Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
hagjos43

Properly Extract Time from custom Data Set

Hello, I have the follow data set comprised of custom weblog output: 2015-08-08 12:40:03:163 UserID="37" userGroup="...
by hagjos43 Contributor in Getting Data In 10-01-2015
0 3
0
3
akawacz

How do I delete an index?

Hi I would like to delete an index. This will be my first time, so I do not want to do to much harm. -Is there any...
by akawacz Path Finder in Getting Data In 10-01-2015
0 4
0
4
tsunamii

Splunk archive app: need advice on script to cleanup Hadoop data

We are now using Splunk archiving. I understand that there is no mechanism to delete the Hadoop Splunk data that has ...
by tsunamii Path Finder in Getting Data In 09-30-2015
1 1
1
1
BP9906

SplunkForwarder RPM Installer - Hostname determination

We added SplunkForwarder RPM with a script to install the agent on all our Redhat kickstarts. The problem is that the...
by BP9906 Builder in Getting Data In 09-30-2015
0 2
0
2
olavo123

How to assign a custom sourcetype for a data stream flowing via API calls?

I have data being streamed into Splunk using the Python SDK API call. Works perfectly fine using one of the built in ...
by olavo123 Explorer in Getting Data In 09-30-2015
1 1
1
1
lycollicott

Is there any history of the apps downloaded to my universal forwarders from my deployment server?

Is there any history of the apps downloaded to my universal forwarders from my deployment server?
by lycollicott Motivator in Getting Data In 09-30-2015
0 1
0
1
pavanae

Why is the size of one of our indexes decreasing instead of increasing?

In settings/indexes, one of the indexes was set to 34,000 mb as maximum size. However, I observed that the current si...
by pavanae Builder in Getting Data In 09-30-2015
0 4
0
4
iherre312

Timestamp configuration does not pull the correct timestamp

I am importing cisco logs that have two timestamps with different formats. Unfortunately, configuration set in props...
by iherre312 Explorer in Getting Data In 09-30-2015
0 3
0
3
a212830

Does a universal forwarder ever read props.conf?

Hi, Does a UFW ever read a props.conf file? Is there any reason to put a props.conf on a UFW system?
by a212830 Champion in Getting Data In 09-30-2015
3 4
3
4
gbronner_rbc

Why is my sourcetype not parsing as CSV and am getting two events: one with a header and one with a raw event?

I'm trying to parse a CSV file, but I'm getting two events: one with a header and one with a raw event. It is driving...
by gbronner_rbc Explorer in Getting Data In 09-30-2015
0 6
0
6
crahimi

Are there alternatives to log Isilon SMB activity in Splunk?

We are trying to use splunk to log our Isilon SMB activity. However it does not seem like the TA for CEE server will ...
by crahimi Explorer in Getting Data In 09-30-2015
0 1
0
1
sjohnnehta

Cron schedule stuck on initial user timezone.

Hi there, I made the mistake of configuring some alert under the admin user before I'd set it's timezone. Now the cr...
by sjohnnehta Path Finder in Getting Data In 09-30-2015
0 8
0
8
vgolof

Why is my Splunk universal forwarder monitor hostname key not working?

Splunk Forwarder monitor hostname key is not working. Amazon Linux AMI release 2015.03 3.14.48-33.39.amzn1.x86_64 S...
by vgolof Explorer in Getting Data In 09-30-2015
0 8
0
8
tkwaller

Is there a way to ingest data from Google Webmaster Tools or the Prerender Admin Console

Trying to find ways to get this data in. AS of yet I have not found anything but I was thinking maybe some sort of sc...
by tkwaller Builder in Getting Data In 09-29-2015
0 3
0
3
croose

Why is this props.conf not stripping headers for bro logs?

Am I missing something? My understanding of splunk 6 is that the following configuration should strip all lines begin...
by croose Engager in Getting Data In 09-29-2015
1 5
1
5
bohrasaurabh

Problem with Line breaking between Splunk 6.2.3 vs 6.3.0

We have a development environment (replica of prod) running Splunk 6.2.3 (upgraded from 6.1.5). I am testing monitor...
by bohrasaurabh Communicator in Getting Data In 09-29-2015
0 6
0
6
sissa

Is there a way to reverse the action of "splunk add oneshot" on a specific input file?

Our Splunk forwarder has missed one file (1 hour worth of logs) for some reason, so I used oneshot to load the missin...
by sissa New Member in Getting Data In 09-29-2015
0 2
0
2
rongruspe

How does universal forwarder load balancing work?

Given this in outputs.conf: [tcpout: my_LB_indexers] server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995 It sta...
by rongruspe New Member in Getting Data In 09-28-2015
0 2
0
2
Madhan45

How to move fishbucket data to a warm bucket?

I wish to move all data which are in the fishbucket to warm bucket. Is there any command to do this?
by Madhan45 Path Finder in Getting Data In 09-28-2015
0 2
0
2
kmugglet

Is there anything I should do before using user defined eventtypes in a REST API call? Receiving error "Eventtype...does not exist or is disabled"

Is there anything I should do before using user defined eventtype in a rest api call? my username is svc_user_bob (r...
by kmugglet Communicator in Getting Data In 09-28-2015
0 3
0
3
crash1011

Why is event breaking working on the output of a script (input/file), but not on the script output itself (input/script)?

I have created a script below that will simulate exactly what I'm experiencing. If I redirect the script's output to...
by crash1011 Explorer in Getting Data In 09-28-2015
0 1
0
1
omuelle1

Data not being indexed / inputs.conf

Hi, I have an issue with data not being indexed as expected. I have created a sourcetype and an indexed as I would e...
by omuelle1 Communicator in Getting Data In 09-28-2015
0 7
0
7
cphair

can I mix extracted and current timestamps when ingesting data?

I have a CSV dataset with (only) a year field. I'd like to use the year as a partial timestamp on the events and then...
by cphair Builder in Getting Data In 09-28-2015
0 3
0
3
llazon

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2?

Is there a plan to release a Universal Forwarder for the Raspberry Pi 2? With a different processor, it's my underst...
by llazon New Member in Getting Data In 09-27-2015
0 2
0
2
rsawant

Why is my line break configuration not working for forwarded data, but works fine for local data in Splunk 6.2?

I have a WebLogic *.out log file which has multiple lines (upto 500) in some of the events. When I indexed a sample o...
by rsawant Explorer in Getting Data In 09-26-2015
1 4
1
4
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...
Top Solution Authors
View All