Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
ashokapex

How to get all system logs like CPU, disk, and memory from a Splunk forwarder machine?

Hi, I want to get all system logs, like CPU, Disk, Memory and other system logs, from machine where my Splunk forwar...
by ashokapex Explorer in Getting Data In 02-19-2016
0 3
0
3
anasar

How to extract data from a CSV file with multiple lines, but the timestamp on a different line??

Hi, My log has a timestamp and a CSV rows. Eg. given 2 records. Sun Feb 14 07:01:05 EST 2016 customer_name,cust_...
by anasar New Member in Getting Data In 02-19-2016
0 1
0
1
sameera123

Why am I not able to exclude events from getting indexed with my current props and transforms.conf?

Not able to exclude events from indexing on Splunk Enterprise Free version. Can anyone help me out here? Sample data...
by sameera123 Explorer in Getting Data In 02-19-2016
0 2
0
2
bkumarm

How to route data from forwarders to separate indexes based on the source field when data is coming from single TCP port?

I have log data from multiple sources coming into a single TCP port in JSON format as below: <01>- hostname {"name":...
by bkumarm Contributor in Getting Data In 02-19-2016
0 1
0
1
hypePG

How to create or update KV Store via REST endpoints?

Hello, I want to fill my KVStore with information from a script. The script adds data via a REST Endpoint to the KVS...
by hypePG Path Finder in Getting Data In 02-19-2016
0 3
0
3
sunrise

What is the best architecture for a huge amount of syslog data ?

Hi splunkers, I'm think about the best architecture for a huge amount of syslog data. At first, I used rsyslog in rh...
by sunrise Contributor in Getting Data In 02-18-2016
0 4
0
4
frnkhng

forwarder monitor a log file but only get "splunk-cooked-mode-v3"?

Hi All, I installed a splunk server and 4 splunk forwarder, and add monitor for an always updating file. But I can...
by frnkhng Engager in Getting Data In 02-18-2016
0 5
0
5
kollerj

Need to hard code host reported by Universal Forwarder

Hello, We are currently in the process of moving some of our hosts from Solaris to Windows. These hosts are part of...
by kollerj Explorer in Getting Data In 02-18-2016
0 11
0
11
erga00

Can you have a wildcard in a props.conf stanza header when matching sourcetypes?

I have some settings that I want to apply to several sourcetypes with similar names. Can I do something like this in ...
by erga00 Path Finder in Getting Data In 02-18-2016
2 6
2
6
nickcromwell87

How to set and configure the sourcetype to format events written to Splunk's HTTP event collector?

I'm having issues when writing events to Splunk's HTTP event collector. We have a good amount of existing queries tha...
by nickcromwell87 Explorer in Getting Data In 02-18-2016
0 8
0
8
rjthibod

How to properly use summary indexing for sensor data in a large-scale deployment?

This is more of a question about the "right" way of doing things versus what is possible. I want to know if there is...
by rjthibod Champion in Getting Data In 02-18-2016
0 6
0
6
evang_26

How many log sources can be received and forwarded from a universal forwarder?

Hi users, Probably a bit silly question, but because I've never seen that setup in any of Google searches, I have th...
by evang_26 Communicator in Getting Data In 02-18-2016
0 4
0
4
lohitkidu

Why do the results exported to CSV not match total number of events?

Hi , I have a search without any statistic/transformation command like index=abc earliest=-7d. I am getting followin...
by lohitkidu Path Finder in Getting Data In 02-18-2016
0 2
0
2
arber

Retention Issue: Why is data getting rolled to frozen before hitting the frozenTimePeriodInSecs setting?

Hello, we are currently having some issues with an index. Basically we have configured the following in the related i...
by arber Communicator in Getting Data In 02-18-2016
1 5
1
5
gcusello

How to delete logs in a tsidx index?

Hi at all, I installed Splunk App for BlueCoat. I loaded some test data and now I have to delete them before loading...
by SplunkTrust SplunkTrust in Getting Data In 02-18-2016
0 5
0
5
hagjos43

After modifying the timezone in props.conf, why has the _time field not changed?

I've got a variety of customers sending data in to our Splunk indexer. One particular customer has all of their serve...
by hagjos43 Contributor in Getting Data In 02-18-2016
0 7
0
7
PhilipShaunTayl

Why is forwardedindex in outputs.conf not working on my Windows universal forwarder?

I have a universal forwarder running on a Windows Server 2008 R2 server. .../etc/system/local/inputs.conf is monitori...
by PhilipShaunTayl New Member in Getting Data In 02-17-2016
0 1
0
1
ronaldsc

After configuring an automatic lookup in props.conf, why is this now taking precedence over another stanza with the same sourcetype?

Hello all, Hoping someone could help clarify and hopefully help figure out an issue I've run into. I created an aut...
by ronaldsc New Member in Getting Data In 02-17-2016
0 4
0
4
jodros

Is it possible to rsync an indexer's colddb while the indexer is still running the Splunk service?

Is it possible to rsync an indexer's colddb which resides on an NFS export from that network location to another netw...
by jodros Builder in Getting Data In 02-17-2016
0 2
0
2
lycollicott

Why is my Distributed Management Console trying to push a bundle to a newly added search peer which happens to be a standalone indexer?

I have a single Distributed Management Console which I have monitoring separated regional indexers like so.... I h...
by lycollicott Motivator in Getting Data In 02-17-2016
0 1
0
1
theoborrero

What is the equivilant method of Input lookup using Splunk 6.3 SDK Javascript API

Hi , I am creating a new dashboard in html and javascript , I have not downloaded the Splunk 6.3 SDK JavaScript yet...
by theoborrero Explorer in Getting Data In 02-17-2016
0 4
0
4
madrinux

How to configure props.conf to parse XML on NetScan reports?

Hey Friends I'm having a lot of issues importing an XML file to my Splunk Enterprise. Actually, I'm a new user to Sp...
by madrinux Engager in Getting Data In 02-17-2016
0 2
0
2
C_Sparn

Set token in the value of another token?

Hello, I'm looking for a possibility to use one token $token2$ as part of the value of another token. For example yo...
by C_Sparn Communicator in Getting Data In 02-17-2016
2 4
2
4
ukrishnakanth

How to collect the requests and responses exchanged between website and webserver in Splunk Light?

HI team, I am very new to Splunk and I have already installed Splunk Light on my machine. I would like to see the we...
by ukrishnakanth New Member in Getting Data In 02-17-2016
0 1
0
1
anoopambli

After upgrading a Windows forwarder from Splunk 6.x to 6.3.2, why is the description/message getting cut off for Windows event log data?

Seeing this weird problem after upgrading a forwarder on a Windows server from 5.x to 6.3.2 After the upgrade, the W...
by anoopambli Communicator in Getting Data In 02-17-2016
0 1
0
1
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All