Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Hung_Nguyen

How to use inputlookup to filter

Hi, I have multiple queries that I use to do daily report on errors in our production Splunk. I would like to filte...
by Hung_Nguyen Path Finder in Getting Data In 02-24-2016
0 7
0
7
dsmc_adv

Does Splunk process events before sending to nullqueue?

We have configured a default null queue to discard all events that we don't want to allow to be indexed without autho...
by dsmc_adv Path Finder in Getting Data In 02-24-2016
0 3
0
3
avisram

What are recommended specs for a virtual host for our multisite sandbox environment?

Hi there, I've been tasked with building a Splunk Enterprise 6.3 multisite virtual environment sandbox. The environ...
by avisram Path Finder in Getting Data In 02-24-2016
0 3
0
3
hettervik

Why am I missing metrics.log data from some of my forwarders/hosts?

Hi folks! I've made a search that returns all hosts that sends events of some kind to indexer, but does not send int...
by hettervik Builder in Getting Data In 02-24-2016
0 7
0
7
thezero

How to drop _internal logs received from universal forwarders on a heavy forwarder?

Hi Team, We need to drop _internal logs forwarded by universal forwarders as _internal logs are consuming most of th...
by thezero Path Finder in Getting Data In 02-24-2016
0 4
0
4
Hajime

What is the precedence for "SEDCMD" attribute?

I think the precedence for "SEDCMD" attribute within single stanza is ASCII order. For example props.conf: [foo] SE...
by Hajime Path Finder in Getting Data In 02-23-2016
0 4
0
4
dwin02

How do we monitor Disk I/O in Splunk?

Hi Splunk Support, When activating the Performance Monitoring in inputs.conf, I was able to send free disk space to ...
by dwin02 Explorer in Getting Data In 02-23-2016
0 3
0
3
earakam

Why is CPU on the universal forwarder not used most of the time and we see error "Could not send data to output queue (parsing queue), retrying...."?

Hi, I was monitoring Universal Forwarder's CPU usage with the environment below, and I put 13GB sized file on Unive...
by earakam Path Finder in Getting Data In 02-23-2016
0 4
0
4
k2skaterii

How to configure a heavy forwarder to filter events based on the hostname found in IIS logs?

I have not yet started ingesting IIS logs from my systems. The systems have roughly 2 years of logs stored on them, ...
by k2skaterii Path Finder in Getting Data In 02-23-2016
0 2
0
2
darknetone

How to find the path for an unknown data source that is sending data to Splunk?

How can I tell where data is coming from? I have inherited an old Splunk 5.0.1 Enterprise Infrastructure. I can see d...
by darknetone Explorer in Getting Data In 02-23-2016
0 1
0
1
ben_leung

Indexed data twice! Suggestions to remove data from being searched?

Lets say we have forwarded events that are exactly the same and show in Splunk as duplicates. Running a | dedup _raw ...
by ben_leung Builder in Getting Data In 02-23-2016
0 2
0
2
gauravmishra15

Is there a way to validate the URI for HTTP Event Collector?

I am trying to leverage Powershell to POST the event in form of JSON. The Invoke-WebRequest does not work well. Is th...
by gauravmishra15 Path Finder in Getting Data In 02-23-2016
0 2
0
2
isha_rastogi

Why do I see the default log files, but not the monitored log files being forwarded to indexers?

I am forwarding the data from forwarder to indexer. I am able to see the default log files that forwarder forwards to...
by isha_rastogi Path Finder in Getting Data In 02-23-2016
0 1
0
1
daniel_augustyn

Filter out logs using props.conf and transfors.conf

I am pulling logs from the firewalls via scripts on a heavy forwarder (via scrips from the app for Checkpoint). How t...
by daniel_augustyn Contributor in Getting Data In 02-22-2016
0 7
0
7
TonyLeeVT

Blacklist/ignore files by size

When monitoring a directory for files (using inputs.conf) is it possible to blacklist or ignore files over a certain ...
by TonyLeeVT Builder in Getting Data In 02-22-2016
0 3
0
3
JensT

Is it possible to transport data from a Windows event log view?

Hi, In our environment, many applications are logging into the Windows Application Event log. We would like to trans...
by JensT Communicator in Getting Data In 02-22-2016
0 4
0
4
agarrison

How to configure wmi.conf to query Windows CPU Temperature?

I could not find any references to anyone trying to query temperature using WMI
by agarrison Path Finder in Getting Data In 02-22-2016
0 2
0
2
daniel333

Props.conf for JSON File

All, Having some trouble with a JSON file field extractions. It’s funny the only extraction I am getting is “PATH” ...
by daniel333 Builder in Getting Data In 02-22-2016
0 2
0
2
sideview

dealing with sporadic linebreaks in my data when it comes in by tcp input

When I'm sending in data over TCP, once in a blue moon Splunk will split one of the events into two parts, so I get ...
by SplunkTrust SplunkTrust in Getting Data In 02-22-2016
0 11
0
11
johnraftery

Search results for a sourcetype are null for a certain user. Where should I check the permissions?

We are using two different user accounts: the defult admin account, and one we have created called "consultant", whic...
by johnraftery Communicator in Getting Data In 02-22-2016
0 8
0
8
vrmandadi

how to break the JSON data?

Hello Experts, Attached is the sample JSON file which I am trying to upload to Splunk.I have uploaded it by Splunk ...
by vrmandadi Builder in Getting Data In 02-21-2016
1 2
1
2
TonyLeeVT

Split already indexed data into new events?

Does anyone know of a way to create new events from already indexed data? Here is my issue: 1) I am monitoring a d...
by TonyLeeVT Builder in Getting Data In 02-21-2016
0 7
0
7
ramabu

Is it possible to use a configuration stanza in webhook URL? e.g. https://`stanza[service_url]`?disposition=1&auth=`stanza[auth_token]`

I am sure this is not an existing syntax  and yet - is it possible to encode such URL-s? ====================== F...
by ramabu Path Finder in Getting Data In 02-21-2016
0 1
0
1
rbal_splunk

Filter Windows Event Data to different Targets?

Question : I would like to ingest windows event data using Splunk Heavy Forwarder and need to filter Windows event l...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 02-20-2016
0 1
0
1
splunkok

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything?

I'm trying to index all the files marked with a [Y] in the directory structure below. [Y] - /tmp/test.log [Y] - /tmp...
by splunkok New Member in Getting Data In 02-20-2016
0 9
0
9
Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...
Top Solution Authors
View All