Getting Data In

Community Activity

How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time? Hello everybody, I have JSON data that I generate from a Python script. It looks like this: { "leaderboard": [ ... by Arismore Explorer in Getting Data In 04-13-2016 0 3	0	3
How do I figure out why custom conf files are not being imported? I am in the process of moving my indexer to a new server, and in the process, I thought it would be a good idea to co... by seanbarbour New Member in Getting Data In 04-12-2016 0 5	0	5
How to ingest more than 1000 events using the monitor setting from the WUI Hello all, My question is that I have a cvs file that is being updated every hour or so lets say its called test.csv... by raby1996 Path Finder in Getting Data In 04-12-2016 0 1	0	1
How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector? Yes, this question has been asked a hundred times. I have looked at all of the examples, but my grasp of the differen... by oliverj Communicator in Getting Data In 04-12-2016 0 5	0	5
How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files? We are processing CSV files to index in Splunk, but the Splunk forwarder is always forwarding files twice. Can you pl... by dhavamanis Builder in Getting Data In 04-12-2016 0 2	0	2
Why am I getting "Login failed" trying to add a Splunk universal forwarder? I am using Splunk Enterprise (Amazon Market Place AMI) I have added Forwarding receiving port 9997 Installed universa... by sureshsala Explorer in Getting Data In 04-12-2016 0 1	0	1
Where Is Timezone Offset Information on Universal Forwarder? Trying to determine why some of my forwarders sending in data from Windows virtual desktop instances are having their... by stevepraz Path Finder in Getting Data In 04-12-2016 0 3	0	3
Scripted Input and not working well with linux "Find" Command Hi Guys, Am i not sure if anyone has a solution for this. But I am not able to get any output when i run the linux fi... by samaikins New Member in Getting Data In 04-12-2016 0 2	0	2
Why am I unable to disable a Deployment Client using a "splunk" user account? Hello Guys, I have installed a Splunk Universal Forwarder in my environment and set the deployment server. I also ha... by splunk_kk Path Finder in Getting Data In 04-11-2016 0 2	0	2
about Splunk Backend? Hello, I have several questions about splunk's backend to which I was unable to find a clear answer : 1) What is Sp... by 4Name Explorer in Getting Data In 04-11-2016 1 3	1	3
How to use a Splunk forwarder directory name (segment) as an event tag? Hello! I was wondering how to use a directory name (segment) as an event tag. For example: C:\bin\code\python\test_... by lsparrow New Member in Getting Data In 04-11-2016 0 1	0	1
TcpOutputProc - Cooked connection to ip=timed out Im getting below error on my heavy forwarder logs, 6 indexers are connect that HF , 4 indexers are working fine. Only... by brod_geico Path Finder in Getting Data In 04-11-2016 0 3	0	3
Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf? Hey there, We have a distributed Splunk environment... so, we have universal forwarders sending data to a heavy for... by michael_sleep Communicator in Getting Data In 04-11-2016 0 1	0	1
How to use strptime for a time field in the format hhmm? In my new data set, the time comes in the format 1652 as it relates to 4:52pm. However, when it is before 1AM it come... by svercelli Path Finder in Getting Data In 04-11-2016 0 1	0	1
Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers? Is there a process I can use with Splunk to pull audit logs on how, who, when, and where directories are being create... by pnv2254 New Member in Getting Data In 04-11-2016 0 2	0	2
Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts? Hi, I have installed Splunk light in Windows and in Linux server also. I have installed a universal forwarder in the... by Monica7 New Member in Getting Data In 04-11-2016 0 1	0	1
How to configure Splunk Light for receiving data from a Universal Forwarder? I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server... by andig2 Engager in Getting Data In 04-11-2016 0 2	0	2
How to collect Windows event logs without installing a universal forwarder? Hi All, I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwar... by kpavan Path Finder in Getting Data In 04-11-2016 0 5	0	5
Getting configuration for forwarder “I am working with a customer who is a licensed and valid support contract holder with Splunk. They are currently run... by trflesher Explorer in Getting Data In 04-11-2016 0 13	0	13
How to configure Splunk Windows Event logs through command line? Is it even possible to configure Windows Event Logs through command line? PS C:\Program Files\SplunkUniversalForwar... by dlogvinenko Engager in Getting Data In 04-11-2016 0 1	0	1
How to filter events from a file BEFORE it gets to Splunk index Hi I would like to find out how I can "strip out" events from a input file before they reach the splunk indexer. I... by itsomana Path Finder in Getting Data In 04-09-2016 3 6	3	6
How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV Hello, I am using FIELD_DELIMITER=; and am working on data that use commas instead of decimals. I want to use a SED ... by Maite35 Explorer in Getting Data In 04-09-2016 1 11	1	11
Universal Forwarder has not removed itself from the DMC I have had a host go down in aws that was not recoverable a few weeks ago and the universal forwarder is still showin... by Brolly75 New Member in Getting Data In 04-09-2016 0 1	0	1
Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations? I have a monitor that that isn't working. I turned debug on in log.cfg, and the Universal Forwarder reports no match ... by lisaac Path Finder in Getting Data In 04-08-2016 0 1	0	1
After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."? Hey, I am a total Splunk Noob. I am trying out Splunk Light. I can successfully import a file, but I cannot get sp... by belljar1 New Member in Getting Data In 04-08-2016 0 4	0	4

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time?

How do I figure out why custom conf files are not being imported?

How to ingest more than 1000 events using the monitor setting from the WUI

How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector?

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files?

Why am I getting "Login failed" trying to add a Splunk universal forwarder?

Where Is Timezone Offset Information on Universal Forwarder?

Scripted Input and not working well with linux "Find" Command

Why am I unable to disable a Deployment Client using a "splunk" user account?

about Splunk Backend?

How to use a Splunk forwarder directory name (segment) as an event tag?

TcpOutputProc - Cooked connection to ip=timed out

Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf?

How to use strptime for a time field in the format hhmm?

Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers?

Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts?

How to configure Splunk Light for receiving data from a Universal Forwarder?

How to collect Windows event logs without installing a universal forwarder?

Getting configuration for forwarder

How to configure Splunk Windows Event logs through command line?

How to filter events from a file BEFORE it gets to Splunk index

How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV

Universal Forwarder has not removed itself from the DMC

Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations?

After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation