Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
wtl1

How to configure a forwarder to blacklist specific events for an EventCode that contain a certain process name in the message?

I am trying to set up the custom config for forwarding only specific Splunk logs. I am testing filtering out specific...
by wtl1 Engager in Getting Data In 11-17-2015
1 1
1
1
dablackgoku1234

Why is inline conversion of XML string using XMLKV not working?

I have the following search which extracts the inner XML pieces. I'm trying to re-parse the resulting strings into X...
by dablackgoku1234 New Member in Getting Data In 11-17-2015
0 2
0
2
a212830

Can a Splunk 6.3 heavy forwarder send data to a 6.1 indexer, and can I use index parallelization on the HF to forward this data?

Hi, I have a multi-part question. First, can a 6.3 Heavy Forwarder sent to a 6.1 indexer? And second, can I use th...
by a212830 Champion in Getting Data In 11-17-2015
0 4
0
4
LewisWheeler

OS Compatibility: Can a Splunk universal forwarder be installed on a machine running SCO UNIXWARE 7.1.4?

I've been asked to install a Splunk Universal Forwarder on an machine running: SCO UNIXWARE 7.1.4 I can't find any d...
by LewisWheeler Communicator in Getting Data In 11-16-2015
0 1
0
1
chriselst

After stopping the forwarder on an AIX server, why are we not retrieving events from files after starting it up again?

I had a forwarder on an AIX server sending a number of log files to my Splunk Indexer and all was working well. Then...
by chriselst Engager in Getting Data In 11-16-2015
0 1
0
1
Sebastian2

How and why did all events but one get deleted from an index?

Hey folks, I'm new to Splunk and I am currently reading the "Big Data Analytics Using Splunk" Book published by apre...
by Sebastian2 Path Finder in Getting Data In 11-16-2015
0 1
0
1
dkeck

Is it best practice to collect data from network drives using a heavy forwarder? I'm seeing performance issues.

Hello and good morning, I have a heavy forwarder that takes inputs from several network drives and it's working fine...
by dkeck Influencer in Getting Data In 11-15-2015
1 3
1
3
locose

Is there a way to use sedcmd in props.conf to mask firstName, lastName, and birthDate values in my data?

I'm trying to mask birthDate and firstname. For example my Splunk results yields something like.... <firstName>james...
by locose Path Finder in Getting Data In 11-15-2015
0 3
0
3
baloo

Why are events coming in over source:tcp-ssl not assigned a hostname?

Dear Splunkers Recently we reconfigured our remote syslog clients to deliver their logs over source:tcp-ssl instead ...
by baloo Engager in Getting Data In 11-14-2015
1 1
1
1
SecureIA

Is it possible for Windows event logs to be flagged up on the Active Directory and passed to a Splunk server via universal forwarder?

I have been assigned with the task of implementing Splunk on my company network. I have Syslog communication with my ...
by SecureIA Path Finder in Getting Data In 11-14-2015
0 1
0
1
_dave_b

epoch _time conversion

Hello, I'm trying to retrieve a readable time value from a time stamp, so I ran this command: eval "Time of most re...
by _dave_b Communicator in Getting Data In 11-13-2015
0 2
0
2
wsw70

Most recent set of events

Hello, Some time ago I was looking for a way to search for events grouped around a date but I think it was an overki...
by wsw70 Communicator in Getting Data In 11-13-2015
3 5
3
5
manuram

Can I configure a universal forwarder to send syslog messages to a syslog server?

Could some one help me out here.. Can I configure a Universal forwarder to send the syslog messages to a (non splunk...
by manuram New Member in Getting Data In 11-13-2015
0 2
0
2
Moon629

How to define a field delimiter "|#|" that contains multiple symbols?

Hi sir/madam, We have some files that fields are separated by |#|. How can we define the field delimiter? We have tr...
by Moon629 Explorer in Getting Data In 11-13-2015
0 1
0
1
bibhutig

How to extract the date from CSV to use as the _time field?

Date Time Sail Date Ship_Code Duration Activity_Code Book_Type Cabin # Channel Id Location Code 20151023 000001 1511...
by bibhutig Engager in Getting Data In 11-13-2015
0 1
0
1
jaredlaney

Why do soft deleted sources return after indexer restart?

Why do soft deleted sources return after indexer restart? This has happened to us every time. We are performing a h...
by jaredlaney Contributor in Getting Data In 11-13-2015
2 13
2
13
dineshgovindan

How do I add a form to my dashboard that has a combination of a text and drop-down input for filtering?

I want to add an input form to take an input from text as well as drop-down. thanks in advance.
by dineshgovindan New Member in Getting Data In 11-12-2015
0 2
0
2
starks951

Why are our Splunk Forwarders each logging "ERROR DiskMon - None such on disk: /opt/splunkforwarder/var/run/splunk/dispatch" 144 times a day?

We are seeing these errors in the forwarders splunkd.log from every Splunk forwarder we have 144 times per 24hr perio...
by starks951 Explorer in Getting Data In 11-12-2015
0 2
0
2
rubeniturrieta

How to connect with and retrieve logs from Azure Active Directory?

Hi to everyone I need to get logs from Azure AD (Active Directory for Microsoft Azure). Do you know how to do this? ...
by rubeniturrieta Communicator in Getting Data In 11-12-2015
0 5
0
5
jaredlaney

Is there a way to find out how much data each indexer has for an index?

We have some TA's that we're suspicious are loading data disproportionately and we'd like to know if the indexers hav...
by jaredlaney Contributor in Getting Data In 11-12-2015
0 1
0
1
janedoe887

Why are my universal forwarder data inputs to index CSV files not working? (no indexed data, no sign of change in configuration)

Hello fellow splunk users! I am encountering a problem with indexing .csv files. A bit of background story: I am t...
by janedoe887 Explorer in Getting Data In 11-12-2015
0 4
0
4
lguinn2

What should be the maximum disk capacity per indexer?

How much stored data can a Splunk indexer comfortably manage? I know that the answer depends on the indexer hardware ...
by Legend in Getting Data In 11-11-2015
2 2
2
2
fletch13

Fireeye json truncating lines

It appears that Splunk is truncating Fireeye (7.4) ext json messages. There are 90 lines in the message it only extra...
by fletch13 Explorer in Getting Data In 11-11-2015
0 12
0
12
jamesar

Splunk forwarder file monitor is not detecting new files and getting error "Bug during applyPendingMetadata, header processor does not own the indexed extractions confs"?

Hi Splunkers, I am monitoring a folder (/opt/pvlogs/QUT-GP-P10) with a collection of CSV text files, as follows: .....
by jamesar Explorer in Getting Data In 11-10-2015
1 1
1
1
akanno

How can I index an event older than 10951 days if that is the max value of MAX_DAYS_AGO?

Hi all. Say I want to index an event from "10/1/1970", but the max value of 「MAX_DAYS_AGO is 10951. So, I cannot ind...
by akanno Communicator in Getting Data In 11-10-2015
0 2
0
2
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All