Getting Data In

Community Activity

I've exported an app to a client, but why were the sourcetypes not exported automatically? I've exported an app to a client, but the sourcetypes were not exported automatically. Shouldn't they be inside the a... by vtsguerrero Contributor in Getting Data In 07-07-2015 0 2	0	2
Is Splunk able to automatically offset timestamps at indextime when TZ is embedded in the event? Would this be automatic or would additional TZ configuration need to be set in order for this to work? by the_wolverine Champion in Getting Data In 07-07-2015 0 7	0	7
How to monitor last modified date on a checkin file without importing the file contents into Splunk? We have a file being generated by a vendor that they write data to on a regular basis. I do not need to import the d... by duffeysplunk Path Finder in Getting Data In 07-07-2015 0 2	0	2
convert timeformat with 21h as 00h Hi guys, i have this search: \| dbquery PROD-UOL7-MANUT-MONITORACAO "select dat_collect_transaction as \"data\", da... by felipesewaybric Contributor in Getting Data In 07-07-2015 0 2	0	2
ad logs question Hi, I noticed that our AD log inputs has a "start_from = oldest" entry. My question is, with this setting, if th... by a212830 Champion in Getting Data In 07-07-2015 0 1	0	1
How to execute a py or sh by interface of Splunk Hello, I write a xxx.sh in the /splunk/etc/apps/my_apps/bin and by the commande line ./xxx.sh to execute the c... by Lindaiyu Path Finder in Getting Data In 07-07-2015 0 1	0	1
Is there any way to monitor employees' browsing data or urls by using Splunk? Is there any way to monitor employees' browsing data or urls by using Splunk? by trravi New Member in Getting Data In 07-07-2015 0 2	0	2
Processing events with an external script I'd like to take various actions against real-time events from Splunk. What's considering the best practice for this... by wibay New Member in Getting Data In 07-07-2015 0 1	0	1
How to edit a props.conf for an aribitrary source? Where do I go & how should I do it? I know what to change, [$sourcetype] MAX_EVENT = 100000 I would appreciate yo... by minkyuk Explorer in Getting Data In 07-07-2015 0 7	0	7
lookup tables: 2 sources fileds aliased to match 1 lookupfield I have some very large lookup tables for known bad domains.(4m+ entries) the lookup has a field called 'kap_chk' wh... by borgy95 Path Finder in Getting Data In 07-07-2015 0 3	0	3
How to configure props.conf and transforms.conf to change Cisco ASA and ISE syslog sourcetypes and move them to different indexes? Hi, I have cisco ASA and cisco ISE syslogs coming to splunk on udp1026 port. I would like to differentiate the sourc... by kpsajin Explorer in Getting Data In 07-07-2015 0 9	0	9
How to find events with duplicate field Our application had a defect in a logging interceptor that led to a field being duplicated in an event but where both... by barrysvee New Member in Getting Data In 07-07-2015 0 5	0	5
How to monitor two paths in the inputs.conf under one sourcetype In my inputs.conf file, I have an entry for a sourcetype that I want to change. Currently, it monitors the path: /op... by Splunkster45 Communicator in Getting Data In 07-06-2015 0 4	0	4
Why my data go in the wrong Index ? I have configured Windows logs input to a certain index Index_test_03, but very few data - tens - go there. Most of t... by altink Builder in Getting Data In 07-06-2015 0 10	0	10
How to parse JSON array using spath or any other option Below is the log: qCode="SOME_CODE", qValue="[{"id":null,"dayStart":"08:00","dayEnd":"18:00","dayOfWeek":"2","day":... by swatijha New Member in Getting Data In 07-06-2015 0 4	0	4
line breaking... Hi, I'm stumped. I've been playing with the linebreaking trying to get the format properly, and it won't work. The f... by a212830 Champion in Getting Data In 07-06-2015 0 15	0	15
Duplicate GUIDS for standalone indexers, how can I safely correct this? Just noticed I have a duplicate GUID for two standalone, load balanced (via splunk conf, not F5) indexers. Can I just... by davebo1896 Communicator in Getting Data In 07-06-2015 0 1	0	1
Why does my json event data show duplicate fields? In my screenshot, you can see my events have duplicate fields. I am trying to figure out why this is occurring. The s... by bnorthway Path Finder in Getting Data In 07-06-2015 3 3	3	3
Why is my universal forwarder VM failing to forward data? I set up a small network using virtualbox and I am now having trouble forwarding data to the host. The laptop I am us... by syx093 Communicator in Getting Data In 07-06-2015 0 1	0	1
How to exclude searching of certain indexers by role? I have a shared search head used by different groups where those groups have set up their own indexers. They want to... by mjones414 Contributor in Getting Data In 07-06-2015 0 2	0	2
How do I stop forwarding the _audit index? Hi, I'm trying to stop forwarding _audit index. I put in my outputs.conf the following lines: [tcpout] forwardedind... by jeromep83 Engager in Getting Data In 07-06-2015 0 1	0	1
Extract field from source field then run a lookup - config error? I want to add a field extracttion to props.conf that will extract a portion of the uri field to create a custom field... by borgy95 Path Finder in Getting Data In 07-06-2015 0 2	0	2
Date stamp in directory name How can I configure splunk to index or accept the datestamp in the name of directories? The events only have time sta... by suhprano Path Finder in Getting Data In 07-06-2015 0 1	0	1
regex/props.conf - How to set properly the entries in .conf files? Hi, I extracted from the default source field, in search-time, a new field called 'domain': \| rex field=source "^(\/... by skender27 Contributor in Getting Data In 07-06-2015 0 9	0	9
Is it normal behavior for Splunk to block queues and stop forwarding data when one of two remote ports is closed? Hello, I use a Splunk heavy forwarder and I would like to send inputs to a remote a server. I have two channels on ... by jeromep83 Engager in Getting Data In 07-05-2015 2 5	2	5