Getting Data In

Discussions

Thread Info

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

I am trying to create props.conf for a log file which has entries like below, {"timestamp":1429805010594,"message"...

by Communicator in

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I have Splunk set to monitor the folder that stores my IIS logs. It is currently working, however, since there is a n...

by Path Finder in

I'm trying to rename a sourcetype, by why isn't my configuration working?

Hi, I want to rename a sourcetype, but the following isn't working: [log4j] KV_MODE = auto ANNOTATE_PUNCT = fal...

by Champion in

In log file line break not working.

i working in sample log file in which some event break line is different i use BREAK_LINE = ([\r\n]+)/d+/./d/./d+* bu...

by Communicator in

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Hello Everyone, Here is the scenario. I have three source CSV files with joining fields: file1 field1 = file2 ...

by Explorer in

Disable Delete Capability - Free Edition

Is it possible to disable the delete capability from GUI on the free license of Splunk?

by Explorer in

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

I'm using splunk enterprise on a local windows based system. I have a file reader configured to watch a directory...

by Engager in

Why am I seeing timezone differences for sourcetypes on the same host?

Indexing log files from a couple of IIS-servers. The events being logged are logged as GMT, whereas the time here in ...

by Contributor in

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

I tried to setup 2 rules : - one to rename the sourcetype A to B for some events - one to apply a SEDCMD rule to the...

by Splunk Employee in

how to change date/time format in .csv email alert?

When I schedule the following search and send a report through email, the date/time in the attached .csv file does no...

by Splunk Employee in

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Hi 20140902191418.351 TrxManagerFactory.CreateTrxManager Done 20140902191418.351 TransactionBaseMgr.Init 201409021...

by Communicator in

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

Hello, Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head? ...

by Builder in

How often does the search head send the knowledge bundles to the indexers?

My indexer has /opt/splunk/var/run/searchpeers. How often do searchpeers get updated? I also have an old backup searc...

by Contributor in

How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1?

I have standard UDP logs from PFsense being sent to my Splunk server. However, I can't seem to get the Squid logs to ...

by New Member in

Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix?

Hello- I want to monitor my printers in our corporate environment which is a Windows print server. I want to get t...

by New Member in

How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel?

We have rest/json/http services and need to make a call from Drill Down Dashboard button click event. Please let me k...

by Explorer in

Who can tell me why the API POST for JSON doc times out -

This DOES NOT work: curl -k -u admin:changeme "https://0.0.0.0:8089/services/receivers/simple?source=mysource&inde...

by Contributor in

Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing?

I am a using a Universal Forwarder on my domain controller to forward security events to a Splunk indexer and would l...

by Explorer in

How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008)

I am trying to install Splunk on Winows Server 2008 as a domain user like here:(http://docs.splunk.com/Documentation/...

by Explorer in

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Can you please tell us how to resolve this error on our Windows universal forwarder, Invalid key in stanza [monito...

by Builder in

Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed?

Hi Everyone, I'm looking to monitor some files locally on the Splunk instance, and I am able to add them as data i...

by Engager in

Using Cisco ACS command logging, find one line then a related line

Cisco ACS logging find CmdAV=interface and then next successful command from same user with CmdAV=no CmdArgAV=shutdow...

by New Member in

How to fix the missing spec file errors?

Hi, I currently have four instances of Splunk, which are synchronised on a daily basis (the first instance pushes...

by New Member in

Json Indexing

We are trying parse a Json file for indexing. While parsing we have two events in the json file mentioned below [ ...

by Explorer in

Missing _introspection index on 5.x Indexer

We are using a Splunk 6.1 heavy forwarder to process and send data to 5.x indexer. I see the following error from the...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I'm trying to rename a sourcetype, by why isn't my configuration working?

In log file line break not working.

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Disable Delete Capability - Free Edition

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

Why am I seeing timezone differences for sourcetypes on the same host?

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

how to change date/time format in .csv email alert?

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

How often does the search head send the knowledge bundles to the indexers?

How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1?

Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix?

How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel?

Who can tell me why the API POST for JSON doc times out -

Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing?

How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008)

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed?

Using Cisco ACS command logging, find one line then a related line

How to fix the missing spec file errors?

Json Indexing

Missing _introspection index on 5.x Indexer

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Issue with file csv monitoring

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?