Getting Data In

Discussions

Thread Info

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

I'm running the free version of Splunk 6.2.2. When I attempt to delete records by sending them to Delete, I get a mes...

by Contributor in

After updating a new license key, why is the indexing volume used not showing the correct result?

Hi Team, i have changed my license key from 40GB to 65GB, but this search: index = __internal metrics kb group=...

by Explorer in

How do I get multiple sourcetypes from one source?

I have one file that I need to pull two sourcetypes from. Here are the details: i created two independent inputs.c...

by Path Finder in

Dynamic list of Hostname

I have 2 types of log files I want to fetch dynamic list of hostnames(host) with index name Log file1: index,sour...

by Explorer in

How does a forwarder protect against the loss of inflight detail?

Hi To frame the question, here's a cut and paste from the the Splunk manual: If all goes well, the indexer...

by Explorer in

Why are log sent to Splunk in GMT displayed in the future?

Several devices that only support sending logs out stamped with GMT and splunk displays them in the future. Placed...

by Splunk Employee in

Timestamp preview different than timestamp in search

Hello All, Simply put, I can successfully detect the timestamp of an event while in preview mode During Preview (n...

by Explorer in

Why is my configuration not extracting CSV at index-time?

Hi all, I'm trying to use INDEXED_EXTRACTIONS = CSV but for some reason it's just not working. My input looks as foll...

by Path Finder in

Is there a command to download the Splunk forwarder for Windows server 2003 32bit from the Windows terminal?

Hi everyone, I would like know if there is an existing command to download the forwarder for Windows server 2003 ...

by Communicator in

Which from available Windows event logs is used to track my browsing history?

Hi, I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order ...

by Contributor in

What is the general capacity on a Splunk Load Balancer?

Hi Gurus! Here is the config first, [ 50 Universal Forwarders : Total 300G of Data ] ==> [2 Load Balancing For...

by Communicator in

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

I have splunk server 6.1.1 installed on Drive D and i upgraded it to 6.2 on windows2008R2. During istallation it did ...

by Explorer in

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

Trying to forward the logs that arrive into the indexer/head into another 3rd party Siem tool. Rather than setting th...

by New Member in

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

I am trying to create props.conf for a log file which has entries like below, {"timestamp":1429805010594,"message"...

by Communicator in

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I have Splunk set to monitor the folder that stores my IIS logs. It is currently working, however, since there is a n...

by Path Finder in

I'm trying to rename a sourcetype, by why isn't my configuration working?

Hi, I want to rename a sourcetype, but the following isn't working: [log4j] KV_MODE = auto ANNOTATE_PUNCT = fal...

by Champion in

In log file line break not working.

i working in sample log file in which some event break line is different i use BREAK_LINE = ([\r\n]+)/d+/./d/./d+* bu...

by Communicator in

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Hello Everyone, Here is the scenario. I have three source CSV files with joining fields: file1 field1 = file2 ...

by Explorer in

Disable Delete Capability - Free Edition

Is it possible to disable the delete capability from GUI on the free license of Splunk?

by Explorer in

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

I'm using splunk enterprise on a local windows based system. I have a file reader configured to watch a directory...

by Engager in

Why am I seeing timezone differences for sourcetypes on the same host?

Indexing log files from a couple of IIS-servers. The events being logged are logged as GMT, whereas the time here in ...

by Contributor in

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

I tried to setup 2 rules : - one to rename the sourcetype A to B for some events - one to apply a SEDCMD rule to the...

by Splunk Employee in

how to change date/time format in .csv email alert?

When I schedule the following search and send a report through email, the date/time in the attached .csv file does no...

by Splunk Employee in

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Hi 20140902191418.351 TrxManagerFactory.CreateTrxManager Done 20140902191418.351 TransactionBaseMgr.Init 201409021...

by Communicator in

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

Hello, Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head? ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

After updating a new license key, why is the indexing volume used not showing the correct result?

How do I get multiple sourcetypes from one source?

Dynamic list of Hostname

How does a forwarder protect against the loss of inflight detail?

Why are log sent to Splunk in GMT displayed in the future?

Timestamp preview different than timestamp in search

Why is my configuration not extracting CSV at index-time?

Is there a command to download the Splunk forwarder for Windows server 2003 32bit from the Windows terminal?

Which from available Windows event logs is used to track my browsing history?

What is the general capacity on a Splunk Load Balancer?

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I'm trying to rename a sourcetype, by why isn't my configuration working?

In log file line break not working.

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Disable Delete Capability - Free Edition

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

Why am I seeing timezone differences for sourcetypes on the same host?

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

how to change date/time format in .csv email alert?

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

multivalue field extraction using props and transf...

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions