Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
hettervik

How does load balacing work when forwarding to Splunk Cloud?

Hi, I'm wondering how load balancing in Splunk Cloud work. When i install the splunkcloud.uf app on a local forward...
by hettervik Builder in Getting Data In 05-11-2016
0 4
0
4
slawny86

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

After deploying a search head cluster, I have a problem with searching anything. SHcluster status is up, but when I l...
by slawny86 New Member in Getting Data In 05-11-2016
0 6
0
6
jafars

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

I installed a Splunk Universal Forwarder on a Windows Server 2012R2 using following command: msiexec.exe /i splunkf...
by jafars New Member in Getting Data In 05-11-2016
0 3
0
3
lyndac

What happens if I restart the universal forwarder while it is processing a file?

Here's my setup: 1 search head, 4 indexers, 1 universal forwarder The UF is trying to index a large file (2G), I'm s...
by lyndac Contributor in Getting Data In 05-10-2016
0 1
0
1
Lucas_K

Windows scripted input using output from splunk openssl command?

Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like ...
by Lucas_K Motivator in Getting Data In 05-10-2016
0 5
0
5
jonathan_cooper

Why can't I delete knowledge objects as admin?

Looking at my saved searches, about 99% of them do not have the "delete" action listed. There are one or two that do...
by jonathan_cooper Communicator in Getting Data In 05-10-2016
0 8
0
8
vrmandadi

How to search the average time between two timestamps?

Hello, I am trying to find the difference between two time stamps using the below search: index=abc | eval average_...
by vrmandadi Builder in Getting Data In 05-10-2016
0 3
0
3
edenzler

Only latest results from a constantly human updated CSV?

I have a use case where a CSV in a shared location is being updated daily by project manager(s). I'm attempting to bu...
by edenzler Path Finder in Getting Data In 05-10-2016
1 5
1
5
ishaanshekhar

Run a script on UF from SHC

Hi, I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert crit...
by ishaanshekhar Communicator in Getting Data In 05-10-2016
0 4
0
4
kerne1

configuring TIME_FORMAT

Hello, our logs have ISO 8601 date format with shorted year (YY instead of YYYY): "12-08-06 04:42:10". It is 6 of Aug...
by kerne1 New Member in Getting Data In 05-10-2016
0 5
0
5
SarahBOA

Unable to fetch REST endpoint

I am getting the warning message "Unable to fetch REST endpoint '/services/search/jobs' from 'https://127.0.0.1:8089'...
by SarahBOA Path Finder in Getting Data In 05-10-2016
1 3
1
3
mmensch

Is there a Splunk Universal Forwarder version for HP-UX 11.00?

Hi, I have a few HP UX version 11.00 servers that I need logs sent to Splunk. I have successfully installed the for...
by mmensch Path Finder in Getting Data In 05-10-2016
0 4
0
4
Graham_Hanningt

Where does Splunk log errors about malformed JSON input data?

I sent two events in JSON format to Splunk (Enterprise 6.4) via TCP. The second event was deliberately malformed: a s...
by Graham_Hanningt Builder in Getting Data In 05-10-2016
1 1
1
1
tsunamii

How to prevent large lookups from being replicated to Yarn / Hadoop from Hunk?

We have a user who has created a large csv lookup file (600 Mb). It seems that this file is being replicated to every...
by tsunamii Path Finder in Getting Data In 05-09-2016
0 2
0
2
msantich

Is an entry in props.conf required to allow an entry in transforms.conf to be effective?

When the following question was asked in this forum: What is the role of transforms.conf vs. props.conf for field ext...
by msantich Path Finder in Getting Data In 05-09-2016
0 3
0
3
ststephe

How to combine lists of source and destination IPs into one unique list to match against a CSV file?

I have a list of source and destination IPs that I'm trying to concatenate into one unique list and check against a C...
by ststephe Engager in Getting Data In 05-09-2016
0 2
0
2
capilarity

how can we split forwarded windows event logs by host?

We are using windows event log forwarding to extract the security logs from 100 plus servers to a central location wh...
by capilarity Path Finder in Getting Data In 05-09-2016
0 6
0
6
ofaura

How to configure Splunk to set the event timestamp based on filename for date and events for time?

Hello, I don't know if it is possible get this setup. I should load into Splunk a log file with lots of events, but...
by ofaura Path Finder in Getting Data In 05-09-2016
0 3
0
3
MDSplunkNinja

How do I write a search to aggregate the difference between timestamps of disparate login and logout events by user ID over a given period of time?

My agents log in and out of our system several times in a given shift and I need to aggregate the total time they spe...
by MDSplunkNinja Explorer in Getting Data In 05-09-2016
0 8
0
8
rishabhey2016

How to pull logs using WMI with a Splunk universal forwarder?

In reference to the following link: https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-...
by rishabhey2016 Explorer in Getting Data In 05-09-2016
0 2
0
2
ben_leung

WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file

splunkd.log output 05-25-2014 19:58:26.249 +0000 INFO WatchedFile - File too small to check seekcrc, probably trunc...
by ben_leung Builder in Getting Data In 05-09-2016
2 3
2
3
ctaf

How to migrate a whole indexer with almost no logs lost ?

Hello, I am working on a migration process and I would love your opinion on the solution I've been think to. My envi...
by ctaf Contributor in Getting Data In 05-09-2016
0 10
0
10
justjosh

Sending input data over HTTP

Does Splunk support receiving a continual stream of input via an HTTP POST? The reason I ask is the web server logs ...
by justjosh Explorer in Getting Data In 05-09-2016
0 4
0
4
MaverickT

After upgrading to Splunk 6.4.0, why is my Data inputs list in Splunk Web incomplete?

After upgrading to Splunk 6.4, my list of data inputs is incomplete. I remember this issue happened with the DB conne...
by MaverickT Communicator in Getting Data In 05-09-2016
0 4
0
4
splunk_cv

Why is one of my universal forwarders trying to contact the deployment server on port 9997?

Hi, I have a configuration where many Universal Forwarders are managed by a Deployment Server. Today I installed a ...
by splunk_cv Explorer in Getting Data In 05-08-2016
0 8
0
8
Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...
Top Solution Authors
View All