Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
rsawant

Why is my line break configuration not working for forwarded data, but works fine for local data in Splunk 6.2?

I have a WebLogic *.out log file which has multiple lines (upto 500) in some of the events. When I indexed a sample o...
by rsawant Explorer in Getting Data In 09-26-2015
1 4
1
4
daniel333

Direct to an index based on _raw

All, I am looking to route data to an index based on contents of the _raw. Basically I have app that runs every s...
by daniel333 Builder in Getting Data In 09-26-2015
0 1
0
1
catch_mili

MS Exchange Application

Hi All, I have been monitoring MS Exchange server using SCOM. But now looking at Splunk for Exchange, monitoring my ...
by catch_mili Explorer in Getting Data In 09-25-2015
0 3
0
3
emiller42

Changes to forwarder->indexer connectivity in 6.3.0?

Hello! I've upgraded my test environments to Splunk 6.3, and I'm noticing that my forwarders have begun throwing the...
by emiller42 Motivator in Getting Data In 09-25-2015
1 4
1
4
rononeill

Correlate and combine data from two sources, but only when there's a match.

Mighty Splunk people... I'm having a problem getting my data further refined-- I've got source A that shows me a host...
by rononeill Explorer in Getting Data In 09-25-2015
0 5
0
5
MartinMcNutt

When will Search Head Clustering be enabled for Windows?

I was really looking forward to getting rid of search head pooling. Been a thorn in my side since implementing splunk...
by MartinMcNutt Communicator in Getting Data In 09-25-2015
2 15
2
15
akurilin

After creating defining a new sourcetype in Splunk Cloud, why are the specified fields not being extracted for a PostgreSQL CSV log type?

Splunk Cloud user here. I have defined a new sourcetype with the following properties: Name: postgresql_csv Destinat...
by akurilin Explorer in Getting Data In 09-24-2015
0 6
0
6
jasonheb

Filtering Windows Security Events based on blacklist

Hello I am using Splunk UF 6.1.4 on my Windows Domain controllers to monitor windows events. I've put in place a work...
by jasonheb Explorer in Getting Data In 09-24-2015
0 1
0
1
Magnus_001

Can I blacklist a SourceName on a Windows Security Log event using a Universal Forwarder?

Hello, I am using Splunk Enterprise 6.2.3 Universal Forwarder to monitor events from the Security log on a Windows s...
by Magnus_001 Explorer in Getting Data In 09-24-2015
0 2
0
2
santorof

Data Retention and events from imported files

I recently imported a few events from a csv into Splunk. These events were from 2014. Our data retention policy was c...
by santorof Communicator in Getting Data In 09-24-2015
0 4
0
4
kvandegrift

How do you filter events by date range per account_name in a lookup file from date fields in the same lookup file?

I have a lookup table that consists of the follow fields: Account_Name, Name, Start Date, Return Date. I want to sea...
by kvandegrift New Member in Getting Data In 09-24-2015
0 1
0
1
ckillg

Distributed Indexer Hardware

I'm working to purchase additional indexers, but am trying to figure out what would be the best configuration of serv...
by ckillg Path Finder in Getting Data In 09-24-2015
0 4
0
4
markwymer

Set a field to a value when it may or may not exist exist

Hi, We have a specific logon event message that only has the word 'errorcode' if the logon fails - there is nothing t...
by markwymer Path Finder in Getting Data In 09-24-2015
0 7
0
7
Scan001

Import Data from multiple folders

Hi, I wish to import data from a folder structure and cannot find or understand how to do this. I have over a hundre...
by Scan001 Explorer in Getting Data In 09-24-2015
0 15
0
15
jhumkey

How to split differently ordered values into subfields on forwarder input?

I keep seeing hints that I can do what I need, but the examples always stop short, or aren't "quite right" I'm recei...
by jhumkey Path Finder in Getting Data In 09-24-2015
0 3
0
3
Norling80

Deployment App inputs.conf issues

Hi. We have an issue when we are trying to collect syslogdata from a filesystem on a syslog server with help from a ...
by Norling80 Path Finder in Getting Data In 09-24-2015
0 3
0
3
pmr

sourcetype override

I'm having issue overriding sourcetype thro props.conf. my config is on the inputs.conf on a forwarder i'm setting a...
by pmr Explorer in Getting Data In 09-23-2015
0 3
0
3
Cuyose

Instructions for installing windows forwarder for Splunk Cloud?

the documentation does not have windows instructions for configuring the forwarder on a windows machine to communicat...
by Cuyose Builder in Getting Data In 09-23-2015
0 7
0
7
ishaanshekhar

How to forward internal logs from the Master Node to Indexers?

Dear SPLUNK Community, I need to send the internal logs from Master Node to the Indexers so that it can be viewed by...
by ishaanshekhar Communicator in Getting Data In 09-23-2015
0 1
0
1
dmr195

Is it expected that the delete command will occasionally hang?

Last year somebody found a case of delete hanging indefinitely which could be cured by deleting .lock files from the ...
by dmr195 Communicator in Getting Data In 09-23-2015
0 1
0
1
briant97

How do you drop Logs completely with Syslog-NG from particular sources?

With Syslog-NG how do you drop logs completely. I know how to create filters and what not but I don't know how to set...
by briant97 New Member in Getting Data In 09-23-2015
0 5
0
5
aseid

How to covert AD date format (eg. 20140602145733.0Z) into a format that Splunk Enterprise Security can process?

I designed a scheduled search that populates "identities.csv" by querying Active Directory using 'ldapsearch'. Everyt...
by aseid New Member in Getting Data In 09-23-2015
0 9
0
9
srinathd

how to change user password using rest url without using curl command?

how to change user password using rest url without using curl command?
by srinathd Contributor in Getting Data In 09-23-2015
0 2
0
2
jonfrancais

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

We are looking to build a standalone Chrome application (in JavaScript) using Splunk's RESTful API to the management ...
by jonfrancais Explorer in Getting Data In 09-22-2015
1 3
1
3
akanno

How to connect a Search Head to an Indexer via Proxy Server?

Hi all. I want to connect a Search Head to an Indexer via Proxy Server like so: Search Head <===> Proxy Server <===...
by akanno Communicator in Getting Data In 09-22-2015
0 2
0
2
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All