Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
dominick_catald

After upgrading my indexer and search head to Splunk 6.3, why is the search peer reporting a Powershell script exited abnormally

I just updated my Splunk indexer and search head to version 6.3, and now I keep getting this error: Search peer has ...
by dominick_catald Engager in Getting Data In 12-03-2015
3 8
3
8
jeffland

Why do I get a timeout when trying to package my app?

I've created an app and wanted to package it before shipping it to another splunk instance. From the console, I enter...
by SplunkTrust SplunkTrust in Getting Data In 12-03-2015
0 1
0
1
sat94541

If two cluster peers in an indexer cluster are getting close to capacity, how do we stop replicating buckets to these cluster peers?

We are using Splunk Indexer Clustering and have four Cluster Peers (old) + two Cluster Peers (new) . We are running c...
by sat94541 Communicator in Getting Data In 12-02-2015
1 1
1
1
lcroce

What is the best practice for importing SQL data in Splunk Cloud?

Hi everyone, Splunk noob here and I'm trying to import song logging data that I want to correlate with data from a S...
by lcroce New Member in Getting Data In 12-02-2015
0 5
0
5
thezero

Not able to create '_introspection' index

Hi Team, I am getting below error message when I am trying to create new index 'introspection'. Error: In handler ...
by thezero Path Finder in Getting Data In 12-02-2015
0 3
0
3
shahar_tal

How to integrate AWS CloudTrail with Splunk Enterprise to index CloudTrail data?

Hi, We have Splunk Enterprise installed in our organization, we are also using AWS CloudTrail. Is there a a way to c...
by shahar_tal New Member in Getting Data In 12-02-2015
0 1
0
1
funnymie

Windows Analytic and Debug Events not showing up in Splunk

Hello, For monitoring Microsoft Hyper-V Manager actions I am trying to import analytic and debug logs into Splunk. A...
by funnymie New Member in Getting Data In 12-02-2015
0 5
0
5
gcusello

I have a dashboard showing a list of triggered alerts, but how can I include information about the host that triggered the alert?

Hi at all, I showed the triggered alerts on a dashboard using a search on the _internal index and source="/opt/splun...
by SplunkTrust SplunkTrust in Getting Data In 12-02-2015
0 6
0
6
efrenette11

one of my field is json, how can I extract corretly{<!-- -->

Maybe an easy one here. Here's the log line that I have. Splun extract by himself unkwnownProperties&#61;{<!-- --> How can I e...
by efrenette11 Path Finder in Getting Data In 12-02-2015
0 4
0
4
Federica_92

How do I edit my single-machine deployments outputs.conf to send out data for only 1 index?

Hi everyone, I'm trying to use splunk as heavy forwarder to send out only 1 index, but it doesn't work. Could someo...
by Federica_92 Communicator in Getting Data In 12-02-2015
0 8
0
8
Adam

Need to customize log4j sourcetype

The logs I'm trying to index are in a log4j style, and entries such as 2010-06-15 09:04:08,204 [[ACTIVE] ExecuteThre...
by Adam Explorer in Getting Data In 12-01-2015
1 3
1
3
dmacgillivray

How to correct timestamp recognition that is currently skewed due to result of class "java.util.logging.Logger" output

Hello Splunkers, We have an event coming in from our logs below with this stamp right at the beginning of our logs. ...
by dmacgillivray Communicator in Getting Data In 12-01-2015
0 7
0
7
rwiltzius

How do I specify which sources should be indexed from data inputs and not the entire directory?

Hello, Please bear with me because I'm new to Splunk and I've only just started using it today. Also note that I a...
by rwiltzius Explorer in Getting Data In 12-01-2015
0 1
0
1
freeborn

bucketmover permission denied archiving

Any thoughts on why I would be getting the following error: 12-17-2014 14:34:28.167 -0700 ERROR BucketMover - aborti...
by freeborn Explorer in Getting Data In 12-01-2015
1 1
1
1
a212830

Why is my deployment server downloading so much after upgrading from Splunk 6.1.1 to 6.1.9??

Hi, I upgraded my deployment server from 6.1.1 to 6.1.9, and it seems now that all of my forwarders are downloading ...
by a212830 Champion in Getting Data In 12-01-2015
0 1
0
1
E_Andreas

How do I correct my forwarder blacklist configuration for FTP-Logs?

Dear Community, In our Webserver we have the following Logs: F:\IIS-Log Sometimes we have F:\IIS-LOG\FTP and F:\IIS-...
by E_Andreas New Member in Getting Data In 12-01-2015
0 2
0
2
daniel333

Can I define the sourcetype in the log itself?

I happen to have some control over our java logs. Rather than use transforms.conf/props.conf to create various source...
by daniel333 Builder in Getting Data In 12-01-2015
0 3
0
3
Rotema

Why is my props.conf and transforms.conf configuration not filtering out IIS logs as expected?

Hi, I have the following IIS log: 2015-11-26 11:19:37 10.10.90.36 GET /webpl3/Handlers/ClientState/ClientState.ashx...
by Rotema Path Finder in Getting Data In 11-30-2015
0 1
0
1
minerjaime

On data ingest, does Splunk recognize maps?

I'm using Splunk to store data tuples that contain maps. For example, such a map is: {"likes": ["strawberry", "van...
by minerjaime Engager in Getting Data In 11-30-2015
0 2
0
2
afaraino

CIDR search on host field

Hello Everyone, I'm facing a strange behavior here : searching host&#61;10.1.2.* returns 511,000&#43; resultssearching host...
by afaraino Explorer in Getting Data In 11-30-2015
0 3
0
3
omuelle1

Time Stamp - Log Delay

Hi Splunk users, I have a problem regarding Splunk showing incorrect timestamps: Splunk pretty much shows me timest...
by omuelle1 Communicator in Getting Data In 11-30-2015
0 2
0
2
sundareshr

How to remove the currency symbol etc. from a field before indexing?

This is what the data looks like in the source file (.csv). Notice the $156.03 09/26/13, 2013 , 09-Sep , Week-39 , T...
by Legend in Getting Data In 11-30-2015
0 1
0
1
mcomfurf

Is there a way to get Splunk DB Connect 1 to parse a binary column into Splunk-friendly ASCII?

I have a DB Connect query for which the results in one column read as ***** BINARY ***** Is there a way to get DBConn...
by mcomfurf Path Finder in Getting Data In 11-29-2015
0 1
0
1
javiergn

Is multitiered load balancing supported in Splunk 6.3.1? (Universal Forwarders &gt; Heavy Forwarders &gt; Clustered Indexers)

Hi, After going through the 6.3.1 documentation, it is still not clear to me whether multitiered load balancing is f...
by javiergn Super Champion in Getting Data In 11-28-2015
0 6
0
6
dart

What's the earliest date I can have in Splunk?

The largest setting I can make for MAX_DAYS_AGO according to the props.conf.spec is 10951 days. Is there anything I ...
by dart Splunk Employee Splunk Employee in Getting Data In 11-28-2015
2 2
2
2
Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...
Top Solution Authors
View All