Getting Data In

Community Activity

How to migrate a Splunk 4.2.3 Windows installation to Splunk 6.2.7 on Linux? To start, I've already reviewed Google's results for this, and I just need to clarify a few things. We're trying to ... by sheltomt Path Finder in Getting Data In 12-30-2015 0 9	0	9
Is there an existing add-on or other way of indexing Cisco CallManager RTMT Alternate Syslog data? Hey Gang, I have a user that wants us to ingest Cisco CallManager Alternate Syslog data into Splunk. These apparent... by mgranger1 Path Finder in Getting Data In 12-30-2015 0 2	0	2
How do we upgrade all forwarders on Windows and Linux in our environment from Splunk 5.0.4 to 6.x? I am currently using Splunk 5.0.4 and trying to upgrade to Splunk 6.x along with all forwarders. How can I upgrade al... by jkponnuri Explorer in Getting Data In 12-30-2015 0 1	0	1
After installing a universal forwarder on on Active Directory, how do I configure the account, logs to be collected, and the target indexer? Hi, I tried to install the Universal Forwarder on Active Directory, but I did not get a window during installation p... by samehatef Engager in Getting Data In 12-30-2015 0 3	0	3
hunk for Hive getting ORC, compressed in snappy Hi everyone, I'm already able to get with hunk via hive some text files, and orc tables, but the table I'm now tryin... by rpicot Explorer in Getting Data In 12-29-2015 0 3	0	3
How to resolve error Forwarding to indexer group default-autolb-group blocked for 2400 seconds."? Hello! I am getting the following error: Forwarding to indexer group default-autolb-group blocked for 2400 second... by vad34 Path Finder in Getting Data In 12-29-2015 0 1	0	1
How to Timestamp Events I have an index which is not timestamping the events. I looked in the Docs and it said I have to define it in my prop... by skoelpin SplunkTrust in Getting Data In 12-29-2015 0 4	0	4
received event for unconfigured/disabled/deleted index='msad' with source='source::ActiveDirectory' host='host::WP000265' sourcetype='sourcetype::ActiveDirectory' I was getting the message as follows. What should i have to do to get those logs? by pavanae Builder in Getting Data In 12-29-2015 0 1	0	1
How to configure universal forwarders on roaming laptops to maintain Windows event logs to be forwarded once connected to our network? I've installed a few Universal Forwarders on Windows laptops that are not consistently connected to the network. One... by jganger Explorer in Getting Data In 12-29-2015 0 17	0	17
WinEventLog UF 6.2 renderXml Blacklist Hi, I'm struggeling with setting up a blacklist for an WinEventLog inputs.conf with the renderXml = true. This is th... by mjaeger New Member in Getting Data In 12-28-2015 0 3	0	3
simple wildcard monitoring not working I have a really simple wildcard matching for monitoring, but I can't get it to work. Here is the setup: /opt/splunkf... by clearslide_cwon New Member in Getting Data In 12-28-2015 0 2	0	2
Why is AM/PM not properly extracted by %p for for 12 hour timestamps? index=myindex \| eval originaltime=strptime(eventTime, "%b %d, %Y %H:%M:%S %p") Some sample values of eventTime para... by splunk_worker Path Finder in Getting Data In 12-24-2015 0 2	0	2
Are the Log channel (found in Server settings/Server logging) documented I want to see what options I have to log user activity within Splunk. Are the Log Channels or the category found in ... by burnalting Explorer in Getting Data In 12-24-2015 3 5	3	5
Why isn't ancient entry ignored despite `ignoreOlderThan` config in inputs.conf ? Hello. We have a pesky entry from 80+ days ago that keeps appearing in our search results. We added the ignoreOlder... by _dave_b Communicator in Getting Data In 12-24-2015 0 4	0	4
How to make Index time field extraction work for key at end of large json events We are trying to do index time field extraction on the 'job' field from our json log events. We notice that if the "j... by rgsage Path Finder in Getting Data In 12-23-2015 0 2	0	2
How to forward WMI:WinEventLog:Security data from a Windows universal forwarder to a Linux search head? Hello, I am trying to set up WMI on a universal forwarder, however, I am only getting WMI:CPUTime. The WMI:WinEventL... by RecoMark0 Path Finder in Getting Data In 12-23-2015 0 4	0	4
splunk to forward 1 index only Hello everyone : ) I have a splunk instance with an alert manager app that is producing logs that are being indexed... by Federica_92 Communicator in Getting Data In 12-23-2015 0 1	0	1
"This is Cindy, it is my new goatfriend" With things winding down during the last days of 2014, I found myself a bit bored and as I was digging through the so... by dvanzuijlekom Engager in Getting Data In 12-23-2015 5 5	5	5
How to not index certain messages from splunkd on the fwd servers I am trying to minimize the amount of apps I have by putting paths into inputs.conf that may or may not exist on all ... by brent_weaver Builder in Getting Data In 12-23-2015 0 5	0	5
What information do we need from respective server and application owners for installing and configuring Splunk forwarders to collect event logs? I am new to Splunk. What information do we need from Application owners, for installing and configuring a Forwarder? ... by kapuralasharad Engager in Getting Data In 12-23-2015 1 3	1	3
Is the Active Directory group name specified in authentication.conf case sensitive, and what will happen if we have 2 indexes with the same name in indexes.conf? Hi Fellow Splunkers, I have two questions: 1) Is the Active Directory group name specified in authentication.conf c... by hemendralodhi Contributor in Getting Data In 12-22-2015 0 4	0	4
Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows? I'm working in a test lab trying to move/archive files using the following indexes.conf file on our cluster master: ... by hagjos43 Contributor in Getting Data In 12-22-2015 0 10	0	10
How to disable KVStore on a heavy forwarder? I have KVStore taking up drive space on a HF. Documentation warns about this and says KVStore can be disabled in the ... by MikeBertelsen Communicator in Getting Data In 12-22-2015 1 1	1	1
How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search? Hi, I have a csv file that I have not indexed and am using it directly through the inputcsv command. The problem is ... by Laya123 Communicator in Getting Data In 12-22-2015 1 3	1	3
Should I build out a cluster master with the same hardware spec requirements as my heavy forwarder? Should I build out a cluster master with the same hardware requirements as my heavy forwarder? by sbattista09 Contributor in Getting Data In 12-22-2015 0 4	0	4

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

How to migrate a Splunk 4.2.3 Windows installation to Splunk 6.2.7 on Linux?

Is there an existing add-on or other way of indexing Cisco CallManager RTMT Alternate Syslog data?

How do we upgrade all forwarders on Windows and Linux in our environment from Splunk 5.0.4 to 6.x?

After installing a universal forwarder on on Active Directory, how do I configure the account, logs to be collected, and the target indexer?

hunk for Hive getting ORC, compressed in snappy

How to resolve error Forwarding to indexer group default-autolb-group blocked for 2400 seconds."?

How to Timestamp Events

received event for unconfigured/disabled/deleted index='msad' with source='source::ActiveDirectory' host='host::WP000265' sourcetype='sourcetype::ActiveDirectory'

How to configure universal forwarders on roaming laptops to maintain Windows event logs to be forwarded once connected to our network?

WinEventLog UF 6.2 renderXml Blacklist

simple wildcard monitoring not working

Why is AM/PM not properly extracted by %p for for 12 hour timestamps?

Are the Log channel (found in Server settings/Server logging) documented

Why isn't ancient entry ignored despite `ignoreOlderThan` config in inputs.conf ?

How to make Index time field extraction work for key at end of large json events

How to forward WMI:WinEventLog:Security data from a Windows universal forwarder to a Linux search head?

splunk to forward 1 index only

"This is Cindy, it is my new goatfriend"

How to not index certain messages from splunkd on the fwd servers

What information do we need from respective server and application owners for installing and configuring Splunk forwarders to collect event logs?

Is the Active Directory group name specified in authentication.conf case sensitive, and what will happen if we have 2 indexes with the same name in indexes.conf?

Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows?

How to disable KVStore on a heavy forwarder?

How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search?

Should I build out a cluster master with the same hardware spec requirements as my heavy forwarder?

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation