Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
kamal_jagga

Unable to run curl command in Production which has vip enabled

Hi, I am trying to run a saved search using curl command. This works fine in lower environment but does not work in ...
by kamal_jagga Contributor in Getting Data In 02-04-2016
0 6
0
6
sheltomt

How do I forward the same data to two different servers?

We're prepping for a migration, so what I want is the exact same data going to OldServer and NewServer Here's what I...
by sheltomt Path Finder in Getting Data In 02-04-2016
0 4
0
4
kovacez

windows logs

Hello everybody, I am really newbie @splunk. please bare with me I downloaded windows app. I am trying to configure ...
by kovacez Engager in Getting Data In 02-04-2016
0 2
0
2
HeinzWaescher

Why can deleted events reappear?

Hi, we're experiencing that deleted events reappear and are searchable again. It seems to happen randomly from time ...
by HeinzWaescher Motivator in Getting Data In 02-04-2016
0 6
0
6
att35

Why are no events being indexed for files being monitored on a universal forwarder?

Hi, I am trying to enable file monitoring using a Splunk universal forwarder, but not able to see any events generat...
by att35 Builder in Getting Data In 02-04-2016
0 4
0
4
Jblind

Is it necessary to install the universal forwarder on a Splunk indexer to index its own Windows log files?

Is it necessary to install the universal forwarder on a Splunk indexer so that it can index its own information?
by Jblind New Member in Getting Data In 02-04-2016
0 7
0
7
diva_thilak

How to search the average duration of REST API calls taken by each host and average elapsed CPU time?

2015-08-13 22:23:10,530 UNKNOWN_USER [WebContainer : 9] INFO - End : Duration= 000322 CPU...
by diva_thilak Engager in Getting Data In 02-04-2016
0 4
0
4
nawneel

How do I route events into different indexes based on event type?

I have an indexing scenario and below are the points to be considered. Imagine I have log file with DEBUG, INFO, and ...
by nawneel Communicator in Getting Data In 02-03-2016
1 3
1
3
proylea

Why is a deleted sourcetype still getting indexed?

I have removed a sourcetype from my inputs.conf [monitor:///data01/.../current/logs/*.log] disabled = 0 sourcetype =...
by proylea Contributor in Getting Data In 02-03-2016
0 4
0
4
jpelletier_splu

If I have two time fields in an event, how do I configure Splunk to use the 2nd one as the timestamp?

My log file looks like below. I need Splunk to ID the time_of_stop time -- instead of the the time included with the...
by jpelletier_splu Splunk Employee Splunk Employee in Getting Data In 02-03-2016
0 3
0
3
cesardavila

CSV File Issues

Hello, I am having issues with csv files imported from an S3 bucket. The files get imported and indexed fine however ...
by cesardavila New Member in Getting Data In 02-03-2016
0 3
0
3
vanderaj1

After changing data retention from 2 years to 1 year, why did this not free up disk space on my indexer?

Recently, I noticed that the disk on one of my Indexers was nearly full. Currently, all event data is going into the...
by vanderaj1 Path Finder in Getting Data In 02-03-2016
1 11
1
11
gauravmishra15

Why am I unable to index a file if the size is too small? Is there a minimum file size setting?

Hi Friends, I am facing an issue where SPLUNK does not index a file if the size is too low. The file sits in a UNC l...
by gauravmishra15 Path Finder in Getting Data In 02-03-2016
1 1
1
1
rob_lamb

How do I configure custom sourcetypes on Universal Forwarders and Indexers?

I have two Linux VMs set up, one with a Universal Forwarder and one with an Indexer. I have a script that generates ...
by rob_lamb Explorer in Getting Data In 02-03-2016
0 2
0
2
pramit46

How does the number of forwarder connections to an indexer impact search and indexing performance?

I want to know how does the number of connections to an indexer impact the search and indexing performance (e.g.: how...
by pramit46 Contributor in Getting Data In 02-03-2016
0 1
0
1
klemaned

Is there going to be an app to pull data from Microsoft's recently released Office 365 Management Activity API?

Microsoft recently released their Management Activity API. It’s supposed to be similar to the Box API where you can r...
by klemaned Explorer in Getting Data In 02-03-2016
0 2
0
2
mataharry

I want to create a sourcetype in the sourcetype manager, but why does it say "sourcetype already exists"?

I want to create the sourcetype AAA, that is not listed on the sourcetype manager. But when I go to settings > sourc...
by mataharry Communicator in Getting Data In 02-02-2016
1 1
1
1
a212830

How to troubleshoot why some monitored files in Windows directories not getting indexed?

Hi, I have a number of directories with files that have numerous files that need to be monitored. Splunk is not pic...
by a212830 Champion in Getting Data In 02-02-2016
0 1
0
1
hagjos43

Best practices when migrating a Windows search head to new physical hardware in an indexer clustering environment?

I suppose this is a multi-question post. We have a clustered environment and are replacing the hardware our search h...
by hagjos43 Contributor in Getting Data In 02-02-2016
0 2
0
2
vrmandadi

How do I configure Splunk to break events properly based on my sample data?

I have the below sample data and I want to break the events at the request message qualifier field Request Message Q...
by vrmandadi Builder in Getting Data In 02-02-2016
0 6
0
6
BlueSocket

Is it best practice to use a Deployment Server to deploy configurations to non-clustered search peers (indexers)?

Dear All, I have a Search Head and Two non-clustered indexers (search peers) and I am architecting the system to inc...
by BlueSocket Contributor in Getting Data In 02-02-2016
0 3
0
3
AllanMarcus

How can I download or print the Install Guide for the Box App for Splunk?

I don't see a way to download or print the guide. There is no print button. Can't print from the browser either. Ther...
by AllanMarcus Explorer in Getting Data In 02-02-2016
0 2
0
2
saulverde

After updating our universal forwarders from Splunk 6.1.2 to 6.2.8, why is the Account_Name field not populated for Windows Security logs?

After updating our universal forwarders from 6.1.2 to 6.2.8 Windows Security logs are coming in without the Account_N...
by saulverde Path Finder in Getting Data In 02-02-2016
0 2
0
2
aenache

How do I extract event timestamp from json log file at index time?

I'm trying to extract timestamps for log events that I am forwarding to Splunk as json log files, and instead of gett...
by aenache Engager in Getting Data In 02-02-2016
0 2
0
2
joao_amorim

Is it possible to run an inputlookup command to a kvstore/CSV that has permissions only for that app?

Is it possible to run an inputlookup command to a kvstore that has permissions only for that app, outside that same a...
by joao_amorim Communicator in Getting Data In 02-02-2016
0 2
0
2
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All