Getting Data In

Community Activity

Is it possible to migrate data collected on a Linux Splunk installation to Windows? Just curious if it is possible to take data collected on a Linux install and migrate it to a new Windows install. by levitta78 New Member in Getting Data In 11-03-2015 0 1	0	1
Splunk universal forwarder v6.2.6.274160, how can I verify which version of SSL it's using? We continue to get the freak vulnerability security item show up on our scans and the ssl version of splunk was ident... by panzerkw New Member in Getting Data In 11-03-2015 0 2	0	2
No Data reports- any way to not send email? Looking for a way to prevent Splunk from sending an email with a blank report. In our case certain reports run every... by zindain24 Path Finder in Getting Data In 11-03-2015 0 2	0	2
REST API Modular Input - Polling Interval is not working Hello Everyone, I try to use the REST Api Input in my splunk account but i have an issue. The "Polling Interval" va... by jeromemarcotty Engager in Getting Data In 11-02-2015 0 4	0	4
How to troubleshoot why a universal forwarder lost data when forwarding to an indexer? I deploy a universal forwarder on SUSE Linux server, and monitor a log file. This forwarder forwards data to an index... by ccie24806 New Member in Getting Data In 11-02-2015 0 5	0	5
After upgrading Splunk from 4.3.3 to 6.2.0, why did a single Universal Forwarder suddenly stop translating local SIDs to Account Names in Windows security logs? I have a single UniversalForwarder which has stopped translating local SIDs to account names in the Windows Security ... by JeremyHagan Communicator in Getting Data In 11-02-2015 0 1	0	1
How to mask SSN at index-time using SEDCMD in props.conf? I'm trying to mask SSN using the SEDCMD command, but it isn't working. My search: sourcetype = my_source_type *S... by locose Path Finder in Getting Data In 11-02-2015 0 7	0	7
Why are the timestamps different when indexing CSV files locally versus being sent via universal forwarder? I'm having an issues with timestamps on CSV files. Here is what a sample of raw data looks like: DATE,HOUR,WORK... by ragedsparrow Contributor in Getting Data In 11-02-2015 0 3	0	3
Is KV Store better than a state CSV file when I need high availability in a Search Head Cluster? http://blogs.splunk.com/2011/01/11/maintaining-state-of-the-union/ http://dev.splunk.com/view/SP-CAAAEY7 Is KV store... by hylam Contributor in Getting Data In 11-02-2015 2 1	2	1
Splunk For IIS? Is there a Splunk for IIS that can be used on version 4.x? Thanks. by khskinsfan Engager in Getting Data In 11-02-2015 2 8	2	8
Why are timestamps parsed correctly for only one of two inputs? Do TIME_FORMAT & TIME_PREFIX work on a Universal Forwarder? I stumbled across an interesting issue and need some advice / hints here. I have two sourcetypes where I need some t... by flle Path Finder in Getting Data In 11-02-2015 0 4	0	4
Why does INDEXED_EXTRACTIONS=JSON not extract all fields from our JSON data? Hello, We are trying to index long JSON files. Each JSON file is one event. As performance is more important to us t... by moneybox Explorer in Getting Data In 11-02-2015 0 2	0	2
How to index Mcafee HIPS logs? Hello Mcafee HIPS logs are written on all laptops and basically contain firewall like data. The issue is HIPS logs a... by theouhuios Motivator in Getting Data In 11-02-2015 0 1	0	1
Why is Splunk unable to index a converted text file? Hi , I have saved the outlook file as a text fie and placed that file into a Splunk monitoring folder. Splunk is jus... by Abilan1 Path Finder in Getting Data In 11-02-2015 0 3	0	3
How do I manually activate the SplunkForwarder service for a universal forwarder on Windows 7 (32bit)? I have an issue with my forwarder in Windows 7 (32bit). After I installed a Universal forwarder by .msi, indexer did... by hkizuka Explorer in Getting Data In 11-01-2015 0 2	0	2
indexing multiple timezone data We currently have 4 servers that send data to the Splunk indexer. Each server is located in different time zone, Our... by tmuthuk Path Finder in Getting Data In 11-01-2015 0 9	0	9
McAfee Host Intrusion Prevention event logs From what I've been able to find, McAfee Host Intrusion Prevention does not write to its event.log file in a human re... by APNelson Explorer in Getting Data In 11-01-2015 0 2	0	2
can splunkd.log be forwarded from Heavy Forwarder to Indexer? I have a Heavy Forwarder (HF) and an Indexer. I would like to forward splunkd.log from the Heavy Forwarder to Indexe... by fernandoandre Communicator in Getting Data In 10-30-2015 1 4	1	4
Real Time Search On Dashboard Time Zone I have a dashboard that has 2 real time search counts and all the other panels are based on scheduled searches. The r... by edenael20 New Member in Getting Data In 10-30-2015 0 2	0	2
Batching gzipped files residing in 4 directories into Splunk, is there a way to run parallel batches on a Splunk 6.2.6 Linux universal forwarder? I am batching gzipped files into Splunk. The files reside in 4 directories. Splunk, per splunkd.log, appears to be re... by lisaac Path Finder in Getting Data In 10-30-2015 0 2	0	2
How can I define new sourcetypes for one single TCP input ? Hello, I'm trying to implement Splunk on a really big project. My team and I already used a LogLogic solution and wa... by jimnol New Member in Getting Data In 10-30-2015 0 3	0	3
After a restart, is there a way to configure which monitor stanzas Splunk should start processing first to prioritize what gets indexed? HI, I have a few large directories that take a long time for Splunk to start indexing after a restart. Is there an ... by chrisboy68 Contributor in Getting Data In 10-30-2015 0 1	0	1
How to strip the FQDN from an inputs.conf monitor path using host_segment? I have files on multiple servers that I need to log that are housed in a directory where the path includes the system... by jking81 Explorer in Getting Data In 10-30-2015 0 1	0	1
How to exclude one or more cluster peers from the index replication target list? As the Cluster Deployments are reaching maturity, we are planning to add a new Cluster Peer/Indexer to the existing C... by rbal_splunk Splunk Employee in Getting Data In 10-30-2015 1 2	1	2
Is it possible for the cluster master to have a different OS than the indexer cluster peers? What are the potential drawbacks? My Splunk environment has two indexers running on VMs with Linux OS, and I want to create an indexer cluster. My thir... by Julieda Explorer in Getting Data In 10-29-2015 0 1	0	1

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Getting Data In

Is it possible to migrate data collected on a Linux Splunk installation to Windows?

Splunk universal forwarder v6.2.6.274160, how can I verify which version of SSL it's using?

No Data reports- any way to not send email?

REST API Modular Input - Polling Interval is not working

How to troubleshoot why a universal forwarder lost data when forwarding to an indexer?

After upgrading Splunk from 4.3.3 to 6.2.0, why did a single Universal Forwarder suddenly stop translating local SIDs to Account Names in Windows security logs?

How to mask SSN at index-time using SEDCMD in props.conf?

Why are the timestamps different when indexing CSV files locally versus being sent via universal forwarder?

Is KV Store better than a state CSV file when I need high availability in a Search Head Cluster?

Splunk For IIS?

Why are timestamps parsed correctly for only one of two inputs? Do TIME_FORMAT & TIME_PREFIX work on a Universal Forwarder?

Why does INDEXED_EXTRACTIONS=JSON not extract all fields from our JSON data?

How to index Mcafee HIPS logs?

Why is Splunk unable to index a converted text file?

How do I manually activate the SplunkForwarder service for a universal forwarder on Windows 7 (32bit)?

indexing multiple timezone data

McAfee Host Intrusion Prevention event logs

can splunkd.log be forwarded from Heavy Forwarder to Indexer?

Real Time Search On Dashboard Time Zone

Batching gzipped files residing in 4 directories into Splunk, is there a way to run parallel batches on a Splunk 6.2.6 Linux universal forwarder?

How can I define new sourcetypes for one single TCP input ?

After a restart, is there a way to configure which monitor stanzas Splunk should start processing first to prioritize what gets indexed?

How to strip the FQDN from an inputs.conf monitor path using host_segment?

How to exclude one or more cluster peers from the index replication target list?

Is it possible for the cluster master to have a different OS than the indexer cluster peers? What are the potential drawbacks?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

CiscoSecurityCloud TA 3.6.7 -eStreamer ingestion f...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

Getting Data In

Join the Conversation