Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
a212830

On what Splunk instance should my FIELDALIAS configurations go?

Hi, I am processing Bluecoat logs on a heavy forwarder. I'm trying to set up some fields using FIELDALIAS, but they...
by a212830 Champion in Getting Data In 10-01-2015
0 5
0
5
hagjos43

Properly Extract Time from custom Data Set

Hello, I have the follow data set comprised of custom weblog output: 2015-08-08 12:40:03:163 UserID="37" userGroup="...
by hagjos43 Contributor in Getting Data In 10-01-2015
0 3
0
3
akawacz

How do I delete an index?

Hi I would like to delete an index. This will be my first time, so I do not want to do to much harm. -Is there any...
by akawacz Path Finder in Getting Data In 10-01-2015
0 4
0
4
tsunamii

Splunk archive app: need advice on script to cleanup Hadoop data

We are now using Splunk archiving. I understand that there is no mechanism to delete the Hadoop Splunk data that has ...
by tsunamii Path Finder in Getting Data In 09-30-2015
1 1
1
1
BP9906

SplunkForwarder RPM Installer - Hostname determination

We added SplunkForwarder RPM with a script to install the agent on all our Redhat kickstarts. The problem is that the...
by BP9906 Builder in Getting Data In 09-30-2015
0 2
0
2
olavo123

How to assign a custom sourcetype for a data stream flowing via API calls?

I have data being streamed into Splunk using the Python SDK API call. Works perfectly fine using one of the built in ...
by olavo123 Explorer in Getting Data In 09-30-2015
1 1
1
1
lycollicott

Is there any history of the apps downloaded to my universal forwarders from my deployment server?

Is there any history of the apps downloaded to my universal forwarders from my deployment server?
by lycollicott Motivator in Getting Data In 09-30-2015
0 1
0
1
pavanae

Why is the size of one of our indexes decreasing instead of increasing?

In settings/indexes, one of the indexes was set to 34,000 mb as maximum size. However, I observed that the current si...
by pavanae Builder in Getting Data In 09-30-2015
0 4
0
4
iherre312

Timestamp configuration does not pull the correct timestamp

I am importing cisco logs that have two timestamps with different formats. Unfortunately, configuration set in props...
by iherre312 Explorer in Getting Data In 09-30-2015
0 3
0
3
a212830

Does a universal forwarder ever read props.conf?

Hi, Does a UFW ever read a props.conf file? Is there any reason to put a props.conf on a UFW system?
by a212830 Champion in Getting Data In 09-30-2015
3 4
3
4
gbronner_rbc

Why is my sourcetype not parsing as CSV and am getting two events: one with a header and one with a raw event?

I'm trying to parse a CSV file, but I'm getting two events: one with a header and one with a raw event. It is driving...
by gbronner_rbc Explorer in Getting Data In 09-30-2015
0 6
0
6
crahimi

Are there alternatives to log Isilon SMB activity in Splunk?

We are trying to use splunk to log our Isilon SMB activity. However it does not seem like the TA for CEE server will ...
by crahimi Explorer in Getting Data In 09-30-2015
0 1
0
1
sjohnnehta

Cron schedule stuck on initial user timezone.

Hi there, I made the mistake of configuring some alert under the admin user before I'd set it's timezone. Now the cr...
by sjohnnehta Path Finder in Getting Data In 09-30-2015
0 8
0
8
vgolof

Why is my Splunk universal forwarder monitor hostname key not working?

Splunk Forwarder monitor hostname key is not working. Amazon Linux AMI release 2015.03 3.14.48-33.39.amzn1.x86_64 S...
by vgolof Explorer in Getting Data In 09-30-2015
0 8
0
8
tkwaller

Is there a way to ingest data from Google Webmaster Tools or the Prerender Admin Console

Trying to find ways to get this data in. AS of yet I have not found anything but I was thinking maybe some sort of sc...
by tkwaller Builder in Getting Data In 09-29-2015
0 3
0
3
croose

Why is this props.conf not stripping headers for bro logs?

Am I missing something? My understanding of splunk 6 is that the following configuration should strip all lines begin...
by croose Engager in Getting Data In 09-29-2015
1 5
1
5
bohrasaurabh

Problem with Line breaking between Splunk 6.2.3 vs 6.3.0

We have a development environment (replica of prod) running Splunk 6.2.3 (upgraded from 6.1.5). I am testing monitor...
by bohrasaurabh Communicator in Getting Data In 09-29-2015
0 6
0
6
sissa

Is there a way to reverse the action of "splunk add oneshot" on a specific input file?

Our Splunk forwarder has missed one file (1 hour worth of logs) for some reason, so I used oneshot to load the missin...
by sissa New Member in Getting Data In 09-29-2015
0 2
0
2
rongruspe

How does universal forwarder load balancing work?

Given this in outputs.conf: [tcpout: my_LB_indexers] server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995 It sta...
by rongruspe New Member in Getting Data In 09-28-2015
0 2
0
2
Madhan45

How to move fishbucket data to a warm bucket?

I wish to move all data which are in the fishbucket to warm bucket. Is there any command to do this?
by Madhan45 Path Finder in Getting Data In 09-28-2015
0 2
0
2
kmugglet

Is there anything I should do before using user defined eventtypes in a REST API call? Receiving error "Eventtype...does not exist or is disabled"

Is there anything I should do before using user defined eventtype in a rest api call? my username is svc_user_bob (r...
by kmugglet Communicator in Getting Data In 09-28-2015
0 3
0
3
crash1011

Why is event breaking working on the output of a script (input/file), but not on the script output itself (input/script)?

I have created a script below that will simulate exactly what I'm experiencing. If I redirect the script's output to...
by crash1011 Explorer in Getting Data In 09-28-2015
0 1
0
1
omuelle1

Data not being indexed / inputs.conf

Hi, I have an issue with data not being indexed as expected. I have created a sourcetype and an indexed as I would e...
by omuelle1 Communicator in Getting Data In 09-28-2015
0 7
0
7
cphair

can I mix extracted and current timestamps when ingesting data?

I have a CSV dataset with (only) a year field. I'd like to use the year as a partial timestamp on the events and then...
by cphair Builder in Getting Data In 09-28-2015
0 3
0
3
llazon

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2?

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2? With a different processor, it's my underst...
by llazon New Member in Getting Data In 09-27-2015
0 2
0
2
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All