Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
vaishnavi07

Cant find data added through inputs.conf

I tried adding the data through inputs.conf. I am trying to add sample log file from my system to the splunk server. ...
by vaishnavi07 Explorer in Getting Data In 11-17-2014
0 20
0
20
sympatiko

In a cluster with a replication factor of 3, if one indexer is replaced, will a copy of the data from the 2 working indexers replicate to the new indexer?

Hi splunkers, Good day! I have a clustered setup of RF=3 and SF=3. I'm just curious, what if one of my indexers need...
by sympatiko Communicator in Getting Data In 11-16-2014
1 6
1
6
mthierbel

When does the ANNOTATE_PUNCT props.conf setting apply? At input-time or index-time?

According to Splunk's documentation for props.conf, the ANNOTATE_PUNCT setting "Determines whether to index a special...
by mthierbel Explorer in Getting Data In 11-16-2014
0 1
0
1
v2k007

Unable to parse timestamp from xml tag

I am facing problem with timestamp from xml file entry. Following is the sample tag from xml file <row Id="82949" U...
by v2k007 Engager in Getting Data In 11-16-2014
0 3
0
3
hartfoml

How to troubleshoot why my intermediate forwarder is not working, causing 600 universal forwarders to not send data to indexers?

I have a ticket in with support but this may be faster. My intermediate forwarder is not working right. When I rest...
by hartfoml Motivator in Getting Data In 11-15-2014
1 3
1
3
cdo_splunk

Why can't I see the Forwarder Inputs section under Data Inputs after upgrade from Splunk 6.1.4 to 6.2 and using DB Connect 1.1.4?

I followed the following steps while while upgrading from Splunk 6.1.4 to 6.2, but the Forwarder Inputs section under...
by cdo_splunk Splunk Employee Splunk Employee in Getting Data In 11-14-2014
1 1
1
1
sympatiko

What are hardware recommendations for servers and indexers in our cluster setup?

Hi, Just a newbie here. Im planning to have a RF=3 SF=3 clustered setup with 5GB on a raid 10 a day volume running. ...
by sympatiko Communicator in Getting Data In 11-14-2014
1 2
1
2
btiggemann

Why is the timestamp not recognized for one particular event from our Microsoft TMG Proxy Logs?

Hi Splunkers, I have a strange problem with Microsoft TMG, Splunk can't find the time stamp on one particular event...
by btiggemann Path Finder in Getting Data In 11-14-2014
0 2
0
2
feliz

How to configure props.conf and transforms.conf on Windows heavy forwarder to remove unwanted characters in rsyslog logs?

Hi there, We have a Windows Heavy Forwarder which gets Windows logs. We want to send these logs to an external Rsysl...
by feliz New Member in Getting Data In 11-14-2014
0 2
0
2
alessandromagri

Why can't I see any Windows data forwarded from a Win7 machine with a universal forwarder installed and monitoring configured?

Hi everybody, I need to set up a system monitor that collects logon and logout data from some Windows machines (serve...
by alessandromagri New Member in Getting Data In 11-13-2014
0 3
0
3
peter_gianusso

How to properly parse timestamps in Splunk for some text log files in a directory that have dates without a year?

I have seen somewhat similar issues on here, but none that meet my situation. I have a directory on a Windows server...
by peter_gianusso Communicator in Getting Data In 11-13-2014
0 4
0
4
keywork

Why is my configuration to anonymize data not working for fields named by FIELD_NAMES in props.conf?

Hallo, I am in the need of anonymizing the second column in a tab-separated log file. I use the method described in ...
by keywork Explorer in Getting Data In 11-13-2014
0 5
0
5
Raghav2384

search time field extractions using props for an Indexed field

Hello Experts, We have a field xyz which holds mac addresses. Problem is, some of the mac addresses are of xx:xx:xx:x...
by Raghav2384 Motivator in Getting Data In 11-13-2014
1 10
1
10
santiagoaloi

How to move internal logs from Deployment Server _internal db to Index Server _internal db?

Hello, I'm having a hard time finding a way forwarding all the internal logs from my Deployment server to the Index ...
by santiagoaloi Path Finder in Getting Data In 11-13-2014
0 1
0
1
meenal901

NullQ output to a File?

Hi, I have applied NullQ and IndexQ filtering on my log files at Heavy Forwarder. But the client demands, we do not ...
by meenal901 Communicator in Getting Data In 11-13-2014
0 2
0
2
pete_charlton

I have a universal forwarder installed on a linux syslog server, have created an deployment app and see that it is deployed to the server, but the data is not showing up, any suggestions?

I have created an index called prod_syslog with four sourcetypes monitoring the below paths. I see this app is deplo...
by pete_charlton Explorer in Getting Data In 11-13-2014
0 3
0
3
gawman

Why Linux search head does not pick up new search-time extractions or field aliases from Windows indexers' configuration?

I have a Linux server that forwards data (no local indexing) and also acts as a search head with two Windows search p...
by gawman Explorer in Getting Data In 11-12-2014
0 2
0
2
brod_geico

How to configure inputs.conf to apply crcsalt for only a few files under a directory/folder, not all of them?

I need to apply CRCsalt for only few file under dir/folder not all of them. Below is my current inputs.conf [monitor...
by brod_geico Path Finder in Getting Data In 11-12-2014
0 1
0
1
feickertmd

How to split a value that is delimited lines inside of a delimited line

Here's a puzzler for you all. I have SharePoint search logs coming in. The results field has a value like this: 4##1...
by feickertmd Communicator in Getting Data In 11-12-2014
0 6
0
6
rune_hellem

IIS failedRequests - How to define line breaking for XML / Filter events in XML to nullQueue

I am trying to configure Splunk to index IIS failedrequests. My priority is To have Splunk indexing the Event- tags...
by rune_hellem Contributor in Getting Data In 11-12-2014
1 1
1
1
mldeschenes

Why splunkd or splunkweb services do not start after upgrade from Splunk 6.1.1 to 6.2 on Windows 2008 64bit??

Running windows 2008 64bit , simply wanted to upgrade as it was prompting me too and got annoying so I did now it's b...
by mldeschenes Explorer in Getting Data In 11-12-2014
0 4
0
4
kengilmour

Getting logs for after hours access

Hello, I want to be able to get logs from Splunk for anyone who came in to the building between 7PM and 7AM the next...
by kengilmour Path Finder in Getting Data In 11-12-2014
2 6
2
6
jrcajide

How to create a month over month, year over year report on web analytics metrics data from CSV files?

Hi folks! This is my first post here. I am new to Splunk although I have been intensively working with it for the las...
by jrcajide New Member in Getting Data In 11-12-2014
0 10
0
10
cwl

日時情報の抽出方法について

ログ内の日付と時刻が続けて表示されていない場合、どのように抽出すれば良いでしょうか。 例えば、以下のように日時情報が030216の部分で、つまり、03時02分16秒となっていまして、日付情報が120814の部分で、つまり、12日...
by cwl Contributor in Getting Data In 11-11-2014
1 4
1
4
rubeniturrieta

What sourcetype should I set Cisco:asa switch data to and how to set two different sourcetypes for one UDP data input?

I have Splunk configured with UDP 514 as data input, with sourcetype cisco:asa (firewall) in the main index. However...
by rubeniturrieta Communicator in Getting Data In 11-11-2014
1 2
1
2
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All