Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
MasterDuke

Multiple gzip broken pipe errors

I am seeing many errors like the below: {timestamp} INFO ArchiveProcessor - handling file=/path/to/file.gz{timestamp...
by MasterDuke Engager in Getting Data In 10-03-2015
4 7
4
7
lisaac

Why is the splunkd.log reporting lots of "DistributedPeerManager - Unable to distribute to peer named...because peer has status = "Down"."?

I have a very busy search head that complains : DistributedPeerManager - Unable to distribute to peer named slxxxxxx...
by lisaac Path Finder in Getting Data In 10-03-2015
0 2
0
2
davidatpinger

Index selection conditional on values in the data

I've got a bunch of key-value data, something sorta like this: a=1,b=2,c=3,d=4 a=5,b=6,c=7,d=8 a=9,b=2,c=10,d=11 (et...
by davidatpinger Path Finder in Getting Data In 10-02-2015
0 9
0
9
AllenZhang

How to add a column/field based on csv table

I have a search like: sourcetype="AAA"|table _time userid, and I have a table like userid, username, how to make th...
by AllenZhang Explorer in Getting Data In 10-02-2015
0 5
0
5
pattypayscale

Routing to nullQueue - version 6.2

Hello All, I am attempting to filter out specific events from a given input, they're useless and I don't want to wast...
by pattypayscale Explorer in Getting Data In 10-02-2015
2 5
2
5
danje57

How to configure Splunk to recognize logs sent in syslog CEF format?

Hi all, I've configured a Splunk Universal Forwarder to receive logs that are sent by other syslog in CEF format by ...
by danje57 Path Finder in Getting Data In 10-02-2015
1 4
1
4
nvtssplunk

pipe in srchFilter

I would like to apply a dedup to all searches performed by users in a certain role. Is there a way to do this with t...
by nvtssplunk Engager in Getting Data In 10-02-2015
1 3
1
3
snix

How to monitor all windows event logs?

Is there a setting I can put in the inputs.conf file that would automatically grab all windows event logs? This would...
by snix Communicator in Getting Data In 10-02-2015
1 7
1
7
cmlombardo

Why is my props and transforms configuration not renaming a sourcetype as expected?

Hi, I think I have everything in place to change the sourcetype name, but something is not happening. All the other ...
by cmlombardo Path Finder in Getting Data In 10-02-2015
0 4
0
4
cwl

圧縮ファイルをmonitoringしていると重複イベントがインデックスされる

Splunk 6.2.3を使い、複数ディレクトリ内にある複数のgzファイルをmonitoringしていますが、このSplunkインスタンスを再起動すると既にインデックス済みのgzファイルの内容がもう一度インデックスされてしまいます。回...
by cwl Contributor in Getting Data In 10-02-2015
1 4
1
4
Kindred

Prepend all lines forwarded with a timestamp

Hi, We have an application log that doesn't contain timestamps, but we'd actually like to have them within the raw e...
by Kindred Path Finder in Getting Data In 10-01-2015
0 5
0
5
woodcock

For WinEventLog://Security, how to use "renderXml=true" for some EventCodes but "renderXml=false" for others?

I know the "simplest" way is to stand up a second instance of Splunk and have completely different values for renderX...
by Esteemed Legend in Getting Data In 10-01-2015
2 3
2
3
k2skaterii

How to troubleshoot why an indexer is only receiving data from 50% of forwarders in my environment?

I spent hours trying to figure this out Friday, and it's been bugging me all weekend. So, I'm hoping the community c...
by k2skaterii Path Finder in Getting Data In 10-01-2015
0 6
0
6
omuelle1

Why is there a one hour difference between event timestamps and index time of my data?

Hi Splunksters, I am having an issue with the time the data is being indexed and the actual events being exactly one...
by omuelle1 Communicator in Getting Data In 10-01-2015
0 9
0
9
ckillg

How to delete data from syslog-ng after Splunk indexes it, and confirm the data is indexed before deletion?

Is there a way to have Splunk delete the data from a syslog-ng server after it indexes it? Would like to confirm that...
by ckillg Path Finder in Getting Data In 10-01-2015
0 2
0
2
wsw70

using the API to get graphs

Hello I would like to use the API to embed graphs to an external page. Is this at all possible? I looked at the exam...
by wsw70 Communicator in Getting Data In 10-01-2015
1 1
1
1
DazzedNConfused

How do I configure an on-prem intermediate heavy forwarder to connect to an indexer in our own AWS Cloud environment?

I want to build an indexer, search head, and deployment server on our own (not Splunk's ) AWS VPC. The overall ques...
by DazzedNConfused New Member in Getting Data In 10-01-2015
0 1
0
1
pocheung

Possible typo in stanza in props.conf, line 2: AUTO_LINEMERGE = FALSE

I am getting this error with Splunk 5.0.4: Possible typo in stanza [sun_jvm] in /opt/splunk/etc/apps/myapp/default/p...
by pocheung Engager in Getting Data In 10-01-2015
0 2
0
2
aferone

Is Heavy Forwarder to Heavy Forwarder possible?

We have a relatively closed network in which we plan to collect logs from. This network resides on a larger "open" n...
by aferone Builder in Getting Data In 10-01-2015
1 2
1
2
reswob4

Parsing Windows DHCP Trace Logs using HF -> Indexer -> SH

OK, I've been looking at collecting and parsing the Windows DHCP Trace Logs and after reviewing several forum posts a...
by reswob4 Builder in Getting Data In 10-01-2015
0 2
0
2
pkeller

external script in commands.conf to create key/value pair

I've created a script that, when called from the search bar using: |script foo.py | outputtext it outputs a table ...
by pkeller Contributor in Getting Data In 10-01-2015
0 3
0
3
shahara

Sending monitoring information from .NET application

Hi Everyone, I'm looking into finding a solution to monitor business parameters that are managed appreciatively in a...
by shahara New Member in Getting Data In 10-01-2015
0 1
0
1
geoff_hudik

HttpEventCollectorTraceListener doesn't flush

I'm using the HttpEventCollectorTraceListener and originally my code looked like this: using System; using System.Co...
by geoff_hudik Explorer in Getting Data In 10-01-2015
1 8
1
8
nce054

How to configure Props.conf and Transforms.conf for a sourcetype on my heavy forwarder to only send messages containing 'warning' to my indexer?

I am trying to alter how much data I am getting from my universal forwarder. The configuration I have is UF -> HF -> ...
by nce054 Path Finder in Getting Data In 10-01-2015
0 12
0
12
a212830

On what Splunk instance should my FIELDALIAS configurations go?

Hi, I am processing Bluecoat logs on a heavy forwarder. I'm trying to set up some fields using FIELDALIAS, but they...
by a212830 Champion in Getting Data In 10-01-2015
0 5
0
5
Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Top Solution Authors
View All