Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Rimah

How do I edit my props.conf to break multiline events?

Hello; I found a problem breaking multiline events in Splunk. I need to break events that have this format: Events:...
by Rimah Engager in Getting Data In 07-23-2015
0 2
0
2
paranoid

sourcetype naming scheme

What's a good sourcetype naming scheme in a large environment with numerous different applications using several tech...
by paranoid Explorer in Getting Data In 07-22-2015
0 2
0
2
dhavamanis

Is it possible to receive and forward logs using a Splunk universal forwarder on Linux?

Can you please help us? Is it possible to receive and forward logs using a Splunk universal forwarder? Because logs...
by dhavamanis Builder in Getting Data In 07-22-2015
0 2
0
2
jchilovich

Why am I receiving these errors on startup of WAS Universal Forwarder

upon startup of universal forwarder in a WAS environment, I receive the following (many of them, this is just an exam...
by jchilovich New Member in Getting Data In 07-22-2015
0 8
0
8
dominiquevocat

Is there a way to use kv_mode=json and eliminate one level in spath?

Is there a way to use kv_mode=json and remove levels of nesting during indexing or later? Example: we jave some json...
by SplunkTrust SplunkTrust in Getting Data In 07-22-2015
0 2
0
2
rakesh_498115

What path do I use to add new files, images, and fonts to load on a dashboard?

Hi , I have custom fonts for my dashboard and added the same in my app in the below path. /opt/splunk/etc/apps/MY_A...
by rakesh_498115 Motivator in Getting Data In 07-22-2015
1 2
1
2
brent_weaver

Should we run Splunk Enterprise forwarders on Windows or Linux in our distributed search environment?

We are rebuilding our distributed search Splunk environment: 1 Deployment Server 1 Dedicated Search Head 1 License S...
by brent_weaver Builder in Getting Data In 07-22-2015
0 1
0
1
maxdessureault

Can I use SED in configuration files?

Hi all, I am fairly new to Splunk and have been working on the following search time field extraction to grab window...
by maxdessureault Engager in Getting Data In 07-22-2015
0 6
0
6
sympatiko

How to configure indexes.conf to have indexed data deleted after 1 day or 24 hours?

Hi splunkers, I want to achieve 1 day retention for indexed data. How can I achieve this? I have a cluster setup wit...
by sympatiko Communicator in Getting Data In 07-21-2015
0 12
0
12
timospringer

How do I edit my code for a universal forwarder silent installation on Windows via CLI?

Hello, This is my code for installing and updating the UniversalForwarder via the command line. msiexec.exe /i "\\s...
by timospringer New Member in Getting Data In 07-21-2015
0 2
0
2
kylerose

Is it possible to disable Load Balancing between Universal Forwarders and the Heavy Forwarder?

We have many systems with Universal Forwarders sending to a dedicated Heavy Forwarder. We would like to put a 3rd par...
by kylerose Explorer in Getting Data In 07-21-2015
1 6
1
6
aaron_schmuhl

Can I take one IP with two different sets of logs (DNS and DHCP) and import that into two different sourcetypes?

So, here's my admittedly dumb situation. I have an IPAM appliance(s) that does both DNS and DHCP. The output port for...
by aaron_schmuhl Engager in Getting Data In 07-21-2015
0 2
0
2
edwardman88

Why does Splunk 6.1.2 forwarder on an AIX 7.1 machine keep crashing?

I have a AIX 7.1 machine setup as a forwarder running Splunk 6.1.2. Splunk keeps crashing almost and I need help to f...
by edwardman88 Explorer in Getting Data In 07-21-2015
4 4
4
4
peter_gianusso

How to troubleshoot why my Windows universal forwarder stopped forwarding Windows application event logs?

Recently my Windows Universal Forwarder stopped forwarding Windows application event log messages to my indexer. See...
by peter_gianusso Communicator in Getting Data In 07-21-2015
0 1
0
1
papalmi

How do you replace ip address with name?

We're looking to substitute the host field, which is an IP address, with the device name that corresponds to the IP a...
by papalmi New Member in Getting Data In 07-21-2015
0 5
0
5
pinVie

Working with an existing Splunk Environment, how should I start making this CIM compliant (normalization)?

Hello all, In a current project, I have to work with an existing Splunk environment which is already in use for abo...
by pinVie Path Finder in Getting Data In 07-21-2015
0 3
0
3
bjensen_splunk

Why does my SEDCMD show up fine in the preview, but not when I search?

New to Splunk so any help is appreciated. I am uploading mytest.log and trying to use SEDCMD to unravel a few fields...
by bjensen_splunk New Member in Getting Data In 07-21-2015
0 2
0
2
abovebeyond

configure sourcetype to an application

Hello, one of our application has the following log structure #Fields: Date ; Time ; Site Instance ; Event ; Clie...
by abovebeyond Communicator in Getting Data In 07-21-2015
0 4
0
4
archspangler

Input stanza path is not absolute.

How do I wildcard any windows drive letter in the inputs.conf stanza below? inputs.conf [monitor://[A-Z]:\Data\Disk...
by archspangler Path Finder in Getting Data In 07-21-2015
0 4
0
4
LewisWheeler

Is it possible to have a Splunk forwarder remove data from a monitored file after it has been successfully forwarded to an indexer?

I read somewhere this is possible, however I can't find where or how - looking for confirmation: Essentially I have ...
by LewisWheeler Communicator in Getting Data In 07-21-2015
0 4
0
4
dhasemore

How to tar splunkforwarder-6.2.4-271043-SunOS10-sparc.tar.z

I have downloaded the install file splunkforwarder-6.2.4-271043-SunOS10-sparc.tar.z for a server running solaris10. ...
by dhasemore Engager in Getting Data In 07-20-2015
0 3
0
3
pavan257

How to query key values and draw timechart?

Here is the sample data. RED: 2086 GREEN: 1579 WHITE: 159 PINK: 348 ORANGE: 0
by pavan257 New Member in Getting Data In 07-20-2015
0 11
0
11
pcampion

IIS data not parsing when input via TCP, but OK when input using "File & directories"

Hi. I'm brand new to using Splunk and just downloaded the Splunk Light trial. I've followed the tutorial video for...
by pcampion New Member in Getting Data In 07-20-2015
0 13
0
13
vinchakov_a

How to parse JSON log data?

I created an input in the _json format and send to it httpd access logs. I received such logs: Jul 14 14:35:44 172.1...
by vinchakov_a Path Finder in Getting Data In 07-20-2015
0 6
0
6
brent_weaver

Are there adverse affects to having monitors for files that do not exist?

I have two platforms to monitor. I want to create one application that I can apply to all hosts that come on board. I...
by brent_weaver Builder in Getting Data In 07-20-2015
0 1
0
1
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All