Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
BP9906

SplunkForwarder RPM Installer - Hostname determination

We added SplunkForwarder RPM with a script to install the agent on all our Redhat kickstarts. The problem is that the...
by BP9906 Builder in Getting Data In 09-30-2015
0 2
0
2
olavo123

How to assign a custom sourcetype for a data stream flowing via API calls?

I have data being streamed into Splunk using the Python SDK API call. Works perfectly fine using one of the built in ...
by olavo123 Explorer in Getting Data In 09-30-2015
1 1
1
1
lycollicott

Is there any history of the apps downloaded to my universal forwarders from my deployment server?

Is there any history of the apps downloaded to my universal forwarders from my deployment server?
by lycollicott Motivator in Getting Data In 09-30-2015
0 1
0
1
pavanae

Why is the size of one of our indexes decreasing instead of increasing?

In settings/indexes, one of the indexes was set to 34,000 mb as maximum size. However, I observed that the current si...
by pavanae Builder in Getting Data In 09-30-2015
0 4
0
4
iherre312

Timestamp configuration does not pull the correct timestamp

I am importing cisco logs that have two timestamps with different formats. Unfortunately, configuration set in props...
by iherre312 Explorer in Getting Data In 09-30-2015
0 3
0
3
a212830

Does a universal forwarder ever read props.conf?

Hi, Does a UFW ever read a props.conf file? Is there any reason to put a props.conf on a UFW system?
by a212830 Champion in Getting Data In 09-30-2015
3 4
3
4
gbronner_rbc

Why is my sourcetype not parsing as CSV and am getting two events: one with a header and one with a raw event?

I'm trying to parse a CSV file, but I'm getting two events: one with a header and one with a raw event. It is driving...
by gbronner_rbc Explorer in Getting Data In 09-30-2015
0 6
0
6
crahimi

Are there alternatives to log Isilon SMB activity in Splunk?

We are trying to use splunk to log our Isilon SMB activity. However it does not seem like the TA for CEE server will ...
by crahimi Explorer in Getting Data In 09-30-2015
0 1
0
1
sjohnnehta

Cron schedule stuck on initial user timezone.

Hi there, I made the mistake of configuring some alert under the admin user before I'd set it's timezone. Now the cr...
by sjohnnehta Path Finder in Getting Data In 09-30-2015
0 8
0
8
vgolof

Why is my Splunk universal forwarder monitor hostname key not working?

Splunk Forwarder monitor hostname key is not working. Amazon Linux AMI release 2015.03 3.14.48-33.39.amzn1.x86_64 S...
by vgolof Explorer in Getting Data In 09-30-2015
0 8
0
8
tkwaller

Is there a way to ingest data from Google Webmaster Tools or the Prerender Admin Console

Trying to find ways to get this data in. AS of yet I have not found anything but I was thinking maybe some sort of sc...
by tkwaller Builder in Getting Data In 09-29-2015
0 3
0
3
croose

Why is this props.conf not stripping headers for bro logs?

Am I missing something? My understanding of splunk 6 is that the following configuration should strip all lines begin...
by croose Engager in Getting Data In 09-29-2015
1 5
1
5
bohrasaurabh

Problem with Line breaking between Splunk 6.2.3 vs 6.3.0

We have a development environment (replica of prod) running Splunk 6.2.3 (upgraded from 6.1.5). I am testing monitor...
by bohrasaurabh Communicator in Getting Data In 09-29-2015
0 6
0
6
sissa

Is there a way to reverse the action of "splunk add oneshot" on a specific input file?

Our Splunk forwarder has missed one file (1 hour worth of logs) for some reason, so I used oneshot to load the missin...
by sissa New Member in Getting Data In 09-29-2015
0 2
0
2
rongruspe

How does universal forwarder load balancing work?

Given this in outputs.conf: [tcpout: my_LB_indexers] server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995 It sta...
by rongruspe New Member in Getting Data In 09-28-2015
0 2
0
2
Madhan45

How to move fishbucket data to a warm bucket?

I wish to move all data which are in the fishbucket to warm bucket. Is there any command to do this?
by Madhan45 Path Finder in Getting Data In 09-28-2015
0 2
0
2
kmugglet

Is there anything I should do before using user defined eventtypes in a REST API call? Receiving error "Eventtype...does not exist or is disabled"

Is there anything I should do before using user defined eventtype in a rest api call? my username is svc_user_bob (r...
by kmugglet Communicator in Getting Data In 09-28-2015
0 3
0
3
crash1011

Why is event breaking working on the output of a script (input/file), but not on the script output itself (input/script)?

I have created a script below that will simulate exactly what I'm experiencing. If I redirect the script's output to...
by crash1011 Explorer in Getting Data In 09-28-2015
0 1
0
1
omuelle1

Data not being indexed / inputs.conf

Hi, I have an issue with data not being indexed as expected. I have created a sourcetype and an indexed as I would e...
by omuelle1 Communicator in Getting Data In 09-28-2015
0 7
0
7
cphair

can I mix extracted and current timestamps when ingesting data?

I have a CSV dataset with (only) a year field. I'd like to use the year as a partial timestamp on the events and then...
by cphair Builder in Getting Data In 09-28-2015
0 3
0
3
llazon

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2?

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2? With a different processor, it's my underst...
by llazon New Member in Getting Data In 09-27-2015
0 2
0
2
rsawant

Why is my line break configuration not working for forwarded data, but works fine for local data in Splunk 6.2?

I have a WebLogic *.out log file which has multiple lines (upto 500) in some of the events. When I indexed a sample o...
by rsawant Explorer in Getting Data In 09-26-2015
1 4
1
4
daniel333

Direct to an index based on _raw

All, I am looking to route data to an index based on contents of the _raw. Basically I have app that runs every s...
by daniel333 Builder in Getting Data In 09-26-2015
0 1
0
1
catch_mili

MS Exchange Application

Hi All, I have been monitoring MS Exchange server using SCOM. But now looking at Splunk for Exchange, monitoring my ...
by catch_mili Explorer in Getting Data In 09-25-2015
0 3
0
3
emiller42

Changes to forwarder->indexer connectivity in 6.3.0?

Hello! I've upgraded my test environments to Splunk 6.3, and I'm noticing that my forwarders have begun throwing the...
by emiller42 Motivator in Getting Data In 09-25-2015
1 4
1
4
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All