Getting Data In

Community Activity

TenableSC Modular Input error I have never been able to get the TenableSC Modular Input to work. I get the following error: <error><message>Error... by michael_reeves Engager in Getting Data In 08-05-2015 1 3	1	3
After upgrading to Splunk 6.2.2 from 6.0.1, why do Windows event logs now show users as "NOT_TRANSLATED"? I use Splunk in order to get Local Event Log Collection. I get Windows Printer - Operational with version 6.0.1 ther... by fpiella Explorer in Getting Data In 08-05-2015 1 6	1	6
Can I specify multiple parameters in a props stanza? I am not sure if I can do this and it may be a problem with the host as we are looking into that as well. I have a ho... by chrishatfield21 Path Finder in Getting Data In 08-05-2015 0 6	0	6
line breaking partial success I'm trying to bring in some custom source log files and initially no line breaking was occurring so all of the events... by jsmith_splunk Splunk Employee in Getting Data In 08-05-2015 0 4	0	4
How to edit my props and transforms to route data to an index based on host? I've searched Splunk Answers and Googledom with no luck, leaving me to possibly repeat the same question as others ma... by jtroanlw Explorer in Getting Data In 08-05-2015 1 14	1	14
How to allocate identical timestamps from multiple lines to separate columns using dedup? Hi Splunk heads, I'm hoping someone might have the answer to this little issue I am facing. I have a problem with t... by Fergal111 Path Finder in Getting Data In 08-04-2015 0 10	0	10
Splunk takes long time to start I've got a newly installed Indexer on RHEL 6.6. It isn't indexing any data. When I restart the Splunk instance with "... by devinmclean Path Finder in Getting Data In 08-04-2015 0 1	0	1
How to configure SEDCMD in props.conf to delete XML event content at index-time? Hi all - I have content in XML events I'm indexing that I don't want: <?xml version="1.0" encoding="UTF-8"?> So ... by himynamesdave Contributor in Getting Data In 08-04-2015 1 4	1	4
Is there a way to configure Splunk to index its own .conf files or does Splunk already do this? How can I configure Splunk to index its own conf files? Would there be any issues with doing this? Or does Splunk a... by landen99 Motivator in Getting Data In 08-04-2015 0 11	0	11
How do I assign a single timestamp to multiple events in one XML document at index-time? Hi all, I have an XML feed that returns data like this: <feed lastUpdate="1438698061185" version="2.0"> <doc> <nu... by himynamesdave Contributor in Getting Data In 08-04-2015 1 5	1	5
Why is Splunk not parsing a CSV file correctly with TAB as a delimiter and \n as a line separator? Hi, I'm trying to parse csv file with TAB as separator and \n as a line separator. I don't have time in csv, I would ... by seregaserega Explorer in Getting Data In 08-04-2015 0 6	0	6
Data not coming in Splunk Apps for Windows Infrastructure I am using Splunk 6.2 version And Installed App Windows Infrastructure 1.0 Version, Sometimes I am not getting data ... by sahils New Member in Getting Data In 08-04-2015 0 3	0	3
How to send different data to different receivers using a single Splunk Universal Forwarder ? How to send different data to different receivers using single Splunk Universal Forwarder ? by aniket_amrutkar New Member in Getting Data In 08-04-2015 0 2	0	2
Where is the default sourcetype for udp:514 set? The sourcetype for udp514 is set to syslog. Where is this defined? Is it hard coded in Splunkd or is it defined in a ... by coleman07 Path Finder in Getting Data In 08-04-2015 0 2	0	2
Has anyone seen Java code that can parse and interpret Splunk time modifiers? not a Splunk problem, but this community is most likely to have an answer.... I have a non-Splunk related utility we... by wegscd Contributor in Getting Data In 08-04-2015 0 2	0	2
How to override the host and indexer if they are from a specific IP address? Hi everyone, I would like overwrite the host and indexer coming from my Splunk universal forwarder in my main index... by Federica_92 Communicator in Getting Data In 08-04-2015 0 4	0	4
How to merge a multiline event correctly ? I have a problem that is similar to this topic : http://answers.splunk.com/answers/188776/events-are-not-properly-sp... by leo_wang Path Finder in Getting Data In 08-03-2015 0 4	0	4
Why is the latest indexed data from our domain controllers showing 120 minutes old Windows security logs ? Hi, We have the same app deployed on multiple Domain Controllers. On some DC's, the data indexed in Splunk is older... by pavankumarh Path Finder in Getting Data In 08-03-2015 0 3	0	3
Dealing with badly structured json events I am pulling in some json events that are poorly structured (at least for my needs). Specifically, I need to be able... by david_rose Communicator in Getting Data In 08-03-2015 0 3	0	3
How to associate a value generated by a host with a field/event outside of the source? This is an overview of how my system produces a certain value: Usually each area has a set of hosts, but there are... by ohlafl Communicator in Getting Data In 08-03-2015 0 3	0	3
How to index two different datestamps in a single sourcetype? We had logs initially with timestamp: [05/18/15 6:00:02.3898 AM] With the latest release, the timestamp in logs chan... by nmohammed Builder in Getting Data In 08-03-2015 0 1	0	1
How can I push a comma separated line of fields to Splunk using the Java SDK? I have a Java program that reads in a CSV and prints off lines where one field has a certain value, and want to set i... by rbkaspr New Member in Getting Data In 08-03-2015 0 1	0	1
Why am I not able to get Aruba wireless controllers logs into Splunk via UDP port 514? Hello guys, I am trying to forward the logs of Aruba wireless controllers into Splunk, but I am not able see the log... by faizancool85 Path Finder in Getting Data In 08-03-2015 0 1	0	1
How do I tell my Light Forwarder to stop forwarding internal logs? I have enabled the SplunkLightForwarder app and it sends internal logs to my indexers. Is there a way for me to stop... by Simeon Splunk Employee in Getting Data In 08-02-2015 0 4	0	4
Will upgrading our Splunk indexer server with high performance hardware and dividing the indexer with multiple servers solve our high CPU performance issue? Hi Team, Currently we are facing a high CPU utilization issue on our indexer because of Splunk's high usage. To res... by rameshlpatel Communicator in Getting Data In 08-02-2015 0 4	0	4

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

TenableSC Modular Input error

After upgrading to Splunk 6.2.2 from 6.0.1, why do Windows event logs now show users as "NOT_TRANSLATED"?

Can I specify multiple parameters in a props stanza?

line breaking partial success

How to edit my props and transforms to route data to an index based on host?

How to allocate identical timestamps from multiple lines to separate columns using dedup?

Splunk takes long time to start

How to configure SEDCMD in props.conf to delete XML event content at index-time?

Is there a way to configure Splunk to index its own .conf files or does Splunk already do this?

How do I assign a single timestamp to multiple events in one XML document at index-time?

Why is Splunk not parsing a CSV file correctly with TAB as a delimiter and \n as a line separator?

Data not coming in Splunk Apps for Windows Infrastructure

How to send different data to different receivers using a single Splunk Universal Forwarder ?

Where is the default sourcetype for udp:514 set?

Has anyone seen Java code that can parse and interpret Splunk time modifiers?

How to override the host and indexer if they are from a specific IP address?

How to merge a multiline event correctly ?

Why is the latest indexed data from our domain controllers showing 120 minutes old Windows security logs ?

Dealing with badly structured json events

How to associate a value generated by a host with a field/event outside of the source?

How to index two different datestamps in a single sourcetype?

How can I push a comma separated line of fields to Splunk using the Java SDK?

Why am I not able to get Aruba wireless controllers logs into Splunk via UDP port 514?

How do I tell my Light Forwarder to stop forwarding internal logs?

Will upgrading our Splunk indexer server with high performance hardware and dividing the indexer with multiple servers solve our high CPU performance issue?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation