Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
rc0rning

is ETL a prerequisite for moving data into Splunk?

I'm trying to understand if i can move raw data directly into splunk without any indexing
by rc0rning New Member in Getting Data In 05-12-2016
0 8
0
8
vil505

Can I use a text input form to filter down to the top user results for my search?

Is there a general way for me to use the text input in a form to filter it down to the top users, depending on the nu...
by vil505 Explorer in Getting Data In 05-12-2016
0 3
0
3
dhavamanis

What are best practices on setting the replication factor for X number of indexers in an indexer cluster?

Need your help, We are trying to increase the number of indexer nodes in the indexer cluster for max availability ap...
by dhavamanis Builder in Getting Data In 05-12-2016
0 1
0
1
OMohi

Splunk error message on splunkd.log

I am getting the following error message from inputs directing from splunk forwarder instance to indexer: 13:01:22.5...
by OMohi Path Finder in Getting Data In 05-12-2016
0 6
0
6
cannarella

input.conf whitelist for windows eventlogs

We are trying to capture failed logons from our AD server but only want to capture specific event logs. We are using...
by cannarella Engager in Getting Data In 05-12-2016
3 11
3
11
JoanHorikawa

Is it possible to add an item to the whitelist in just one specific client in a server class?

I have a server class (wineventlog) that has a whitelist in the inputs.conf. It looks like this: [WinEventLog://Secu...
by JoanHorikawa New Member in Getting Data In 05-12-2016
0 5
0
5
tlabue

On startup, Splunk reports issues with the default prefs.conf file (invalid keys)

When I startup Splunk (v6.3.0 for Linux), I've notices warning message when Splunk is Checking conf files for problem...
by tlabue Path Finder in Getting Data In 05-12-2016
0 5
0
5
att35

data indexing on rapid7 app for Splunk enterprise

Hi, I am planning to install Splunk app for Rapid7 Nexpose. We use Nexpose Enterprise edition. While checking the ap...
by att35 Builder in Getting Data In 05-12-2016
0 2
0
2
agneticdk

Why are some Windows event logs indexed in Splunk with a future timestamp?

Hi all I have a search like this: index=\* earliest=+1m latest=+30h sourcetype="WinEventLog:Sys*" Message=\*Upgrade...
by agneticdk Path Finder in Getting Data In 05-11-2016
0 2
0
2
hemendralodhi

With indexAndForward=true on a heavy forwarder, how do we route data to an index with a different name on the target indexer?

Hi Team, We are planning to migrate our existing indexed data to a new Enterprise Server which is up and running, se...
by hemendralodhi Contributor in Getting Data In 05-11-2016
0 4
0
4
bbeavise2g

Is anyone else getting "Splunk could not get the description..." after a Windows update using Splunk 6.3.2?

Not so much a question, but an observation looking for confirmation. If true, looking to spread the word. Recently ...
by bbeavise2g Explorer in Getting Data In 05-11-2016
1 1
1
1
lemmerich

How to input data from perl script to splunk?

Hello guys, I am new to splunk and I am trying to input data from a perl script. Script is very simple, a helloworld...
by lemmerich Engager in Getting Data In 05-11-2016
2 1
2
1
hermanyoung

How to troubleshoot why security events from one domain controller are getting indexed with a delay of 5 hours?

Good day, We have one domain controller that is always about 5 hours behind in having the logs available in Splunk. ...
by hermanyoung New Member in Getting Data In 05-11-2016
0 4
0
4
spersels

Why am I getting "Error occurred attempting to remove CPU Data...required arguments are missing: app_name..." trying to remove a data input?

I'm trying to delete a data input, but I'm getting this message: Error occurred attempting to remove CPU Data: In ha...
by spersels New Member in Getting Data In 05-11-2016
0 2
0
2
stephenmelrose

How to extract sum totals for data in a nested JSON object?

Hi there, I have the following log line format (slightly edited for anonymity), 2013-08-14T08:54:10.098+0100 [INFO]...
by stephenmelrose Engager in Getting Data In 05-11-2016
1 1
1
1
hettervik

What is the default retention time in Splunk Cloud and what is the cost of extending it?

Hi, I've started looking into Splunk Cloud for some customers. At the official Splunk website it says that the Splun...
by hettervik Builder in Getting Data In 05-11-2016
0 2
0
2
jplumsdaine22

Punct... good god y'all - what is it good for?

Early on in our Splunk deployment we set ANNOTATE_PUNCT to false on our indexers, both to save space and for perform...
by jplumsdaine22 Influencer in Getting Data In 05-11-2016
2 6
2
6
hettervik

How does load balacing work when forwarding to Splunk Cloud?

Hi, I'm wondering how load balancing in Splunk Cloud work. When i install the splunkcloud.uf app on a local forward...
by hettervik Builder in Getting Data In 05-11-2016
0 4
0
4
slawny86

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

After deploying a search head cluster, I have a problem with searching anything. SHcluster status is up, but when I l...
by slawny86 New Member in Getting Data In 05-11-2016
0 6
0
6
jafars

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

I installed a Splunk Universal Forwarder on a Windows Server 2012R2 using following command: msiexec.exe /i splunkf...
by jafars New Member in Getting Data In 05-11-2016
0 3
0
3
lyndac

What happens if I restart the universal forwarder while it is processing a file?

Here's my setup: 1 search head, 4 indexers, 1 universal forwarder The UF is trying to index a large file (2G), I'm s...
by lyndac Contributor in Getting Data In 05-10-2016
0 1
0
1
Lucas_K

Windows scripted input using output from splunk openssl command?

Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like ...
by Lucas_K Motivator in Getting Data In 05-10-2016
0 5
0
5
jonathan_cooper

Why can't I delete knowledge objects as admin?

Looking at my saved searches, about 99% of them do not have the "delete" action listed. There are one or two that do...
by jonathan_cooper Communicator in Getting Data In 05-10-2016
0 8
0
8
vrmandadi

How to search the average time between two timestamps?

Hello, I am trying to find the difference between two time stamps using the below search: index=abc | eval average_...
by vrmandadi Builder in Getting Data In 05-10-2016
0 3
0
3
edenzler

Only latest results from a constantly human updated CSV?

I have a use case where a CSV in a shared location is being updated daily by project manager(s). I'm attempting to bu...
by edenzler Path Finder in Getting Data In 05-10-2016
1 5
1
5
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...