Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
smusunuri1

Splunk XML data formatting

I trying to split the xml data while pushing into splunk. I had a tough time working on this as this a combination of...
by smusunuri1 New Member in Getting Data In 12-30-2015
0 1
0
1
madrum

IIS log files are not read properly - parts of multiple lines getting put together as one

I have a report that groups webpage request by from an IIS log by SC_STATUS. The results are really bad because splun...
by madrum Explorer in Getting Data In 12-30-2015
0 4
0
4
sheltomt

How to migrate a Splunk 4.2.3 Windows installation to Splunk 6.2.7 on Linux?

To start, I've already reviewed Google's results for this, and I just need to clarify a few things. We're trying to ...
by sheltomt Path Finder in Getting Data In 12-30-2015
0 9
0
9
mgranger1

Is there an existing add-on or other way of indexing Cisco CallManager RTMT Alternate Syslog data?

Hey Gang, I have a user that wants us to ingest Cisco CallManager Alternate Syslog data into Splunk. These apparent...
by mgranger1 Path Finder in Getting Data In 12-30-2015
0 2
0
2
jkponnuri

How do we upgrade all forwarders on Windows and Linux in our environment from Splunk 5.0.4 to 6.x?

I am currently using Splunk 5.0.4 and trying to upgrade to Splunk 6.x along with all forwarders. How can I upgrade al...
by jkponnuri Explorer in Getting Data In 12-30-2015
0 1
0
1
samehatef

After installing a universal forwarder on on Active Directory, how do I configure the account, logs to be collected, and the target indexer?

Hi, I tried to install the Universal Forwarder on Active Directory, but I did not get a window during installation p...
by samehatef Engager in Getting Data In 12-30-2015
0 3
0
3
rpicot

hunk for Hive getting ORC, compressed in snappy

Hi everyone, I'm already able to get with hunk via hive some text files, and orc tables, but the table I'm now tryin...
by rpicot Explorer in Getting Data In 12-29-2015
0 3
0
3
vad34

How to resolve error Forwarding to indexer group default-autolb-group blocked for 2400 seconds."?

Hello! I am getting the following error: Forwarding to indexer group default-autolb-group blocked for 2400 second...
by vad34 Path Finder in Getting Data In 12-29-2015
0 1
0
1
skoelpin

How to Timestamp Events

I have an index which is not timestamping the events. I looked in the Docs and it said I have to define it in my prop...
by SplunkTrust SplunkTrust in Getting Data In 12-29-2015
0 4
0
4
pavanae

received event for unconfigured/disabled/deleted index='msad' with source='source::ActiveDirectory' host='host::WP000265' sourcetype='sourcetype::ActiveDirectory'

I was getting the message as follows. What should i have to do to get those logs?
by pavanae Builder in Getting Data In 12-29-2015
0 1
0
1
jganger

How to configure universal forwarders on roaming laptops to maintain Windows event logs to be forwarded once connected to our network?

I've installed a few Universal Forwarders on Windows laptops that are not consistently connected to the network. One...
by jganger Explorer in Getting Data In 12-29-2015
0 17
0
17
mjaeger

WinEventLog UF 6.2 renderXml Blacklist

Hi, I'm struggeling with setting up a blacklist for an WinEventLog inputs.conf with the renderXml = true. This is th...
by mjaeger New Member in Getting Data In 12-28-2015
0 3
0
3
clearslide_cwon

simple wildcard monitoring not working

I have a really simple wildcard matching for monitoring, but I can't get it to work. Here is the setup: /opt/splunkf...
by clearslide_cwon New Member in Getting Data In 12-28-2015
0 2
0
2
splunk_worker

Why is AM/PM not properly extracted by %p for for 12 hour timestamps?

index=myindex | eval originaltime=strptime(eventTime, "%b %d, %Y %H:%M:%S %p") Some sample values of eventTime para...
by splunk_worker Path Finder in Getting Data In 12-24-2015
0 2
0
2
burnalting

Are the Log channel (found in Server settings/Server logging) documented

I want to see what options I have to log user activity within Splunk. Are the Log Channels or the category found in ...
by burnalting Explorer in Getting Data In 12-24-2015
3 5
3
5
_dave_b

Why isn't ancient entry ignored despite `ignoreOlderThan` config in inputs.conf ?

Hello. We have a pesky entry from 80+ days ago that keeps appearing in our search results. We added the ignoreOlder...
by _dave_b Communicator in Getting Data In 12-24-2015
0 4
0
4
rgsage

How to make Index time field extraction work for key at end of large json events

We are trying to do index time field extraction on the 'job' field from our json log events. We notice that if the "j...
by rgsage Path Finder in Getting Data In 12-23-2015
0 2
0
2
RecoMark0

How to forward WMI:WinEventLog:Security data from a Windows universal forwarder to a Linux search head?

Hello, I am trying to set up WMI on a universal forwarder, however, I am only getting WMI:CPUTime. The WMI:WinEventL...
by RecoMark0 Path Finder in Getting Data In 12-23-2015
0 4
0
4
Federica_92

splunk to forward 1 index only

Hello everyone : ) I have a splunk instance with an alert manager app that is producing logs that are being indexed...
by Federica_92 Communicator in Getting Data In 12-23-2015
0 1
0
1
dvanzuijlekom

"This is Cindy, it is my new goatfriend"

With things winding down during the last days of 2014, I found myself a bit bored and as I was digging through the so...
by dvanzuijlekom Engager in Getting Data In 12-23-2015
5 5
5
5
brent_weaver

How to not index certain messages from splunkd on the fwd servers

I am trying to minimize the amount of apps I have by putting paths into inputs.conf that may or may not exist on all ...
by brent_weaver Builder in Getting Data In 12-23-2015
0 5
0
5
kapuralasharad

What information do we need from respective server and application owners for installing and configuring Splunk forwarders to collect event logs?

I am new to Splunk. What information do we need from Application owners, for installing and configuring a Forwarder? ...
by kapuralasharad Engager in Getting Data In 12-23-2015
1 3
1
3
hemendralodhi

Is the Active Directory group name specified in authentication.conf case sensitive, and what will happen if we have 2 indexes with the same name in indexes.conf?

Hi Fellow Splunkers, I have two questions: 1) Is the Active Directory group name specified in authentication.conf c...
by hemendralodhi Contributor in Getting Data In 12-22-2015
0 4
0
4
hagjos43

Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows?

I'm working in a test lab trying to move/archive files using the following indexes.conf file on our cluster master: ...
by hagjos43 Contributor in Getting Data In 12-22-2015
0 10
0
10
MikeBertelsen

How to disable KVStore on a heavy forwarder?

I have KVStore taking up drive space on a HF. Documentation warns about this and says KVStore can be disabled in the ...
by MikeBertelsen Communicator in Getting Data In 12-22-2015
1 1
1
1
Top Labels
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...