Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How will Splunk handle the clock change for leap seconds in June 2012?

See this webpage for reference - http://www.timeanddate.com/time/leapseconds.html On June 30 2012, an extra second...

by Communicator in

Things to do when you first install Splunk?

What are the things that you normally do as part of a Splunk server installation? David Carasso published a nice l...

by Legend in

Json format is not getting indexed

Hi, I am trying to analyze the json file for some reason it is not getting indexed. Here is a sample json file [ {...

by New Member in

is it safe for app-developers to use pulldown_type=true on their sourcetypes

props.conf has a boolean setting called "pulldown_type". If you set it to true, then the name of your sourcetype will...

by SplunkTrust in

Was there a change in Splunk 6.1.5 with how an indexer reads indexes.conf compared to previous versions?

In the process of migrating to an indexes app instead of fixed /opt/splunk/etc/system/local/indexes.conf, I did a sea...

by Explorer in

Timestamp extraction - Selecting 2013 instead of 2007

I am trying to extract timestamp. But instead of 2007, Splunk is extracting 2013 which is not at all in my event. Cou...

by Builder in

Can I use a REST API command to identify saved searches using a summary index?

Can use a REST API command to identify saved searches using a summary index?

by Communicator in

Index appears to be truncated prior to Max Index Size

I have an index "eng_1" that has a max size of 500,000 MB. When I look in SplunkOnSplunk it reports this index to be ...

by Path Finder in

Has anybody indexed json format file

Hi, Has anybody done parsing JSON file. If you can let me know what are the setting being done in input.conf...

by New Member in

Why is no security data being indexed with my current WMI input?

I am trying to index Security Data from a remote location using the configuration below, but it nothing is getting in...

by Splunk Employee in

How to assign custom JSON field with epoch time as the timestamp for events?

We are inputting JSON fields to splunk. One of the fields eventTime should be the event time for the index. { ...

by Path Finder in

How do you handle Summary Indexing in a distributed environment?

I'm very curious to hear how other admins are handling summary indexing with multiple indexers and search heads. S...

by Influencer in

When Splunk is configured to read a file, does it need to be done on the indexer side and how to handle a file edited weekly?

Hi: I know it is possible for Splunk to read data from a file, but I just had some questions that I need to be add...

by Path Finder in

Why is Splunk not indexing .gz files?

I created a folder on our dev Splunk server, and then copied over 12 .gz files (from our radius server). As a test...

by Motivator in

Can you send different logs to different Indexers from the same forwarder?

I would like to be able to send Log A to Indexer A and Log B to Indexer B from one forwarder.

by New Member in

How to edit my inputlookup subsearch to return field values from the csv only if the values were not found?

index=audit /collect earliest=-300d [inputlookup serials2check | fields serial | multikv fields serial | rename seria...

by Communicator in

Practices when reading/writing .conf files

Hi, In the Splunk App I am working on , there is a need to specify some parameters through UI, persist them and la...

by Path Finder in

How to use deployment server to update clients without overriding changes we'll be making to our Splunk Server's IP?

A while ago we have deployed about a 1000+ Universal Forwarder over our network, not knowing about deployment server....

by Explorer in

Running Splunk on Encripted HDD by BitLocker in Windows server?

Hi, I would like to know if anyone is running Splunk Indexer on encripted HDD by BitLocker in Windows? Not rec...

by Motivator in

How to receive syslog from QNAP

Setting on QNAP is just 4 below. 1 enable syslog 2 configure destination (splunk) server IP address 3 UDP port: 51...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How will Splunk handle the clock change for leap seconds in June 2012?

Things to do when you first install Splunk?

Json format is not getting indexed

is it safe for app-developers to use pulldown_type=true on their sourcetypes

Was there a change in Splunk 6.1.5 with how an indexer reads indexes.conf compared to previous versions?

Timestamp extraction - Selecting 2013 instead of 2007

Can I use a REST API command to identify saved searches using a summary index?

Index appears to be truncated prior to Max Index Size

Has anybody indexed json format file

Why is no security data being indexed with my current WMI input?

How to assign custom JSON field with epoch time as the timestamp for events?

How do you handle Summary Indexing in a distributed environment?

When Splunk is configured to read a file, does it need to be done on the indexer side and how to handle a file edited weekly?

Why is Splunk not indexing .gz files?

Can you send different logs to different Indexers from the same forwarder?

How to edit my inputlookup subsearch to return field values from the csv only if the values were not found?

Practices when reading/writing .conf files

How to use deployment server to update clients without overriding changes we'll be making to our Splunk Server's IP?

Running Splunk on Encripted HDD by BitLocker in Windows server?

How to receive syslog from QNAP

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Why is there an issue with Sourcetype Log2jmetrics...

Splunk 8.2.1 and 7.3.1, data not onboarded

Data not showing after upgrading to 8.1.10 from 7....

Issues with HEC

Why logstream field from Cloudwatch is being rejec...