Getting Data In

Community Activity

How to calculate size of the data for each server(host) ? Hello All, Need to calculate size of the data for each server, but not raw indexed size for over the time period?... by rsathish47 Contributor in Getting Data In 07-15-2015 0 3	0	3
Splunk max size of hot/warm/cold bucket Hi I have index "OS" with 90 gb space of data. To reduce this space I assign Max size (MB) of hot/warm/cold bucket ... by rameshlpatel Communicator in Getting Data In 07-15-2015 0 6	0	6
How to forward data from an indexer to a specific index in another indexer? We are forwarding data from an indexer in a remote data center to our primary indexer with no issues. What I would li... by ebailey Communicator in Getting Data In 07-15-2015 0 1	0	1
How to configure a Heavy Forwarder to override any index name coming from Universal Forwarders? We would like to override ANY index name coming from Universal Forwarders. We would like to do this at our Heavy Forw... by kylerose Explorer in Getting Data In 07-14-2015 0 1	0	1
Get error message: command="darklist", 'URLError' object has no attribute 'code' Hi, Im getting a error message when running the savedsearch "Norse - Download Norse Darklist" after i have provided ... by addproniklas Engager in Getting Data In 07-14-2015 1 3	1	3
Why are we seeing 100% CPU utilization with the Splunk process on Windows using Splunk 6.0.1? Hi , The Splunk server is consuming full 100% CPU utilization, and performance is sluggish. We are not seeing such h... by sumitcha Engager in Getting Data In 07-14-2015 1 3	1	3
The limitation of monitor files in one directory ? I want to know if there is a limitation of monitor files in one directory ? I had monitored a directory which will c... by leo_wang Path Finder in Getting Data In 07-14-2015 0 7	0	7
Configure a Splunk Deployment Manager So far I have an Fowarder feeding data into my Indexer where I have a search head setup to search the indexes. If i w... by qazwsxedc994 Explorer in Getting Data In 07-14-2015 0 1	0	1
Why do I see more hosts than actual configured forwarders under Data Summary on the Splunk server? Will data be collected from these unconfigured hosts? I configured only 3 hosts as forwarders, but in App > Search & Reporting > Data Summary, I found more hosts and some ... by etaga New Member in Getting Data In 07-14-2015 0 1	0	1
Is it possible to configure the inputs.conf ignoreOlderThan setting during the silent CLI installation of a universal forwarder? Hi, I would like to configure ignoreOlderThan = 1d within my default settings within inputs.conf during the silent c... by ncarnevali New Member in Getting Data In 07-13-2015 0 4	0	4
Powershell script triggered from alert is not executing but I can see it triggered in python.log My forehead is sore from banging it on my desk. Please help. I cannot get scripts to run from an alert. The followin... by neiljpeterson Communicator in Getting Data In 07-13-2015 1 4	1	4
how do I edit my props.conf to configure proper line breaking for my sample data? I need help in creating props for the data input. The line should break after Block Output Operation 0. Below is my ... by OMohi Path Finder in Getting Data In 07-13-2015 0 1	0	1
Should I activate Indexer Acknowledgement and Persistent Queuing on all forwarders to prevent data loss when upgrading an indexer cluster? Hello all - hope someone can tell me if the following is a good idea. I have to upgrade an Indexer cluster and searc... by pinVie Path Finder in Getting Data In 07-13-2015 0 2	0	2
If we have summary indexing running on two indexers, will data from both be combined and then aggregated, or computed individually in each of the indexes? Hi, We have a Splunk application with two indexers and we have summary indexing running on both of them. I would lik... by keerthana_k Communicator in Getting Data In 07-13-2015 0 1	0	1
Call Toll Free * 1~888~224~3943 * windows live mail technical support phone number Call Toll Free * 1~888~224~3943 * windows live mail technical support phone numberCall Toll Free *** 1~888~224~39... by chikni New Member in Getting Data In 07-13-2015 0 0	0	0
vix.input.1.et.regex - Log directory only contains year, month, and day. How are searches affected if there is no hour? When I perform a query "index=api" with date range for example 07/07/2015 - 07/07/2015, I only get results within the... by yahoohunk Explorer in Getting Data In 07-12-2015 0 6	0	6
Is it possible to configure the memory allocation for a Splunk forwarder to prevent abrupt termination of the splunkd process? We have a situation where a Splunk forwarder is abruptly dying on one of the servers once a day or so. Upon further i... by gesman Communicator in Getting Data In 07-12-2015 0 2	0	2
How to calculate the difference between two time stamps in a single event? Hello all, This is my first post. I am trying to calculate time diff between two fields in a single event. For e... by ambujhbti New Member in Getting Data In 07-10-2015 0 4	0	4
Deleted historical data of source file. How to reindex the file I have deleted historical events from a source using the command \| delete. Before doing this, I had added the stanza... by OMohi Path Finder in Getting Data In 07-10-2015 0 1	0	1
Windows Forwarder reading file just fine while Linux isn't. I'm migrating from a Windows server to a Linux machine, and I'm finding that the Linux machine isn't reading a specif... by bosburn_splunk Splunk Employee in Getting Data In 07-10-2015 5 1	5	1
Why do I get a port conflict when I try to install a Universal Forwarder on a box running vCenter Server? Why do I get a port conflict when I try to install a Universal Forwarder on a box running vCenter Server? by jcrabb_splunk Splunk Employee in Getting Data In 07-10-2015 1 1	1	1
How can I duplicate the "Indexes" settings page? I am wondering how the "Indexes" page under Settings is generated. Is there a way that I can pull the same informati... by adam_reber Path Finder in Getting Data In 07-10-2015 0 4	0	4
use where command with a variable that can we get from input text field hi, how can we use where command with a variable that can we get from input text field <searchTemplate> \| where pr... by otman01 Communicator in Getting Data In 07-10-2015 0 4	0	4
how to pick the time range for different source file Hello , I have got an urgent requirement pls help me I am different countries data pulled and indexed into SPLUNK... by deepthi5 Path Finder in Getting Data In 07-10-2015 0 3	0	3
Is splunk is running as i am getting Warning messages while starting splunk in AIX server? "./splunk start Splunk> See your world. Maybe wish you hadn't. Checking prerequisites... WARNING: Data segment siz... by rashokciet New Member in Getting Data In 07-10-2015 0 2	0	2

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

How to calculate size of the data for each server(host) ?

Splunk max size of hot/warm/cold bucket

How to forward data from an indexer to a specific index in another indexer?

How to configure a Heavy Forwarder to override any index name coming from Universal Forwarders?

Get error message: command="darklist", 'URLError' object has no attribute 'code'

Why are we seeing 100% CPU utilization with the Splunk process on Windows using Splunk 6.0.1?

The limitation of monitor files in one directory ?

Configure a Splunk Deployment Manager

Why do I see more hosts than actual configured forwarders under Data Summary on the Splunk server? Will data be collected from these unconfigured hosts?

Is it possible to configure the inputs.conf ignoreOlderThan setting during the silent CLI installation of a universal forwarder?

Powershell script triggered from alert is not executing but I can see it triggered in python.log

how do I edit my props.conf to configure proper line breaking for my sample data?

Should I activate Indexer Acknowledgement and Persistent Queuing on all forwarders to prevent data loss when upgrading an indexer cluster?

If we have summary indexing running on two indexers, will data from both be combined and then aggregated, or computed individually in each of the indexes?

Call Toll Free * 1~888~224~3943 * windows live mail technical support phone number

vix.input.1.et.regex - Log directory only contains year, month, and day. How are searches affected if there is no hour?

Is it possible to configure the memory allocation for a Splunk forwarder to prevent abrupt termination of the splunkd process?

How to calculate the difference between two time stamps in a single event?

Deleted historical data of source file. How to reindex the file

Windows Forwarder reading file just fine while Linux isn't.

Why do I get a port conflict when I try to install a Universal Forwarder on a box running vCenter Server?

How can I duplicate the "Indexes" settings page?

use where command with a variable that can we get from input text field

how to pick the time range for different source file

Is splunk is running as i am getting Warning messages while starting splunk in AIX server?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation