Getting Data In

Discussions

Thread Info

help with regular expression to extract first and last names in csv

Hi. I have a csv file that looks like: 123,"firstname secondname","firstlast secondlast", 124,firstname secondname...

by Builder in

Indexing logs in /var/log

Ok I have been trying to get /var/log/messages and /var/log/cron to be indexed as the "splunk" user for a while and I...

by Builder in

How to monitor data coming in from a serial port (serial to a USB adapter)?

I want to monitor data coming in from a serial port (actually a serial to USB adapter). Has anyone done this? Lon...

by Engager in

Override source field in the indexers

I have configured heavy weight forwarders to get the JMX server data. While forwarding the data to indexers, source f...

by Path Finder in

How do I get my CSV inputlookup search to return a certain field?

I have searched through the knowledge base and have tried a number of things to fix my issue. I have not found my ans...

by New Member in

How might I slice/filter data by dynamically changing host "groupings"?

I have ~10,000 hosts each generating around 100,000 events of ~100 bytes each day. I ingest all of these events, batc...

by Path Finder in

What is the proper syntax for my forwarder inputs.conf stanza to monitor specific files based on a string in the filename?

Hi I am trying to monitor specific files from one directory based on a string in the filename. Example files: ...

by New Member in

XML tag extraction

I have a datasource that reads in events in XML format. Could someone please help me build a props.conf that will ext...

by Path Finder in

Are events from a particular source not getting indexed every night from 8pm to 12am, but events show up 24 hour later?

Events from a particular source do not get indexed every night from 8pm to 12am. However 24 hours later the events sh...

by Explorer in

How to collect Microsoft Web Application Proxy logs from a remote host?

Hi, I want to collect Microsoft Web Application Proxy logs from a remote host. I tried with WMI, but in the Splun...

by New Member in

Is the search I'm giving my transaction too broad? I get results with an additional filter on the initial search, but no results if I remove the filter.

I'm trying to identify all log messages that are part of our application's start up on a host,source pair. I've ident...

by Engager in

How do I set up Splunk Enterprise Linux to ingest Windows logs that are not part of the universal forwarder install?

I am new to Splunk. The main admin left a few months ago and I have taken over with little to no training. A colleagu...

by Path Finder in

How to configure inputs.conf to monitor evtx files from a UNC path?

Hi all, I have a search head running on Windows operation system and I want to monitor evt & evtx (Windows Events-...

by Explorer in

Why am I getting "memPartAlloc: block too big" sending my SIP phone syslog to universal forwarders?

Hi all, This morning, after some verification, I found some errors in my search headwith my SIP phones. I have 150...

by Path Finder in

How to monitor a folder for newest files only? (files with a change date of 2015, and then only monitor changes after that)

I want to monitor a folder that has 24 thousand files. I only want to collect data from the files that have a change ...

by Motivator in

Which server/port/config used for log receive on splunk light like *.cloud.splunk.com?

In menu Data, no menu Receiving. (There was an error retrieving the configuration, can not process this page.)In menu...

by Explorer in

If passing a parameter from main dashboard to next view, how to show this parameter as read only in the label or input type field?

I am passing a parameter from main dashboard to next view. I want to show that parameter to the user in the label or ...

by Explorer in

How to setup "Metadata" characteristics in Splunk DB connect V2, for the query results received from Microsoft SQL Server 2012?

Hello, Finally I have configure my Remote sql server database with splunk using Splunk DB connect V2, but.. in my ...

by Path Finder in

An update was made to the identities.csv and now I'm not seeing the expected result count. What is going on?

If I run: | inputlookup identities.csv xxxx results That shows a different count in the results than | ...

by Splunk Employee in

If I have 70+ devices writing data to UDP port 514, how do I route 5 IP addresses to one index, and the rest to another index?

Hi, I have a very specific problem. I have more than 70 devices writing data to UDP port 514. Now I need to input ...

by Path Finder in

Can someone delineate the advantages/disadvantages of using the universal forwarder vs. the oneshot command?

My team has been thinking about changing to the Splunk CLI oneshot command instead of the Splunk Universal Forwarder ...

by Contributor in

Splunk overwrites outputs.conf and inputs.conf on reboot

Greetings! I'm trying to set up a splunk forwarder to use ssl between it and the indexer. I am only interested in ...

by Explorer in

When will search head clustering be available for windows? (Officially Supported)

Looking for an ETA for when windows gets Search head clustering. Splunk does not currently support search head cl...

by Communicator in

Splunk is adding weird strings like "_linebreaker\x00\x00" to my events, what is going on?

Before forwarding data I checked to see if it was indexing properly and it seemed to have no problems. However, once ...

by Splunk Employee in

Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs?

I discovered this quite by accident while testing with a sample of Tomcat logs. If I index them without customizi...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

help with regular expression to extract first and last names in csv

Indexing logs in /var/log

How to monitor data coming in from a serial port (serial to a USB adapter)?

Override source field in the indexers

How do I get my CSV inputlookup search to return a certain field?

How might I slice/filter data by dynamically changing host "groupings"?

What is the proper syntax for my forwarder inputs.conf stanza to monitor specific files based on a string in the filename?

XML tag extraction

Are events from a particular source not getting indexed every night from 8pm to 12am, but events show up 24 hour later?

How to collect Microsoft Web Application Proxy logs from a remote host?

Is the search I'm giving my transaction too broad? I get results with an additional filter on the initial search, but no results if I remove the filter.

How do I set up Splunk Enterprise Linux to ingest Windows logs that are not part of the universal forwarder install?

How to configure inputs.conf to monitor evtx files from a UNC path?

Why am I getting "memPartAlloc: block too big" sending my SIP phone syslog to universal forwarders?

How to monitor a folder for newest files only? (files with a change date of 2015, and then only monitor changes after that)

Which server/port/config used for log receive on splunk light like *.cloud.splunk.com?

If passing a parameter from main dashboard to next view, how to show this parameter as read only in the label or input type field?

How to setup "Metadata" characteristics in Splunk DB connect V2, for the query results received from Microsoft SQL Server 2012?

An update was made to the identities.csv and now I'm not seeing the expected result count. What is going on?

If I have 70+ devices writing data to UDP port 514, how do I route 5 IP addresses to one index, and the rest to another index?

Can someone delineate the advantages/disadvantages of using the universal forwarder vs. the oneshot command?

Splunk overwrites outputs.conf and inputs.conf on reboot

When will search head clustering be available for windows? (Officially Supported)

Splunk is adding weird strings like "_linebreaker\x00\x00" to my events, what is going on?

Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs?

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions