Getting Data In

Community Activity

How to Update a Lookup Table Hi, I wonder whether someone may be able to help me please. I'm using the query below to successfully create a 'look... by IRHM73 Motivator in Getting Data In 04-01-2016 1 4	1	4
Splunk having issues with offsetting TZ for epochtime I'm trying to set a TZ for epoch time but Splunk is not accepting it. Is there an issue with offsetting using epoch ... by the_wolverine Champion in Getting Data In 03-31-2016 0 6	0	6
Index query question (latest event from each source type by host) I have been having a lot of problems with our Windows 2008 R2 Domain Controllers falling behind in just the security ... by jcrensh Explorer in Getting Data In 03-31-2016 0 3	0	3
Help with LINE_BREAKING hI, I have a file that appears to break correctly in the data preview, but after I index it, it's not appearing corr... by a212830 Champion in Getting Data In 03-31-2016 0 4	0	4
Why is Splunk not getting all Windows security events from some Active Directory servers? I have the universal forwarder installed on three Active Directory servers and I have a dashboard with a panel that s... by snix Communicator in Getting Data In 03-31-2016 0 9	0	9
Error event time (one more year) Hi all, In DB Input of DB CONNECT, inside PARAMETERS, I configured to CHOOSE COLUMN on timestamp, instead default op... by lcblucas Explorer in Getting Data In 03-31-2016 0 9	0	9
Anonymize multiple occurrences on the same log event Hi, I am able to anonymize data in Splunk using props.conf and transforms.conf but not able to anonymize multiple oc... by SirHill17 Communicator in Getting Data In 03-31-2016 0 6	0	6
Can the Splunk universal forwarder forward Sybase audit logs to Splunk? Hi, Can the Splunk Universal Forwarder forward Sybase audit logs to Splunk? thanks by ghostd0g Engager in Getting Data In 03-31-2016 0 1	0	1
Splunk forwarder accept files from remote server Hi Team, We are installing forwarder on one server and would require to connect to a remote server for getting the l... by pasokkum Path Finder in Getting Data In 03-31-2016 0 1	0	1
How to copy the field values of one event to another event of different sources by comparing with IP and MAC ? I tried to extract fields form different sources by comparing two IPs. I want to copy the fields of location and stat... by nagendra008 Explorer in Getting Data In 03-31-2016 0 3	0	3
Add a field to a sourcetype with a static value I wanted to add a field to a specific sourcetype basically nocmessage="ignore this server" Seemed easy enough pr... by daniel333 Builder in Getting Data In 03-30-2016 2 3	2	3
Log4j events line-break not consistent I'm bringing in alfresco logs, in this case share.log and for the most part the events are broken up by line correctl... by banderson7 Communicator in Getting Data In 03-30-2016 0 7	0	7
Searching across clustered and standalone indexers Hi, I've been reading related questions on this topic but I fear they're outdated as of 6.3. Can I configure a sear... by 606866581 Path Finder in Getting Data In 03-30-2016 0 8	0	8
Anonymize only Child Nodes Hello, I was wondering could anyone help me figure out the sed script required and regex to Anonymize child nodes fro... by jmaguire1992 Explorer in Getting Data In 03-30-2016 0 1	0	1
How to extract a key and value from the Raw data? While I understand the regex command and click based extraction of data fields. How do I extract both of them via the... by Stevelim Communicator in Getting Data In 03-29-2016 0 1	0	1
Why are my Splunk 6.3.1 AIX forwarders only forwarding _internal data, not the file being monitored? I have several AIX forwarders that are not liking what I think is a simple monitor. We are looking for 1 file to ing... by gbowden_pheaa Path Finder in Getting Data In 03-29-2016 0 12	0	12
How to over ride sourcetype using curl command for Http event collector? Hi, I configured Http Event collector(EC) in my local through GUI (generated token,created index and source type) an... by mprreddy51 Explorer in Getting Data In 03-29-2016 0 6	0	6
TCP Routing and Anonymizing data Hi, I am trying to anonymize data at the forwarder level (or deployment-server) before forwarding the data to the in... by SirHill17 Communicator in Getting Data In 03-29-2016 0 6	0	6
Need SailPoint data in Splunk SailPoint is our new Identity Governance application. I need to access SailPoint data from within Splunk. I'm not a S... by tmaltizo Path Finder in Getting Data In 03-28-2016 0 2	0	2
Splitting fields with slashes Anyone else having trouble or have guidance to split fields backslashes such as with file paths? The field value is ... by ajlBXsplunk New Member in Getting Data In 03-28-2016 0 6	0	6
Create new index without restarting Splunk indexer? I understand that in the year 2013 it may be possible to create a new index without having to restart the indexer? I... by the_wolverine Champion in Getting Data In 03-28-2016 4 13	4	13
Why am I unable to delete an index via CLI with error "bundle=indexes stanza=aaa Missing, cannot edit or remove"? Hi, I am unable to delete an index from the CLI. When I am giving the following command : ./splunk remove index AAA... by abhayneilam Contributor in Getting Data In 03-28-2016 0 3	0	3
Indexing some and forwarding some on a full Splunk instance Hello, I have a Splunk instance that is a search head and an indexer. I would like this Splunk instance to index ... by fhjfong New Member in Getting Data In 03-28-2016 0 2	0	2
how to setup forwarder to ingest logs from a specific date / last day's log and carry on monitoring the future files as they are created? i am dealing with a imilar issue, i am trying to ingest webserver logs and the historical log data in webserver is hu... by shivarpith Path Finder in Getting Data In 03-28-2016 0 2	0	2
Need to get data from a stored procedure in DB using the data connect app I tried various ways to execute a stored procedure using the DB connect app in splunk. But i am not able to do so. Th... by saipavan Explorer in Getting Data In 03-28-2016 2 7	2	7