Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I configure Splunk to read events by timestamp?

Hello All our logging events start with a time stamp that looks like this: 00:00:23,746 The data in between the...

by New Member in

eof error when reading file

Hello, We recently started to notice that a file that used to be monitored fine is no longer being pulled into spl...

by Splunk Employee in

Why is Splunk importing header fields from CSV files as events?

Hi Guys, I do a data Input from a folder. The folder contains CSV files. Splunk imports all the data in a correct ...

by Path Finder in

Importing data from a CSV file, how do I edit props.conf to assign a specific column to be parsed as _time?

Hi Guys, I do data import from a CSV and I would like set the eventtime ( _time) to a specific column because the ...

by Path Finder in

How to search license usage by indexer server and top 10 host usage per indexer?

Hi All, I got a request to create report for License Usage by Indexer Server and Top 10 Host usage per Indexer Ser...

by Path Finder in

Why am I getting splunkd.log warning "Could not parse mtime for status.csv in search...coercing to time 0"?

Why am I getting the following warning in splunkd.log WARN JobsFeed - Could not parse mtime for status.csv in sea...

by Engager in

User list from Active directory

Hi How to get the user details from the Active directory with OU name using ldapsearch?

by Builder in

Transpose CSV column headers to row

Hello, Is Splunk able to, before or after indexing, transpose column and rows in this way: original file: has col...

by Path Finder in

How to disable the universal forwarder default management port 8089 with a deployment server?

I'm trying to disable the default management point on the universal forwarders (8089) with the deployment server and ...

by Explorer in

After disabling default port 8089 due to app conflict, why is our universal forwarder unable to contact the deployment server?

We found that we have a new server type with a new internal application that is using port 8089 and would not allow t...

by Explorer in

Splunkweb crashes with "Bad file descriptor"

Splunk 4.1.4 on Win2008 R2, splunkweb is repeatedly terminating with "Bad file descriptor" error shown in web_serivce...

by Explorer in

Timezone conversion issue on HF

We have a HF in UTC timezone that is received log events from an Universal Forwarder running on EDT timezone. The log...

by Contributor in

Editing an indexed log

We made a mistake and logged a few 1000 fields in an event with a wrong format. Is there any way that we could edit t...

by Engager in

How to monitor and index html reports generated daily, even if there are no changes?

Hey. My antivirus generates 4 html reports every day in a folder, but I see a different number of events every tim...

by Communicator in

Highly Available (Double) Data-Source (Syslog)

Hi all, I'm currently experiencing this challenge. At a customer site we have two identical syslog servers rece...

by Path Finder in

How To Alert if SourceType is Not Logging?

I have a forwarder which is configured to monitor 5 directories. Each directory has it's own sourcetype and one of th...

by SplunkTrust in

How to split incomming traffic through UDP 514 ?

Dear All, I'm totally new to the business, I've never dealt with regex, logs or Splunk, etc. Some answers can be f...

by New Member in

Displaying specific text from logs

I have a table on my dashboard that displays particular information from logs but I am trying to add an event name to...

by Path Finder in

How to create an index in an indexer cluster and pull firewall logs to store in that index?

I want to create an index in an indexer cluster and pull firewall logs to store in that index.

by Engager in

After indexing logs in Splunk, where can I find the specific path where it is stored?

I have a server which transfers logs to the Splunk server, but I don't know where it is stored in Splunk. Can someone...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I configure Splunk to read events by timestamp?

eof error when reading file

Why is Splunk importing header fields from CSV files as events?

Importing data from a CSV file, how do I edit props.conf to assign a specific column to be parsed as _time?

How to search license usage by indexer server and top 10 host usage per indexer?

Why am I getting splunkd.log warning "Could not parse mtime for status.csv in search...coercing to time 0"?

User list from Active directory

Transpose CSV column headers to row

How to disable the universal forwarder default management port 8089 with a deployment server?

After disabling default port 8089 due to app conflict, why is our universal forwarder unable to contact the deployment server?

Splunkweb crashes with "Bad file descriptor"

Timezone conversion issue on HF

Editing an indexed log

How to monitor and index html reports generated daily, even if there are no changes?

Highly Available (Double) Data-Source (Syslog)

How To Alert if SourceType is Not Logging?

How to split incomming traffic through UDP 514 ?

Displaying specific text from logs

How to create an index in an indexer cluster and pull firewall logs to store in that index?

After indexing logs in Splunk, where can I find the specific path where it is stored?

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

What's New in Splunk Cloud Platform 9.0.2208?!

Help with field extraction of CMD output like "net...

Why is event time different from server time?

Is it possible to have scheduled saved search usin...

SC4S and Palo Alto log sources- Where can I find l...

How to troubleshoot data Ingestion Latency or rela...