Getting Data In

Community Activity

Regex extraction with different field delimiters Hi all,I have a very specifc regex extraction (search time extraction)_raw data example:\| union[\| makeresults\| eval _... by michael_vi Path Finder in Getting Data In 12-31-2023 0 10	0	10
When I edit inputs.conf and outputs.conf using the cli command, is there a reason why the paths to the modified files ar If I use the command ./splunk add monitor /var/log,-> /splunk/etc/apps/search/local/inputs.conf file will be modified... by munang Path Finder in Getting Data In 12-31-2023 0 4	0	4
Apps on Indexers I was thinking about this just now... How is it possible to have more than 1 app/add-on functioning on an Indexer? Be... by IAskALotOfQs Path Finder in Getting Data In 12-29-2023 0 3	0	3
Help parsing incoming data We have data coming in that we need to alert on, however because of the formatting of the data, this is very hard to ... by secphilomath1 Explorer in Getting Data In 12-28-2023 0 6	0	6
How to use REST to find LDAP mapped groups (roles and the AD group(s) they are mapped to) I needed to find my roles were mapped to LDAP active directory groups. I ended up with the search below. It works, bu... by blacknight659 Explorer in Getting Data In 12-28-2023 0 3	0	3
Report to monitor logon/logoff time and duration on Windows I was using the following question/answer: How can I use windows events to monitor logon sessions https://answers.sp... by ejwade Contributor in Getting Data In 12-27-2023 0 13	0	13
log injection configuration Recently configured a new input that has successfully ingesting logs but appears to be working intermittently. There ... by raghunandan1 Engager in Getting Data In 12-27-2023 0 2	0	2
Universal forwarder が新規ファイルをモニターしない日本語で失礼します。私はLinuxにUFをインストールし、input.confを以下のように設定しました。[monitor:///xxxx/]whitelist = xxxx_list_<yyyymmdd>.csvUFを再起動し、Sp... by nobunari New Member in Getting Data In 12-25-2023 0 1	0	1
Double sourcetype overriding Hi at all,I have a problem similar to one already solved by @PickleRick in a previous question:I have a flow from a... by gcusello SplunkTrust in Getting Data In 12-22-2023 0 9	0	9
french timestamp not understood Hello, I have a log where the timestamp is written with a abbreviated name for the month. My problem is that the abre... by pfoucher Engager in Getting Data In 12-22-2023 1 5	1	5
How do I add sample data to a cloud based trial instance? How do I add sample data to a cloud based trial instance? by bkenn07 Explorer in Getting Data In 12-21-2023 0 5	0	5
SC4S and McAfee EPO not working? So I have been trying to get SC4S working and I know where the docs are--> https://splunk.github.io/splunk-connect-fo... by domino30 Path Finder in Getting Data In 12-21-2023 0 1	0	1
Need help on json data i have below stanza to ingest json data file and added in deployment server as below an in HF added props.conf file i... by sekhar463 Path Finder in Getting Data In 12-21-2023 0 4	0	4
Syslog ng cut the logs of Fortigate? I have a Fortigate firewall that was configured to send UDP logs, lately, I have configured it to send TCP logs inste... by muradgh Path Finder in Getting Data In 12-21-2023 1 18	1	18
Securely store API key for modular input app? Hello all,I'm writing my first Modular Input app, and I'm wondering what's the best way to store a REST API key for m... by koocies Path Finder in Getting Data In 12-21-2023 0 1	0	1
Data is not ingesting into splunk from UF i have added this file in monitoring to ingest data but data is not getting ingesting log file path is /tmp/mountchec... by sekhar463 Path Finder in Getting Data In 12-20-2023 0 2	0	2
What is the maximum value for maxQueueSize that can be used in outputs.conf for Splunk version 6.6.0? I'm migrating my Splunk Instance from an outdated OS. I want to increase the buffer size for my Splunk forwarder so t... by nehabhuti New Member in Getting Data In 12-20-2023 0 2	0	2
Challenge with splunk forwarder and csv file Hello,I need some help. Icreate a csv file on remote server from a mysql quert.I forward the csv file from the remote... by eholz1 Builder in Getting Data In 12-20-2023 0 2	0	2
Splunk 6.2.3 Universal Forwarder maxQueueSize: What is the algorithm used to determine the amount of memory to use? The outputs.conf.spec shows a default value of "auto". The Splunk Universal Forwarder version is 6.2.3 on RHEL 6.6. ... by lisaac Path Finder in Getting Data In 12-20-2023 0 4	0	4
Splunk Otel Collector 0.83.2 and High CPU Throttling We are using OpenShift version 4.13.24 and it is actually on the ROSA AWS managed solution. I've been looking at some... by ve23 New Member in Getting Data In 12-19-2023 0 0	0	0
find disconnected Universal Forwarder Hi,I have installed Splunk Universal Forwarder on several Windows servers, and they send their Windows logs to the in... by maede_yavari Explorer in Getting Data In 12-19-2023 0 2	0	2
How to avoid indexing duplicates? We are trying to ingest large (peta bytes) information into Splunk. The Events are in JSON file structure like - 'aud... by subasm Loves-to-Learn in Getting Data In 12-19-2023 0 5	0	5
How do we extract multi-value fields from nested JSON? Hi,We are ingesting Azure NSG flow logs and visualizing them using app Microsoft Azure App for Splunk https://splunkb... by att35 Builder in Getting Data In 12-19-2023 0 6	0	6
Ingest CSV file as metrics ? Hello Experts,I'm currently having CSV file that contains fields such as ID, IP, OS, status, tracking_method, Last_bo... by Muthu_Vinith Path Finder in Getting Data In 12-19-2023 0 6	0	6
Issue with monitoring logs Hey Guys,I have a node js application and I used Winston to print out the log for our application. Ex(logger.info({re... by Sambaing Observer in Getting Data In 12-18-2023 0 1	0	1