Getting Data In

Community Activity

line breaking... Hi, I'm stumped. I've been playing with the linebreaking trying to get the format properly, and it won't work. The f... by a212830 Champion in Getting Data In 07-06-2015 0 15	0	15
Duplicate GUIDS for standalone indexers, how can I safely correct this? Just noticed I have a duplicate GUID for two standalone, load balanced (via splunk conf, not F5) indexers. Can I just... by davebo1896 Communicator in Getting Data In 07-06-2015 0 1	0	1
Why does my json event data show duplicate fields? In my screenshot, you can see my events have duplicate fields. I am trying to figure out why this is occurring. The s... by bnorthway Path Finder in Getting Data In 07-06-2015 3 3	3	3
Why is my universal forwarder VM failing to forward data? I set up a small network using virtualbox and I am now having trouble forwarding data to the host. The laptop I am us... by syx093 Communicator in Getting Data In 07-06-2015 0 1	0	1
How to exclude searching of certain indexers by role? I have a shared search head used by different groups where those groups have set up their own indexers. They want to... by mjones414 Contributor in Getting Data In 07-06-2015 0 2	0	2
How do I stop forwarding the _audit index? Hi, I'm trying to stop forwarding _audit index. I put in my outputs.conf the following lines: [tcpout] forwardedind... by jeromep83 Engager in Getting Data In 07-06-2015 0 1	0	1
Extract field from source field then run a lookup - config error? I want to add a field extracttion to props.conf that will extract a portion of the uri field to create a custom field... by borgy95 Path Finder in Getting Data In 07-06-2015 0 2	0	2
Date stamp in directory name How can I configure splunk to index or accept the datestamp in the name of directories? The events only have time sta... by suhprano Path Finder in Getting Data In 07-06-2015 0 1	0	1
regex/props.conf - How to set properly the entries in .conf files? Hi, I extracted from the default source field, in search-time, a new field called 'domain': \| rex field=source "^(\/... by skender27 Contributor in Getting Data In 07-06-2015 0 9	0	9
Is it normal behavior for Splunk to block queues and stop forwarding data when one of two remote ports is closed? Hello, I use a Splunk heavy forwarder and I would like to send inputs to a remote a server. I have two channels on ... by jeromep83 Engager in Getting Data In 07-05-2015 2 5	2	5
Group CSV data results by two or more matching values? I'm indexing a CSV that appears like the following in its raw form: Filenum,string 1,abc 2,defg 2,abc 3,xyz 3,abc 1,... by jtsplunk Splunk Employee in Getting Data In 07-05-2015 0 4	0	4
How to search a Multi line windows event Hi, I'm trying to search a multiline event from a windows server. I need to find out which changes was made with a f... by krusty Contributor in Getting Data In 07-05-2015 0 1	0	1
Extracting domain names (mvindex?) I get the feeling this is going to be a tough one to solve, but, I'm trying to aggregate results of a search based up... by howyagoin Contributor in Getting Data In 07-05-2015 1 1	1	1
TimeFormat Error from a line in nullQueue The transform works and filters out the the matching line from going into the index but I still get these errors: WA... by pshumate Explorer in Getting Data In 07-04-2015 0 1	0	1
Apply a lookup only to events before a certain time I need to apply a lookup only to events before a certain point in time (the data added by the lookup is now included ... by Shtark Explorer in Getting Data In 07-04-2015 0 1	0	1
Scheduled scans are not load balancing across cluster and crashing the Indexer they get sent to. I have a cluster of 4 indexers. The search head sends scheduled scans which always end up draining resources on one ... by Aixia Engager in Getting Data In 07-03-2015 0 2	0	2
Query about fill summary index I've tried to run this.. ./splunk cmd python fill_summary_index.py -app search -name "summary" -et 06/14/2015:08:00:... by lanilim16 Explorer in Getting Data In 07-03-2015 0 1	0	1
After installing and configuring universal forwarders, why can't I see the data in the indexer? I have a universal forwarder installed in a few servers and I also have added the logs to be monitored for each. I'm ... by lanilim16 Explorer in Getting Data In 07-03-2015 0 7	0	7
Can I use a REST API command to reschedule the saved searches How to use POST REST Command in the search to reschedule the saved search scheduled time. for e.g saved search xxx ... by sbbadri Motivator in Getting Data In 07-03-2015 0 3	0	3
Parse Complex XML Node Name/Value I have a log file which is written out in XML through Microsoft.Practices.EnterpriseLibrary.ExceptionHandling. I want... by Nicolasfm Engager in Getting Data In 07-03-2015 0 3	0	3
Configure a splunk searchhead so i can query the forwarder I have a deployment server from where i have a firewall rule that alows me to reach the 8089 management port of all f... by dominiquevocat SplunkTrust in Getting Data In 07-03-2015 1 3	1	3
How to index historical and real-time data from a Cassandra database in Splunk? Hi, I have a Cassandra database. I want to index historical data as well as real time data that's coming to Cassandr... by p_gurav Champion in Getting Data In 07-02-2015 2 5	2	5
Is there any restriction on Splunk Free when monitoring from a directory? Hi! I'm using Splunk Free, specifically the monitor feature from a directory. I put several files in it, but not all ... by fvasquezchacon Path Finder in Getting Data In 07-02-2015 0 1	0	1
Syslog Universal Forwarder truncated at 1024 bytes Hi there, I'm using a Splunk UF to monitor a Windows folder and syslog the events to a remote server where they are ... by someyoungfella New Member in Getting Data In 07-02-2015 0 1	0	1
How to filter out debug logs except 3 different log types? Hi All, I have some log data that includes INFO, WARN, ERROR and DEBUG levels. I would like to index INFO, WARN, ER... by gyarici Path Finder in Getting Data In 07-02-2015 0 5	0	5