Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
VaultTec

Why I don't see newly indexed files in the "Data inputs » Files & directories" menu

Hello Everyone! I'm a newbie and have a newbie question: I've added few log files to be indexed via the Data inputs...
by VaultTec Engager in Getting Data In 09-20-2014
0 4
0
4
carlskii

How to configure props.conf to parse JSON data structures?

Hi, I have the following JSON data structure which I'm trying to parse as three separate events. Can somebody please...
by carlskii New Member in Getting Data In 09-19-2014
0 2
0
2
DW2054

How to search web traffic from a particular ip address, count hostnames by 15 minute incriments | then chart count by catdesc.

What I am trying to get: A 14 days chart of category descriptions that has a meaningful count. Right now I see thing...
by DW2054 Engager in Getting Data In 09-19-2014
0 2
0
2
woodcock

TIME_FORMAT strptime bug for %s: mitigation with non-conversion-specification characters?

According to this: http://pubs.opengroup.org/onlinepubs/009695399/functions/strptime.html Which is referenced from...
by Esteemed Legend in Getting Data In 09-19-2014
0 4
0
4
gajananh999

how to blacklist events from file

Hello All, I am working on props.conf and transforms.conf files to clean some data before indexing the data into spl...
by gajananh999 Contributor in Getting Data In 09-19-2014
0 5
0
5
_gkollias

How to create a correlation using Splunk data and a CSV

Hello, I'd like to create a search to show how many transactions are in Splunk compared to how many orders are on th...
by _gkollias Builder in Getting Data In 09-19-2014
0 11
0
11
Cuyose

Unable to break xml without timestamp

I am trying to break these into separate events and have tried everything and its just not working < sale id="101212...
by Cuyose Builder in Getting Data In 09-19-2014
0 8
0
8
twinspop

How to use relative dates based on now in a form's time picker?

The time picker field will use now as the latest time for many of the choices. I'm trying to create a week over week ...
by twinspop Influencer in Getting Data In 09-19-2014
0 1
0
1
AbhinandGokul

Duplicate events because of hosts writing to the same log file shared on a NFS

Hello All, I am a total newbie to SPLUNK and request expert's help to create a query/dashboard. We have a set of ser...
by AbhinandGokul New Member in Getting Data In 09-19-2014
0 5
0
5
Kmishkind

Restart Splunk_TA_opseclea but ignore old data

We had to shut down Splunk_TA_opseclea as we worked to manage our data flow. We are ready to restart the forwarder b...
by Kmishkind New Member in Getting Data In 09-19-2014
0 3
0
3
mirandainfusion

Possible to merge two existing search heads on one host without pooling?

Currently I am working with two hosts that have search head and indexer functionality. I am looking at moving the sea...
by mirandainfusion Engager in Getting Data In 09-19-2014
0 3
0
3
jamesmcgonagle

How do I configure the forwarder local inputs config file for more than one host

[default] host = host1,host,2 etc
by jamesmcgonagle Explorer in Getting Data In 09-18-2014
0 8
0
8
kevinmann13

Why are interesting fields missing after importing a large CSV file with 100 fields?

I am importing a CSV with around 100 fields. When importing, I see the review screen and it shows all of the fields a...
by kevinmann13 Explorer in Getting Data In 09-18-2014
1 8
1
8
bigrichie90

How to find the time difference for the duration of a session?

I am trying to avoid using a join so I use an append. The whole reason behind this is to calculate the duration of a ...
by bigrichie90 Path Finder in Getting Data In 09-18-2014
1 7
1
7
DonDandrea

Accessing SharePoint directories using UNC: Why splunkd.log shows "Monitoring file or directory that doesn't exist at startup time"?

I am trying to use fschange to monitor some SharePoint directories. As a user on my remote forwarder box I can access...
by DonDandrea Path Finder in Getting Data In 09-18-2014
0 1
0
1
aashish_122001

How to prevent columns in a CSV file from displaying in a report?

I have a csv file having 5 columns but I want to display only 3 columns..how can I limit the columns in the report. ...
by aashish_122001 Explorer in Getting Data In 09-18-2014
0 2
0
2
pfernandez133

User Unable to Delete Own Saved Searches

Hey guys, one of my users encountered an issue where he is unable to delete his own saved search. Even though he is ...
by pfernandez133 Explorer in Getting Data In 09-17-2014
0 1
0
1
a212830

What is the best way to automatically map a field extracted via KV_MODE=auto to the host field in the event?

I have a feed that has nice key-value pair fields, which are automatically getting populated, via KV_MODE=auto in my ...
by a212830 Champion in Getting Data In 09-17-2014
0 2
0
2
Deecie

Unable to re-index all data

I'm trying to re-index some old data now that I've changed what index it goes into and The data comes in from a UF ...
by Deecie Explorer in Getting Data In 09-17-2014
0 5
0
5
ebailey

How to use sourcetype to route data from a heavy forwarder to a specific index?

I am trying to route data from a heavy forwarder to a specific index. I would prefer the rule be run on the indexers ...
by ebailey Communicator in Getting Data In 09-17-2014
1 13
1
13
fisk12

forward from windows machine problem

I have installed a universial forwarder on a windows machine and having it send to my splunk machine. The problem is...
by fisk12 Path Finder in Getting Data In 09-16-2014
0 5
0
5
Bill_B

How to configure props.conf and/or transforms.conf to filter out events with a specific sourcetype?

I am working on what should be a very easy filter, but cannot get it to work. I want to filter out events with source...
by Bill_B Communicator in Getting Data In 09-16-2014
0 4
0
4
Richfez

Resetting Remote Windows Event collection "starting point"

While testing some training materials, I created a temporary index and a remote windows event collection input for my...
by SplunkTrust SplunkTrust in Getting Data In 09-16-2014
1 2
1
2
aashish_122001

How to query data on an index that is monitoring a directory with CSV files?

Hi Experts, Can anyone please tell me how to write a search query on index which is monitoring a directory having CS...
by aashish_122001 Explorer in Getting Data In 09-16-2014
0 9
0
9
hacktastic

How do I suppress web page pop-up when I uninstall Splunk?

Hi, I'm building a hands-off LWF installer to be pushed out to Windows servers that removes older versions of Splunk...
by hacktastic Path Finder in Getting Data In 09-16-2014
4 4
4
4
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All