Getting Data In

Community Activity

How to modify roles for an LDAP group with the REST API? Hi guys, Sorry to bother you these days, but it's not so easy work with the REST API without some examples. Now I n... by maurelio79 Communicator in Getting Data In 10-15-2015 0 1	0	1
Sonicwall 4060 logs I'd like to use the SYSLOG feature in the Sonicwall 4060 to send the logs to SPLUNK automatically .. currently I'm du... by kwandtke New Member in Getting Data In 10-15-2015 0 3	0	3
Is there a Splunk Segment setting for sourcetype, similar to host_segment=x in inputs.conf? Splunk 6.3 I am looking at the feature host_segment=x in inputs.conf. And wondering if there is a similar feature fo... by daniel333 Builder in Getting Data In 10-15-2015 0 1	0	1
Timestamp lookahead questions Hi I have the following configuration: timestamp format : %c timestamp prefix: Start\sTime:\s+ lookahead: ??? I wan... by edrivera3 Builder in Getting Data In 10-14-2015 2 4	2	4
Spotting when a file has been finished indexing? I have a monitor input, which rarely has new files, and I'd like set up an alert for it. How can I find something abo... by szabados Communicator in Getting Data In 10-14-2015 0 3	0	3
Is there a limit on json arrays? Hi, I import a json-file with a json-object that contains an array with another 50 json-objects. It looks like, that ... by marcokrueger Path Finder in Getting Data In 10-14-2015 0 1	0	1
How can I debug a TCP feed on a heavy forwarder? Hi, I need to debug a tcp feed from a load-balancer, on a server where I don't have root or sudo. Is there a props c... by a212830 Champion in Getting Data In 10-14-2015 0 7	0	7
Is it better to have Universal Forwarders on each server, or collect logs first in one place, and then forward them to the indexers? What would be the better solution: deploying Universal Forwarders to each server in the environment or collecting log... by daniel_augustyn Contributor in Getting Data In 10-14-2015 0 1	0	1
How to create an alert to trigger an email when a forwarder is stopped on a server? We have a report which helps us to trigger an alert when the Indexer is down. Is there a way we can monitor if the fo... by athorat Communicator in Getting Data In 10-14-2015 0 2	0	2
How to filter out a Windows Event Code if the event from a user repeats over a period of time? I want to capture Windows Event Logs EventCode 4673 when it happens once for each user over a period of one hour. If... by hartfoml Motivator in Getting Data In 10-14-2015 0 5	0	5
Sending rsyslog JSON format Hello, I have tried today to integrate Splunk with Rsyslog that Contains JSON. The issue is that rsyslog is sending ... by shaharl Engager in Getting Data In 10-14-2015 0 4	0	4
Time format for identifying processing rate I am trying to get some details from my event text which has the record count and also the processing time. I want to... by msbhatmam New Member in Getting Data In 10-13-2015 0 2	0	2
On a Linux Splunk Server, how do I ingest Windows CIFS audit files I have adtlog.evt files I wish to look at from Splunk. How do I do this without using a Windows Splunk server? (I d... by rruth Engager in Getting Data In 10-13-2015 0 2	0	2
Monitor input not reading files ? I'm facing an issue with a monitor input like this: index=myindex disabled=0 sourcetype=mysourcetype crcSalt=salt Th... by szabados Communicator in Getting Data In 10-13-2015 0 4	0	4
splunk-reskit-powershell 401 I'm using splunk-reskit-powershell to access splunk, but running "Connect-Splunk -Credentials $credentials -ComputerN... by inicholson Engager in Getting Data In 10-13-2015 1 5	1	5
Can I call more than one transform from a props.conf stanza? [tomcat-logs] TRANSFORMS-null = setnullping TRANSFORMS-rename_source = source_clean-YYYY-MM-DD Is that a legitimate ... by lycollicott Motivator in Getting Data In 10-13-2015 0 1	0	1
Getting additional disk space for a fast growing index. What's next? We have a fast growing index which now has filled 94% of the available space. Our system administrators gave us a new... by arkadyz1 Builder in Getting Data In 10-13-2015 0 1	0	1
How to Not apply cluster-bundle Hi, i am installing two new indexers for test, as test indexers they have very small disks. As clustermember they... by Ed_Alias Path Finder in Getting Data In 10-12-2015 0 4	0	4
Drop specific event Hi I have a log that we are indexing, now we want to drop specific events from it by sending it to the nullQueue. ... by Norling80 Path Finder in Getting Data In 10-12-2015 0 2	0	2
Line breaking two different time prefixes Think I may have tried everything in props at this stage, Splunk does not seem to be paying much attention to anythin... by atat23 Path Finder in Getting Data In 10-12-2015 0 3	0	3
Can't index a .csv file?!? Hey, I tried to index a .csv file several times and I can see the file in "Manager » Data inputs » Files & directori... by Jochen_1987 Explorer in Getting Data In 10-11-2015 2 11	2	11
How can I get date from filename and time from inside logs. Hi Splunkers, How can I get date from filename and time from inside the logs. For example: I have a file named L... by dfigurello Communicator in Getting Data In 10-11-2015 2 3	2	3
How to send events to the nullQueue on indexer? The strange thing is that I can send events to the nullQueue on my Local installation of Enterprise Splunk (6.2.2.5).... by dingesbr Explorer in Getting Data In 10-10-2015 0 11	0	11
Blacklisting Account_Name=ftpadmin ?? I am trying to blacklist Windows service account named, ftpadmin from all servers. I tried: [WinEventLog://Security]... by nathanpyun Explorer in Getting Data In 10-09-2015 0 1	0	1
How to execute an external Python script to add fields to events for every event ingested by Splunk? I have a Python script that queries an external system for reputation data based on a hash. What I would like to do ... by IngloriousSplun Communicator in Getting Data In 10-09-2015 0 1	0	1