Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
cmamer

Why are today's events showing as yesterday for certain events?

I have a forwarder configured to pull data from a local server as a generic single line sourcetype. The events in the...
by cmamer New Member in Getting Data In 07-28-2015
0 2
0
2
wardallen

How do I edit my props.conf for proper line breaking when indexing a CSV file with a large amount of quotes and newlines?

I have a csv file that's giving me a headache while trying to index it. It has 100+ columns, several of which are mak...
by wardallen Path Finder in Getting Data In 07-27-2015
1 2
1
2
clairebesson

How to clear text input after submitting?

Hi everyone, I have created a drop-down linked with text input. I am able to search by field1, field2, field3. Howev...
by clairebesson Explorer in Getting Data In 07-27-2015
0 1
0
1
rakesh_498115

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Hi All, I have configured Splunk SSO configuration with siteminder for my application. All the siteminder configurat...
by rakesh_498115 Motivator in Getting Data In 07-27-2015
0 2
0
2
jbradley76

Why is my inputlookup search not returning all results from the CSV file?

Hello All, I have a CSV file with a single column, address, with about 1000 IP addresses below. I am attempting to ...
by jbradley76 Engager in Getting Data In 07-27-2015
0 3
0
3
pavanae

Can a single universal forwarder forward data to two different indexers?

Hi I am using a Universal Forwarder, say in Machine A. It has logs at one path, say Log Path1. Now I want this Forwa...
by pavanae Builder in Getting Data In 07-27-2015
0 4
0
4
rbacon

Problem Removing Leading Zeros From IP Address

Splunk is indexing a CSV file that contains an IP address and it looks something like this: "Windows 7","SSHEFFIER8G...
by rbacon Path Finder in Getting Data In 07-27-2015
0 15
0
15
gibba

Why does Splunk ask me to restart when I create a new index?

Hi everyone, I don't understand why, but when I create a new index, Splunk needs a restart. Do you have best practi...
by gibba Path Finder in Getting Data In 07-27-2015
0 2
0
2
shrirangphadke

How to add a new sourcetype to an existing index?

Hi, Sorry if my question is repeated. I have an index with sourcetype as 'firewall' and now I want to add one more ...
by shrirangphadke Path Finder in Getting Data In 07-27-2015
0 2
0
2
neelamssantosh

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Hi Splunkers, Kindly suggest any approach/steps for Syslog must Switch to another Splunk Heavy Forwarder automatic...
by neelamssantosh Contributor in Getting Data In 07-25-2015
2 8
2
8
pavanae

Monitoring two different paths in inputs.conf, why am I only getting logs from one path, but not the second path?

Hi the following is my inputs.conf [monitor:///opt/jboss/server/*/log/server.log] index = sit_2 sourcetype = log4j ...
by pavanae Builder in Getting Data In 07-24-2015
0 1
0
1
tylergps

How would I display all hosts with AND without events?

I'm trying to audit an environment based on Window's RDP event codes 21, 22, and 25. I'm able to display the number o...
by tylergps Explorer in Getting Data In 07-24-2015
0 5
0
5
umang_solanki

Searching events for a specific host, why are we getting results for 2 hosts: one upper case hostname and one lower case?

Hello, In our Splunk Enterprise, we have created a customized indexer. We are trying to get certain events of a spec...
by umang_solanki New Member in Getting Data In 07-24-2015
0 2
0
2
sunnyparmar

After removing data using the delete command in a search, how do I reindex that data?

Hi, I have one delimited tab log file with a .txt extension. I pushed the data from from that log file to the Splunk...
by sunnyparmar Communicator in Getting Data In 07-24-2015
0 3
0
3
sahoo0233

How to delete indexed data for a particular date?

Hi, I index data on a daily basis. For indexing, I have made a monitoring path in inputs.conf, so once the file is i...
by sahoo0233 Path Finder in Getting Data In 07-24-2015
0 3
0
3
lquinn

Can I log in to Splunk Web from credentials entered on an external webpage?

I have a webpage where users enter their username and password to view their profile. I would like to include some co...
by lquinn Contributor in Getting Data In 07-24-2015
0 1
0
1
jravida

How to dedup a field inside JSON arrays?

Hi guys, I'm working on some formulas to show percentages, right now trying to count % vendors affected by vulnerabi...
by jravida Communicator in Getting Data In 07-23-2015
0 1
0
1
juandiaz

How to delete event data from an indexer using the REST API?

Hi everyone, I have found similar questions and responses to this type of scenario, but I can’t seem to find a way t...
by juandiaz New Member in Getting Data In 07-23-2015
0 1
0
1
arkadyz1

Django bindings, header: appbar has no effect? (Splunk Enterprise 6.1)

I'm starting to experiment Splunk Web Framework. Following some tutorials, trying to tweak things here and there. One...
by arkadyz1 Builder in Getting Data In 07-23-2015
0 1
0
1
rsathish47

How to configure stanzas in inputs.conf to monitor two paths with the same folder names, but are case sensitive?

Hi All, I need to configure inputs.conf for the folder path below. Can we do it in one stanza, or do we need create ...
by rsathish47 Contributor in Getting Data In 07-23-2015
0 4
0
4
Rimah

How do I edit my props.conf to break multiline events?

Hello; I found a problem breaking multiline events in Splunk. I need to break events that have this format: Events:...
by Rimah Engager in Getting Data In 07-23-2015
0 2
0
2
paranoid

sourcetype naming scheme

What's a good sourcetype naming scheme in a large environment with numerous different applications using several tech...
by paranoid Explorer in Getting Data In 07-22-2015
0 2
0
2
dhavamanis

Is it possible to receive and forward logs using a Splunk universal forwarder on Linux?

Can you please help us? Is it possible to receive and forward logs using a Splunk universal forwarder? Because logs...
by dhavamanis Builder in Getting Data In 07-22-2015
0 2
0
2
jchilovich

Why am I receiving these errors on startup of WAS Universal Forwarder

upon startup of universal forwarder in a WAS environment, I receive the following (many of them, this is just an exam...
by jchilovich New Member in Getting Data In 07-22-2015
0 8
0
8
dominiquevocat

Is there a way to use kv_mode=json and eliminate one level in spath?

Is there a way to use kv_mode=json and remove levels of nesting during indexing or later? Example: we jave some json...
by SplunkTrust SplunkTrust in Getting Data In 07-22-2015
0 2
0
2
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...
Top Solution Authors
View All