Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
jamesvz84

Enabling export to csv button in web framework

Hello, I am looking to enable an export to csv button in web framework (where you can hover over the bottom of a tab...
by jamesvz84 Communicator in Getting Data In 10-26-2015
1 4
1
4
erickopp

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

Right now I have Splunk set up on a single Windows server, but have found some apps that require a Linux server to ru...
by erickopp Engager in Getting Data In 10-26-2015
0 1
0
1
hylam

How can I parse 2 sets of CSVs in one file?

How could I parse this? section1String field1,field2,field3 value1,value2,value3 value1,value2,value3 value1,value2,...
by hylam Contributor in Getting Data In 10-26-2015
0 7
0
7
fademidun

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

I just installed a forwarder on a host and trying to connect it to the Enterprise server, but got an error when launc...
by fademidun Engager in Getting Data In 10-26-2015
1 1
1
1
rsolutions

Aside from disabling Redhat's Out of Memory (OOM) Manager that is killing splunkd, is there any other way to manage the splunk-optimize process to reduce the memory it uses?

Splunk-optimize is launching on our indexers and eating up a few GB of memory, then Redhat's out-of-memory manager ki...
by rsolutions Path Finder in Getting Data In 10-26-2015
0 10
0
10
zindain24

How can I locate the actual source of events?

I have a sourcetype that has a non-descriptive host and a source defined (both appear to have been overwritten by sta...
by zindain24 Path Finder in Getting Data In 10-26-2015
0 1
0
1
a5003976

Implement Retention Policy

Hi all, our customer want to implement a policy that track logs of the last six months starting from the time in whic...
by a5003976 Explorer in Getting Data In 10-26-2015
0 9
0
9
sunnyparmar

What options are there to find if a forwarder has stopped sending data to our Splunk server?

Hi, Is there any way or any work around or any app through which I can know if Splunk stop receiving data from the f...
by sunnyparmar Communicator in Getting Data In 10-25-2015
1 6
1
6
splunker12er

what happens to the data forwarded to indexer when the index is not present ?

Sample Warning Message: Search peer 10.0.1.1 has the following message: received event for unconfigured/disabled/del...
by splunker12er Motivator in Getting Data In 10-24-2015
0 2
0
2
thecoffeeguy14

Getting two time stamps in a syslog entry - how to correct

Hey all. Trying to figure out how to clear up my issue. I'm getting two separate time stamps on a syslog entry comin...
by thecoffeeguy14 New Member in Getting Data In 10-24-2015
0 4
0
4
hylam

Extracting sourcetype from source /tmp/csv/file1

The sourcetype should be csv or tsv or psv, depending on the full path in the source field. For hosts we have host_re...
by hylam Contributor in Getting Data In 10-24-2015
0 1
0
1
khhenderson

Trouble indexing Amanda (backup) JSON files into Splunk

I have added the following to my props.conf file. AMANDA JSON FILES [amanda] INDEXED_EXTRACTIONS = json KV_MODE = j...
by khhenderson Path Finder in Getting Data In 10-24-2015
0 3
0
3
nathanpyun

blacklist an event id 4670 with task category: Authorization Policy Change

Hi, I am trying to blacklist an event id 4670 with task category: Authorization Policy Change I've tried: blacklist...
by nathanpyun Explorer in Getting Data In 10-23-2015
0 2
0
2
snehal8

Where does forwarded data exist if the index mentioned in my inputs.conf monitor stanza was not created?

Hello Everyone, I have created an inputs.conf file for deploying an app in host machine to forward data. [monitor:...
by snehal8 Path Finder in Getting Data In 10-23-2015
0 6
0
6
mmensch

If I have 2 identical inputs.conf monitor stanzas except for the target indexes, will data be received in both indexes or only the first?

Hello, I just had a quick question about the inputs.conf file in the Splunk Universal Forwarders. Let's say, I have...
by mmensch Path Finder in Getting Data In 10-23-2015
0 2
0
2
OldManEd

How does one fix the multiple Forwarders with same GUID issue on Windows boxes?

Everyone, Here is my situation. I set up one Windows box with a Universal Forwarder, V6.3. This one forwarder was ...
by OldManEd Builder in Getting Data In 10-23-2015
0 3
0
3
praspai

running a script for creating a report

hi, We have scheduled scripts. I don't want to create a scheduled script but run the script on demand. i.e. run the ...
by praspai Path Finder in Getting Data In 10-23-2015
0 1
0
1
AllenZhang

Time format in email alert

Search AAA||rename _time as UpTime |fieldformat UpTime=strftime(UpTime, "%D %H:%M:%S") |Table UpTime Info It works w...
by AllenZhang Explorer in Getting Data In 10-23-2015
0 1
0
1
Norling80

How to configure props.conf and transforms.conf to only whitelist events that start with a timestamp and have a LogLevel?

Hi We have a very volatile log source which we today control by sending unwanted events to the nullQueue. This is go...
by Norling80 Path Finder in Getting Data In 10-23-2015
0 1
0
1
sanjeewa_fernan

2 node cluster master reporting single peer to search head when there are 2 indexers

Have 2 node Indexer cluster with a separate cluster master instance and separate SH instance, however when the SH is ...
by sanjeewa_fernan Engager in Getting Data In 10-22-2015
0 3
0
3
adamblock2

How to use transforms.conf to assign a custom index and sourcetype?

I am currently trying, unsuccessfully, to assign a custom sourcetype and index from within a local/transforms.conf fi...
by adamblock2 Path Finder in Getting Data In 10-22-2015
0 3
0
3
asoul

Why am I unable to start Splunk Light on Windows 7?

Just downloaded and installed Splunk-light. (Windows 7 Enterprise SP1) I tried to start it, but I only get a browser ...
by asoul New Member in Getting Data In 10-22-2015
0 5
0
5
akawacz

How to automatically upload CSV files to Splunk monthly?

Hello, I would like to upload automatically CSV files in monthly manner. Data should be normally indexed and go to ...
by akawacz Path Finder in Getting Data In 10-22-2015
0 4
0
4
OldManEd

I can't find EventCodeDescription from Windows logs

I just loaded Splunk 6.2.3 and am forwarding event log events from my laptop running Windows 7. Everything looks OK ...
by OldManEd Builder in Getting Data In 10-22-2015
1 1
1
1
daniel_augustyn

Why do my indexers in my indexer clustering environment have a different number of buckets?

I just deployed Splunk in an indexer cluster deployment, and I've noticed that my indexers have a different number of...
by daniel_augustyn Contributor in Getting Data In 10-21-2015
0 2
0
2
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All