Getting Data In

Discussions

Thread Info

How to parse/index only json entry from raw data which are in non-uniform pattern?

by New Member in

Dynamic SNMP OID - Convert ASCII number to Text Value

Let me start by admitting there are likely a half dozen better ways to ingest the data but I don't have access to cha...

by Engager in

Hot buckets filling up

I have 36 indexers each with 2.7gb of space. There are currently 29 of the 36 at capacity and keeping entering abnorm...

by Engager in

Need CPU and Memory peak utilization of multiple VM's

Hi All, I am very new to Splunk. My organisation uses Splunk for all infra monitoring, I am trying to get the "Pea...

by New Member in

JSON Syntax highlighting by default

Hi, The syntax highlighting for JSON data (with INDEXED_EXTRACTIONS = JSON) is a nice feature. However, from what ...

by Builder in

Time zone conversion.

Hello, please help on below query i have data that start time and end time in system location but users are in ...

by New Member in

What does Splunk-perfmon.exe need to write to registry keys?

Have an antivirus reporting some writing attempts from process splunk-perfmon.exe to the following registry keys: ...

by Splunk Employee in

Help with SEDCMD-drop

Here is my issue, i have logs that look like this: <--CT<-- -------------------------------------------------- 10:...

by Communicator in

Blacklist format

-- I want to see events of 4648. I want to filter out certain ones. Is my stanza configured correctly? \etc\system...

by New Member in

Whitelist bad logon

I want to whitelist events when users put the password in the logon window during login. See example below, note the ...

by New Member in

Fully disable perfmon

Hello all, I am trying to fully disable perfmon from our splunk instance as we don not use this data to monitor an...

by Engager in

Cisco Networks App - no results found, open in search does show results

Hi, I'm having an issue with some dashboard of the Cisco Network App. Take for example the routing dashboard. Ther...

by New Member in

Unable to move index database to another drive in Windows Server 2019

Hey Guys! I am very new to Splunk Enterprise and it's still in testing phase. I am trying to use this documentation h...

by Explorer in

Error while installing Splunk forwarder in windows system

I am installing 7.0.13.1 UF Agent but I am receiving above error... In Windows server 2012 R2 64 bit Universal for...

by Loves-to-Learn in

Line Break Problem due to non-standard timestamps

Hi Have some data coming into Splunk that has some unusual timestamp formatting: here is an example log file: *...

by Explorer in

"Files & Directories" Monitoring not reading all files?

So here's the deal; I've pulled down a week’s worth of logs in a hierarchically structured folder from our local serv...

by Engager in

Best way to delete all data in an index every night?

I have an index (few million rows) that I need to delete and re-index the new data every night from a DB input. The d...

by Communicator in

What are the best practices for defining source types?

I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the...

by Ultra Champion in

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

I've followed the docs for setting up log-to-metrics but I haven't been able to get it to work as intended. I have...

by New Member in

extract complete path from a wildcard Inputs file monitor

Example monitor://foo/bar I want all the file it grabs under bar with the full path to those file. like if there i...

by Explorer in

Getting Data In

Discussions

How to parse/index only json entry from raw data which are in non-uniform pattern?

Dynamic SNMP OID - Convert ASCII number to Text Value

Hot buckets filling up

Need CPU and Memory peak utilization of multiple VM's

JSON Syntax highlighting by default

Time zone conversion.

What does Splunk-perfmon.exe need to write to registry keys?

Help with SEDCMD-drop

Blacklist format

Whitelist bad logon

Fully disable perfmon

Cisco Networks App - no results found, open in search does show results

Unable to move index database to another drive in Windows Server 2019

Error while installing Splunk forwarder in windows system

Line Break Problem due to non-standard timestamps

"Files & Directories" Monitoring not reading all files?

Best way to delete all data in an index every night?

What are the best practices for defining source types?

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

extract complete path from a wildcard Inputs file monitor

TA MS defender not working

DB Connect App template

DB query to fetch logs from McAfee ePO 5.10

Suggest best way to onboard Default Reports availa...

Splunk HF monitoring a file