Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Jason_1

How do you assign host value for ActiveDirectory source?

I have the 4.2 universal forwarder installed on an Active Directory DC, but have been unable to assign the fqdn as th...
by Jason_1 New Member in Getting Data In 06-03-2015
0 1
0
1
splunkIT

Events with reassigned sourcetype (via props and transforms) become unsearchable

I have the following input: --inputs.conf-- [monitor:///logs/cisco_raw.txt] disabled = 0 sourcetype = syslog The f...
by splunkIT Splunk Employee Splunk Employee in Getting Data In 06-03-2015
2 2
2
2
vaishnavi07

External Scripts

Hi all. I need to get data from Splunk by invoking an external scrip(Python etc..). Directly when i run the script i ...
by vaishnavi07 Explorer in Getting Data In 06-03-2015
0 3
0
3
jambajuice

Can forwarders be configured to only index data from certain sources?

We are a PCI environment with over 300 Splunk servers in stores all over the country. Because of PCI requirements, w...
by jambajuice Communicator in Getting Data In 06-02-2015
0 1
0
1
gfriedmann

Has anyone already figure out how to deal with timestamps from windows DNS debug logs?

I just started logging DNS debug logs from windows DNS servers. With the filename dns.log it is nicely identified as ...
by gfriedmann Communicator in Getting Data In 06-02-2015
1 6
1
6
jambajuice

Is it possible to filter events after indexing, but before they are forwarded?

I'm gathering the _internal index from several hundred remote hosts, but the only events I want to collect centrally ...
by jambajuice Communicator in Getting Data In 06-02-2015
0 1
0
1
ford1863

How to forward indexed data to another splunk receiver?

Now I configured server A and B with installing splunk, and index some local logs on server A. I want to forward thes...
by ford1863 New Member in Getting Data In 06-02-2015
0 1
0
1
JOverbey

Changes to Tranforms.Conf not reflected

I have a scripted input that gather SQL Perfmon counters via wmi. It is gathering data and working without issue, ho...
by JOverbey New Member in Getting Data In 06-02-2015
0 1
0
1
tjohnson2

Indexer isn't receiving data from the Universal Forwarder

Hello, I'm having issues receiving data on my Indexer from the Universal Forwarder. Prior to installing the Universa...
by tjohnson2 Explorer in Getting Data In 06-02-2015
0 3
0
3
rfrazier

How do you filter Windows:Security:Events: 5145 using use transforms.conf and props.conf?

I am trying to filter Windows:Security:Events: 5145. I created the props.conf and the transforms.conf file listed be...
by rfrazier New Member in Getting Data In 06-02-2015
0 3
0
3
a212830

How to forward log files to two different servers?

Hi, I need to send some logfiles twice - send one set to my prod system, and another to a dev system. I have two dif...
by a212830 Champion in Getting Data In 06-02-2015
0 2
0
2
birarich

What is the default REST API URL to post data to the default index?

What is the default REST API url to post data at default index? I have rest api APP configured as input in splunk.
by birarich Explorer in Getting Data In 06-02-2015
0 3
0
3
nicolasydder

How can I set a TIME_PREFIX without prefix

Hi folks, I wanted to add the first field as timestamp : 150503;ULSTTTK073TTTXXX;XXXXXXXX;15/04/27;13:11:35 bu...
by nicolasydder Explorer in Getting Data In 06-02-2015
0 1
0
1
whitby

Indexing FortiGate firewall syslog data, why does Splunk License Usage show 543MB indexed, but our Kiwi syslog server shows 2.7GB for the same data?

I have a FortiGate firewall sending logs via syslog protocol to a Kiwi syslog server on one host, and to Splunk on an...
by whitby Engager in Getting Data In 06-02-2015
0 6
0
6
ewicher

How to configure the WMI event collection start date so when I add a new Windows server, Splunk doesn't retrieve historical data?

Hi! I'm pretty new to Splunk and at the moment, I'm trying to set up a centralized repository for all my Windows eve...
by ewicher New Member in Getting Data In 06-02-2015
0 4
0
4
brutecat

How to configure Splunk to recognize data is from a specific timezone?

Hi there, I need some help regarding time zone (I think). I have data that was collected in Europe (CET time). My an...
by brutecat Path Finder in Getting Data In 06-02-2015
0 1
0
1
mazurmateusz

How to import data from file *.log from Active Directory to SPLUNK?

Hello All, After uploading Windows Active Directory data from file '.log' to SPLUNK, i recognized that all data is n...
by mazurmateusz Engager in Getting Data In 06-01-2015
0 2
0
2
mikeely

Simple text file suddenly (but thoroughly) being ignored

I've got this little file Oracle appends a row to every hour, and it stopped being monitored mysteriously sometime ar...
by mikeely Path Finder in Getting Data In 06-01-2015
0 1
0
1
pwhitebe

Why are only 10 of my 16 forwarders showing up in my receiver/indexer?

Greetings, I have set up 17 micro AWS boxes, One running a splunk 6.2.0 indexer, 8 with databases (8 mongo and 4 mon...
by pwhitebe Engager in Getting Data In 06-01-2015
0 2
0
2
ebailey

Why is my line breaking configuration for BREAK_ONLY_BEFORE in props.conf not working?

I have the following two messages that are merging into one event in Splunk and I need to teach Splunk to break the e...
by ebailey Communicator in Getting Data In 06-01-2015
1 5
1
5
a212830

help with line-breaking

Hi, I have a feed coming in from db connect, which I can't get to line-break properly. My props is: [Performance] ...
by a212830 Champion in Getting Data In 06-01-2015
0 3
0
3
shaileshmali

How to encrypt communication between a universal forwarder and heavy forwarder?

I am not able to configure heavy forwarder inputs.conf file to receive encrypted traffic. 1) config inputs.conf on h...
by shaileshmali Path Finder in Getting Data In 05-31-2015
0 1
0
1
shiftey

How to use the where clause and wildcard to filter results?

Hi, I am trying to run this search without success (the search runs however there are 0 results) sourcetype=dhcplog...
by shiftey Path Finder in Getting Data In 05-30-2015
0 1
0
1
sanurd

Is it possible to add an option to the UI in Simple XML to allow users to select a file or folder and run a oneshot python script to index it?

Hello, I am working on an App that will allow users to select a file or folder and then call a python script in the ...
by sanurd Path Finder in Getting Data In 05-30-2015
0 2
0
2
andrewholmes

Correlate logs when time order is inconsistent

I have spent a lot of time trying to get something that works perfectly here, and I just can't get more than partial ...
by andrewholmes New Member in Getting Data In 05-29-2015
0 1
0
1
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...
Top Solution Authors
View All