Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
splunk_worker

collect not storing the extracted fields into new index and what is way to save all extracted fields into new index

Topic: collect not storing the extracted fields into new index and what is way to save all extracted fields into new ...
by splunk_worker Path Finder in Getting Data In 06-22-2014
0 5
0
5
koudis

Scripted input with current time and line merge

Hi, does anyone known how to setup scripted input. For example netstat from Unix app with current time and line mergi...
by koudis Explorer in Getting Data In 06-20-2014
0 3
0
3
ramsanga

Forwarding between multiple forwarders then to indexer

My Splunk architecture is like this I have three data centers (DC) and one each heavy forwarder in them .In each DC ...
by ramsanga Explorer in Getting Data In 06-20-2014
0 2
0
2
Isaias_Garcia

Date and time issue: Why event logs have timestamps 2017 and 2018?

Hi- There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in the ...
by Isaias_Garcia Path Finder in Getting Data In 06-19-2014
0 3
0
3
emalenfant

Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments?

So I seem to be having an issue with blacklists and whitelists. I've got the following configured below, but for some...
by emalenfant Explorer in Getting Data In 06-19-2014
1 4
1
4
gajananh999

How to get detailed report of installed forwarder on Windows deployment Server?

Dear All, We have installed some forwarders on windows machine and made them as deployment client and we want to kno...
by gajananh999 Contributor in Getting Data In 06-19-2014
0 2
0
2
neiljpeterson

How to use wildcards in [monitor://...] along with whitelist pattern?

This should be an easy one... This works great [monitor:///opt/tcserver/server/appname/logs] whitelist = \.log$|\.l...
by neiljpeterson Communicator in Getting Data In 06-19-2014
0 5
0
5
BP9906

Splunk Forwarder v6 - verify timezone

How can I see what timezone the forwarder is using in my v6 to v6 splunk setup? I'm just curious to verify it's set...
by BP9906 Builder in Getting Data In 06-19-2014
0 1
0
1
lmacneil76

XML indexing using TRUNCATE and crcSalt together fails

Having a hard time getting this right, if (TRUNCATE = 0) or (crcSalt = ) are used by theselfs they work. Does inputs....
by lmacneil76 Explorer in Getting Data In 06-18-2014
0 1
0
1
timmalos

Indexing data with multiple headers

Hi I got a file like this: "No.","time",Header1,Header2,...,Header128 "1","2013/10/18 14:59",Value1,Value2,...,Value...
by timmalos Communicator in Getting Data In 06-18-2014
0 11
0
11
prathyusha_99

indexer configured but inactive on new Linux servers

I have been working on configuring splunk on the new Linux servers that were added to our environment. I ran into som...
by prathyusha_99 Engager in Getting Data In 06-18-2014
1 2
1
2
tcalhoon

Can Splunk Universal Forwarder be installed on EMC NAS running DART 7.1.74-5 OS?

We have EMC NAS device with specifications- EMC VNX 5500 file system NAS running DART 7.1.74-5 OS. Can a Splunk UF b...
by tcalhoon Explorer in Getting Data In 06-18-2014
1 1
1
1
Ed_Alias

Windows Last Logon

Hi, i'm trying to make a request to get the last logon for each users in my windows infrastructure; i have a simp...
by Ed_Alias Path Finder in Getting Data In 06-18-2014
0 8
0
8
Isaias_Garcia

Newly created logs from a currently monitored directory is not showing in Splunk

I have the below config setup in inputs.conf to monitor all logs found in /var/log directory ( e.g. messages,mailog,n...
by Isaias_Garcia Path Finder in Getting Data In 06-18-2014
0 4
0
4
thiagarajan

How to calculate Average duration based on Timestamp?

My log looks something similar to this. I will have at least 100 different durations per hour. (Duration is the time ...
by thiagarajan Explorer in Getting Data In 06-17-2014
0 6
0
6
ShaneNewman

Poking TCP Ports from Windows PowerShell

A vendor is requesting that we Poke several TCP ports and send specific text to capture application status. "Poke 808...
by ShaneNewman Motivator in Getting Data In 06-17-2014
1 4
1
4
the_wolverine

Is there a way to limit the thruput of my forwarder?

I don't want my forwarder to consume too much bandwidth or other server resources sending out data. How can I limit ...
by the_wolverine Champion in Getting Data In 06-17-2014
1 3
1
3
zowa

Extracting fields from JSON - Whois Add On

Hello, I am using the Whois Add On to get Whois information from ip addresses. Here is an example: index=pan* dest!...
by zowa Engager in Getting Data In 06-17-2014
0 2
0
2
sf_user_199

apache access_common sourcetype not working

Hello, I have recently configured a Splunk light forwarder to monitor an apache access_log. I specified that the fi...
by sf_user_199 Path Finder in Getting Data In 06-17-2014
1 3
1
3
jayannah

timestamp contain T between date and time

Hi All The timestamp is in the format T , e.g: 2014-06-05T05:03:53-07:00 Is there any configuration supported in S...
by jayannah Builder in Getting Data In 06-17-2014
2 5
2
5
clymbouris

SNMP Modular Input trap issue

Hi, I'm trying to setup Splunk as a trap listener via the Modular Input for some testing. My inputs.conf looks like...
by clymbouris Path Finder in Getting Data In 06-16-2014
0 1
0
1
sseekamp

Yet more timezone excitement

I have logs with a timezone specified like: 2014 Apr 30 20:37:31:001 GMT -5 There is a space between the GMT and th...
by sseekamp Explorer in Getting Data In 06-15-2014
0 3
0
3
stefan_radovano

Field transformation based on source

Hi All, We log data from devices belonging to different customers, they are written to our syslog server in files n...
by stefan_radovano Explorer in Getting Data In 06-14-2014
1 6
1
6
simonroberts2

kv_mode=json with combined json / textual loglines

I currently index a range of semi-structured log lines which contain a mix of textual and json data. I've recently up...
by simonroberts2 Engager in Getting Data In 06-13-2014
3 2
3
2
tlow

Disable the Universal Forwarder Clients

what is the best ways to disable the universal Forwarder Clients sending data to the indexer. I tried deploying an a...
by tlow Explorer in Getting Data In 06-13-2014
2 2
2
2
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All