Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is it possible to add an item to the whitelist in just one specific client in a server class?

I have a server class (wineventlog) that has a whitelist in the inputs.conf. It looks like this: [WinEventLog://Se...

by New Member in

Why are some Windows event logs indexed in Splunk with a future timestamp?

Hi all I have a search like this: index=\* earliest=+1m latest=+30h sourcetype="WinEventLog:Sys*" Message=\*Upg...

by Path Finder in

With indexAndForward=true on a heavy forwarder, how do we route data to an index with a different name on the target indexer?

Hi Team, We are planning to migrate our existing indexed data to a new Enterprise Server which is up and running, ...

by Contributor in

Best approach to move data to a different index?

Using Splunk 6.3.1, 1 search head, 4 indexers, 1 UF. I have ALOT of data that got put into the wrong index. We ha...

by Contributor in

Is anyone else getting "Splunk could not get the description..." after a Windows update using Splunk 6.3.2?

Not so much a question, but an observation looking for confirmation. If true, looking to spread the word. Recently...

by Explorer in

How to input data from perl script to splunk?

Hello guys, I am new to splunk and I am trying to input data from a perl script. Script is very simple, a hellowor...

by Engager in

How to troubleshoot why security events from one domain controller are getting indexed with a delay of 5 hours?

Good day, We have one domain controller that is always about 5 hours behind in having the logs available in Splunk...

by New Member in

Why am I getting "Error occurred attempting to remove CPU Data...required arguments are missing: app_name..." trying to remove a data input?

I'm trying to delete a data input, but I'm getting this message: Error occurred attempting to remove CPU Data: In ...

by New Member in

How to extract sum totals for data in a nested JSON object?

Hi there, I have the following log line format (slightly edited for anonymity), 2013-08-14T08:54:10.098+0100 [I...

by Engager in

What is the default retention time in Splunk Cloud and what is the cost of extending it?

Hi, I've started looking into Splunk Cloud for some customers. At the official Splunk website it says that the Spl...

by Builder in

Punct... good god y'all - what is it good for?

Early on in our Splunk deployment we set ANNOTATE_PUNCT to false on our indexers, both to save space and for performa...

by Influencer in

How does load balacing work when forwarding to Splunk Cloud?

Hi, I'm wondering how load balancing in Splunk Cloud work. When i install the splunkcloud.uf app on a local for...

by Builder in

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

After deploying a search head cluster, I have a problem with searching anything. SHcluster status is up, but when I l...

by New Member in

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

I installed a Splunk Universal Forwarder on a Windows Server 2012R2 using following command: msiexec.exe /i splun...

by New Member in

What happens if I restart the universal forwarder while it is processing a file?

Here's my setup: 1 search head, 4 indexers, 1 universal forwarder The UF is trying to index a large file (2G), I'm...

by Contributor in

Windows scripted input using output from splunk openssl command?

Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like...

by Motivator in

Why can't I delete knowledge objects as admin?

Looking at my saved searches, about 99% of them do not have the "delete" action listed. There are one or two that do ...

by Communicator in

How to search the average time between two timestamps?

Hello, I am trying to find the difference between two time stamps using the below search: index=abc | eval aver...

by Builder in

How are Splunk passwords encrypted in inputs.conf and outputs.conf?

Could someone please document how the Splunk passwords are encrypted (in inputs and outputs.conf) so that we can setu...

by Explorer in

Only latest results from a constantly human updated CSV?

I have a use case where a CSV in a shared location is being updated daily by project manager(s). I'm attempting to bu...

by Path Finder in

Getting Data In

Discussions

Is it possible to add an item to the whitelist in just one specific client in a server class?

Why are some Windows event logs indexed in Splunk with a future timestamp?

With indexAndForward=true on a heavy forwarder, how do we route data to an index with a different name on the target indexer?

Best approach to move data to a different index?

Is anyone else getting "Splunk could not get the description..." after a Windows update using Splunk 6.3.2?

How to input data from perl script to splunk?

How to troubleshoot why security events from one domain controller are getting indexed with a delay of 5 hours?

Why am I getting "Error occurred attempting to remove CPU Data...required arguments are missing: app_name..." trying to remove a data input?

How to extract sum totals for data in a nested JSON object?

What is the default retention time in Splunk Cloud and what is the cost of extending it?

Punct... good god y'all - what is it good for?

How does load balacing work when forwarding to Splunk Cloud?

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

What happens if I restart the universal forwarder while it is processing a file?

Windows scripted input using output from splunk openssl command?

Why can't I delete knowledge objects as admin?

How to search the average time between two timestamps?

How are Splunk passwords encrypted in inputs.conf and outputs.conf?

Only latest results from a constantly human updated CSV?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Powershell script not running always on schedule -...

Should I remove /datamodel_summary on local drive ...

Archiving Best Practices for a Clustered Environme...

SignatureDoesNotMatch

Routing Metric events to null queue

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>