Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
rbw78

Filter events before indexing

Hello, I'm consulting the documentation regarding filtering events before they get indexed but i have issue to under...
by rbw78 Communicator in Getting Data In 01-08-2015
0 6
0
6
dmhlakaza

ERROR ExecProcessor - message from "C:\SplunkUniversalForwarder\bin\splunk-winevtlog.exe" WinRegistryApi - RegKey::open - RegOpenKeyExW returned error 2: The system cannot find the file specified.

by dmhlakaza Explorer in Getting Data In 01-08-2015
0 1
0
1
a212830

How to remove headers from a custom app log file?

Hi, I'd like to remove some headers from a custom app logfile. I've tried some configs, but can't get it to work. ...
by a212830 Champion in Getting Data In 01-08-2015
1 3
1
3
vashidu

How to send syslog to sandbox?

How can i send syslog from my cisco asa to the splunk sandbox?
by vashidu New Member in Getting Data In 01-08-2015
0 9
0
9
harishshetty

Can I access the REST Sandbox REST API in the Online Sandbox?

My curl requests to online sandbox are timing out. curl -u admin:foobar -k <sandbox_domain>:8089/servicesNS/admin/se...
by harishshetty Engager in Getting Data In 01-08-2015
2 2
2
2
rsimmons

Failed to parse epoch timestamp for Checkpoint Opsec

Splunk isn’t recognizing the date from the opsec.logs since the date is being sent in a localized format
by rsimmons Splunk Employee Splunk Employee in Getting Data In 01-08-2015
0 1
0
1
jhernandez_splu

Modular Input: Do we need to parse a "name" stanza if I have defined in my spec that my named stanza is default?

I have been working on a modular input and been struggling with the way you read input stanza data from splunk all ex...
by jhernandez_splu Splunk Employee Splunk Employee in Getting Data In 01-07-2015
4 2
4
2
lbogle

Is it possible to disable encryption (SSL) between a search head and indexers?

Hello Splunkers, I would like to disable SSL between our Search Head and our indexers which are distributed in locati...
by lbogle Contributor in Getting Data In 01-07-2015
0 1
0
1
a212830

how to provide a status of a forwarder to a customer

Hi, I have some customers who do not have access to their servers and would like the ability to validate that the fo...
by a212830 Champion in Getting Data In 01-07-2015
0 10
0
10
stefanlasiewski

Why does Splunk not recognize standard fields in my Apache data forwarded by syslog?

I have over 100 Apache webservers which forward their logs to a syslog-ng server, which then forwards the data a TCP ...
by stefanlasiewski Contributor in Getting Data In 01-07-2015
1 12
1
12
Splunkster45

Find Transactions that overlap a certain timestamp

I've been able to use the transaction command to group logins and logouts of users. What's the best way to find the t...
by Splunkster45 Communicator in Getting Data In 01-07-2015
1 2
1
2
edwardrose

Why is my host_segment monitor configuration not working properly?

Ok I read the documentation about using host_segment but it does not seem to be working properly Here is my stanza: ...
by edwardrose Contributor in Getting Data In 01-07-2015
0 11
0
11
rene847

How to get all configuration files in my deployment in a file?

Hi all, I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)...
by rene847 Path Finder in Getting Data In 01-07-2015
1 3
1
3
cphair

How do I rename xml fields in props.conf?

I have a file of XML-like events that look like this: <Event Field1=foo Field2=bar Field3=baz > <Data Field4=wh...
by cphair Builder in Getting Data In 01-07-2015
0 4
0
4
dimitryz

UDP routing on indexer

Hi All , One of our clients wats to use single Splunk instance (indexer) for both receiving and sending data. They r...
by dimitryz Path Finder in Getting Data In 01-07-2015
0 1
0
1
CJOS

Is there any way to guarantee my Forwarder collecting all data?

Hi all. We are using Splunk Enterprise version of 6.1.3. Is there any way to guarantee my Forwarder collecting all da...
by CJOS Engager in Getting Data In 01-07-2015
2 3
2
3
meenal901

Inputs.conf to monitor in given time range only

Hi, I have a situation: The logs are getting generated 24x7, but the client wants to monitor only during offline hou...
by meenal901 Communicator in Getting Data In 01-07-2015
0 4
0
4
pramit46

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

I want to index the splunk resultset for future use. Do I always have to store it in a file?
by pramit46 Contributor in Getting Data In 01-07-2015
1 2
1
2
simonbuskens

Best way to index .csv files with some common fields

Hi I have a series of .csv files (1 for each month) where the first 100 fields are the same, but after that there are...
by simonbuskens Engager in Getting Data In 01-06-2015
1 6
1
6
auragrp

Forwarder Data not showing in indexes

Recently I upgraded our Splunk installation from the 5 version to the new 6.0 version. The installation is pretty va...
by auragrp New Member in Getting Data In 01-06-2015
0 9
0
9
mwilson788

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

We are currently using props.conf and transforms.conf to combine all non-internal ingest into a single index on our h...
by mwilson788 Explorer in Getting Data In 01-06-2015
0 10
0
10
stekilburn

Capability to upload data files via the gui for a user?

I need to assign a capability to an existing Splunk user, so that they can upload files to their own index themselves...
by stekilburn Explorer in Getting Data In 01-06-2015
1 3
1
3
lmtaylor

How to configure inputs.conf on a Universal Forwarder to only read the current day's file that contains the date?

I'm trying to configure inputs.conf to only read the current days file that contains the date. The file name changes ...
by lmtaylor Engager in Getting Data In 01-06-2015
1 1
1
1
a212830

help with xml input

HI, I need some help with an xml input being sent via a tcp port. Here's an example of the input: <version>0003...
by a212830 Champion in Getting Data In 01-05-2015
0 4
0
4
jpena323

ignore specific parts of a log entry with props.conf and transforms.conf?

Hi Splunkers! Thank you so much for your help in advance! I'm trying to ignore specific fields within a syslog entr...
by jpena323 Explorer in Getting Data In 01-05-2015
0 2
0
2
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...
Top Solution Authors
View All