Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
raymondc

Define custom sourcetype XML

I'm trying to define a custom sourcetype. I have one file with multiple XML files. For example MyFile.xml: <?xml ve...
by raymondc Engager in Getting Data In 03-08-2016
0 1
0
1
tkhouri

How do I override source types in SplunkCloud

I know that I can override source types dynamically per event based on this documentation link here: (docs.splunk.com...
by tkhouri Explorer in Getting Data In 03-08-2016
0 4
0
4
rsathish47

Fetching data from webpage

Hi All, Is their way to fetch data from the webpage for lookup in splunk search. Please provide if we have any worka...
by rsathish47 Contributor in Getting Data In 03-08-2016
0 2
0
2
manjunathmeti

How to make sure that the data forwarded is loading in the searchhead/indexer completely?

I have a forwarder installed on a server and I am extracting the data for indexes like Name,Class etc and while extra...
by manjunathmeti Champion in Getting Data In 03-08-2016
0 2
0
2
davidlambertgps

Splunk ingesting Yara Rules

Can Splunk natively ingest Yara rules? Our goal is to possibly have Splunk grab Yara rules from a directory, and hav...
by davidlambertgps New Member in Getting Data In 03-07-2016
0 1
0
1
gobinspam

Json parsing - Failed to parse timestamp

I'm trying to parse the following json input. I'm getting the data correctly indexed but I am also getting a warning....
by gobinspam Engager in Getting Data In 03-07-2016
0 4
0
4
Jeremiah

Can we process the timestamp in an event sent to the HTTP event collector?

The HTTP event collector supports an optional timestamp: { "time": "1426279439", "host": "localhost", "...
by Jeremiah Motivator in Getting Data In 03-07-2016
3 9
3
9
KVinodh

How to configure multiple sourcetypes for a single monitored file?

Hi. I have a single very huge file with different formats. So I decided to create 3 different sourcetypes for this ...
by KVinodh New Member in Getting Data In 03-07-2016
0 3
0
3
Outek

How can i split a json array in mutiple events?

Hello Im trying to split a json Array into multiple Events in the props.conf Whats the best way to do this? Here i...
by Outek New Member in Getting Data In 03-07-2016
0 5
0
5
bworrellZP

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Hello, I am using the Optiv Threat Intel app, but my Splunk install is on a different drive. Found one .py file I h...
by bworrellZP Communicator in Getting Data In 03-07-2016
0 2
0
2
landen99

Where on a Windows machine should I store logs generated from custom scripts for Splunk Universal Forwarder to forward?

Running a log-generating script locally on a Windows machine with a Splunk UF, I am looking for best practices for wh...
by landen99 Motivator in Getting Data In 03-07-2016
0 1
0
1
ilv2splunk

How to monitor multiple source types in same folder

BlackBerry servers have many different .txt log files all created in the one folder. I have a universal forwarder ...
by ilv2splunk Explorer in Getting Data In 03-07-2016
0 6
0
6
jflaherty

Why do I get "Unable to remove disabled indexes.." when trying to delete an index, but then get "deleted, cannot enable.." when I try to enable it?

Hello, I was having a problem with an index created by an app, so I manually created one as a test. I went to delet...
by jflaherty Path Finder in Getting Data In 03-07-2016
0 2
0
2
csmartin

If I POST events to a heavy forwarder using the REST API receivers/simple web service, will the HF be able to parse and forward the data?

If I POST events to a Heavy Forwarder using the receivers/simple web service, will the Forwarder then be able to pars...
by csmartin New Member in Getting Data In 03-07-2016
0 2
0
2
gelica

Field names in lowercase, transforms.conf

Hi! I have some different sourcetypes defined by me where I'm extracting some of the fields with stanzas in transfor...
by gelica Communicator in Getting Data In 03-07-2016
0 11
0
11
charlesguo_2

How to troubleshoot why I received an alert saying "indexer is not reachable"?

I am pretty new to Splunk. Guess what, the consultant has left and I was supposed to take care of Splunk. I got an al...
by charlesguo_2 Engager in Getting Data In 03-06-2016
0 4
0
4
robf

Why are my indexers reporting "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX..."?

Anybody find a solution to this? I'm seeing this over lots of indexers! ERROR EAIOutParameters - invalid entry titl...
by robf Path Finder in Getting Data In 03-06-2016
2 3
2
3
the_wolverine

Syntax to update my scheduled search using REST?

I'm trying to update the max_concurrent instances on my scheduled search from the default of 1 to 2. But the REST co...
by the_wolverine Champion in Getting Data In 03-04-2016
0 3
0
3
caspertz

Windows DNS Logs

Using splunk 6.0.1 - trying to do some testing with Windows DNS logs to see if can get the data formatted and droppin...
by caspertz Engager in Getting Data In 03-04-2016
0 5
0
5
ryandg

How do I edit my configurations on the universal forwarder to split Windows event logs and SQL logs to different indexes?

Hello, Our Windows servers have the universal forwarder installed and it is working just fine. However, we also have...
by ryandg Communicator in Getting Data In 03-04-2016
1 4
1
4
pilzi81

Connection between Universial Forwarder and Deployment Server

Hi, we are using self-signed certificates in our Splunk environment. In general everything works fine, but at a clos...
by pilzi81 Explorer in Getting Data In 03-04-2016
0 3
0
3
shimikeri_a

How to index a CSV file from a local machine?

Hi, I have 2 CSV files which are on the local machine. I would like to add these files and index them. I followed th...
by shimikeri_a New Member in Getting Data In 03-04-2016
0 2
0
2
marios_kstone

How to resend lost data between two splunk servers?

Hi all, consider the following scenario: there are two splunk infrastructures. The first (A) collects data from sever...
by marios_kstone Path Finder in Getting Data In 03-04-2016
0 4
0
4
_smp_

How to configure props.conf and transforms.conf to replace host with FQDN in syslog events?

Hello, New Splunk user here. I have a syslog input consuming messages from a bunch of different hosts. Most PTR rec...
by _smp_ Builder in Getting Data In 03-04-2016
0 4
0
4
JanOsterkamp

How to calculate port utilization via SNMP for all ports of a host using the delta command?

Hello Splunk Community, I'm calculating the port Utilization with this search: sourcetype=snmp host="xyz" Interface...
by JanOsterkamp New Member in Getting Data In 03-04-2016
0 1
0
1
Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...
Top Solution Authors
View All