aggregate the difference between timestamps of disparate login and logout events by user ID over a given period of time?

My agents log in and out of our system several times in a given shift and I need to aggregate the total time they spe...

by Explorer in

How to pull logs using WMI with a Splunk universal forwarder?

In reference to the following link: https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-...

by Explorer in

WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file

splunkd.log output 05-25-2014 19:58:26.249 +0000 INFO WatchedFile - File too small to check seekcrc, probably tru...

by Builder in

How to migrate a whole indexer with almost no logs lost ?

Hello, I am working on a migration process and I would love your opinion on the solution I've been think to. My en...

by Contributor in

Sending input data over HTTP

Does Splunk support receiving a continual stream of input via an HTTP POST? The reason I ask is the web server log...

by Explorer in

After upgrading to Splunk 6.4.0, why is my Data inputs list in Splunk Web incomplete?

After upgrading to Splunk 6.4, my list of data inputs is incomplete. I remember this issue happened with the DB conne...

by Communicator in

Why is one of my universal forwarders trying to contact the deployment server on port 9997?

Hi, I have a configuration where many Universal Forwarders are managed by a Deployment Server. Today I installed ...

by Explorer in

Forwarding Exchange admin logs

Hi, I want to forward Exchange admin logs to my Splunk server. I installed a universal forwarder on my Exchange se...

by New Member in

Best practice for overriding source key in inputs.conf?

I've seen the related question "Override source key in inputs.conf". I've pretty much decided that I do want to ov...

by Builder in

Need help with props.conf and transforms.conf for an XML file

Hi, I am indexing a set of XML files from an S3 bucket, and having troubles getting my config set up correctly. ...

by Explorer in

Saving extracted field in Props.conf Vs Using regex extraction directly in search with out saving in props.conf

We had search query were we extract field 1 and field 2 using regular expressions. We have doubt here that which of t...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Windows scripted input using output from splunk openssl command?

Why can't I delete knowledge objects as admin?

How to search the average time between two timestamps?

Only latest results from a constantly human updated CSV?

Run a script on UF from SHC

configuring TIME_FORMAT

Unable to fetch REST endpoint

Is there a Splunk Universal Forwarder version for HP-UX 11.00?

Where does Splunk log errors about malformed JSON input data?

How to prevent large lookups from being replicated to Yarn / Hadoop from Hunk?

Is an entry in props.conf required to allow an entry in transforms.conf to be effective?

How to combine lists of source and destination IPs into one unique list to match against a CSV file?

how can we split forwarded windows event logs by host?

How to configure Splunk to set the event timestamp based on filename for date and events for time?

How do I write a search to aggregate the difference between timestamps of disparate login and logout events by user ID over a given period of time?

How to pull logs using WMI with a Splunk universal forwarder?

WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file

How to migrate a whole indexer with almost no logs lost ?

Sending input data over HTTP

After upgrading to Splunk 6.4.0, why is my Data inputs list in Splunk Web incomplete?

Why is one of my universal forwarders trying to contact the deployment server on port 9997?

Forwarding Exchange admin logs

Best practice for overriding source key in inputs.conf?

Need help with props.conf and transforms.conf for an XML file

Saving extracted field in Props.conf Vs Using regex extraction directly in search with out saving in props.conf

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Unable to login once I updated my Splunk license

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions