Getting Data In

Community Activity

How to not index first X lines in CSV file ?? Hello, I am trying to index a CSV file that has data arranged like so: PHY_Short_CSW_CMA.csv Serial number : 36358(... by joshd Builder in Getting Data In 04-29-2014 3 9	3	9
Splunk is re-indexing entire file, not just changes I have a vendor provided log file (I have no way to change it) that has both a changing header and a changing footer.... by thesteve Path Finder in Getting Data In 04-28-2014 0 1	0	1
Deployment Monitor - scheduled searches necessary? I've seen other questions regarding the number of scheduled searches by Deployment Monitor to cause the maximum numbe... by sc0tt Builder in Getting Data In 04-28-2014 2 1	2	1
Configuring nullQueue With Monitor and Sourcetype I've seen many questions regarding dropping information from logs by sending them to a nullQueue, however this is alw... by confma812 Explorer in Getting Data In 04-28-2014 0 5	0	5
avoid duplicate indexing in splunk I have a scheduler which logs the data to my log file every hour, the log I use in splunk. Now the problem is every t... by c_sahil New Member in Getting Data In 04-28-2014 0 3	0	3
route data to indexes based on fields I have xml data which I want to route to different indexes based on the value of "Department" field. Pasted below is ... by kittu26 New Member in Getting Data In 04-27-2014 0 1	0	1
Event Breaks at line 257 Events always breaks at line 257. I have made changes to props.conf file under system/local in forwarder. But for som... by jpraman2000 New Member in Getting Data In 04-27-2014 0 1	0	1
forward installer returns error code 1073741795 on Win2003 Hello, trying to install 32-bit forwarder (splunkforwarder-6.0.2) returns error code 1073741795 on a Windows 2003 AD-... by cuph62 New Member in Getting Data In 04-25-2014 0 1	0	1
Using transforms to replace _raw data vs SEDCMD I have a group that has Windows object access auditing turned on for the wrong things which is generating a ton of ev... by Runals Motivator in Getting Data In 04-25-2014 1 11	1	11
Applying props on UF and transforms on the Indexer in Splunk 6 Hello I am trying to get the IIS data from windows hosts and it looks like we can apply the props.conf on the UF its... by theouhuios Motivator in Getting Data In 04-25-2014 0 6	0	6
Log directly to Splunk with log4j Hi, I'm doing some testing on how to use Splunk the best possible way. I have fallen in love with the method of using... by tbo Explorer in Getting Data In 04-25-2014 0 9	0	9
How to reindex the file when file added new lines in the tail? I use moniter the directory /etc to see the file content, and edit the file inputs.conf as follows: [monitor:///etc]... by fandongru New Member in Getting Data In 04-25-2014 0 1	0	1
licensing issues with splunk Local server information Indexer name xxxxxx.com License expiration Apr 26, 2013 6:28:39 PM Licensed daily volume... by Nossie New Member in Getting Data In 04-24-2014 0 3	0	3
Setup forwarder on CentOS DHCP server to a Splunk Server How do I setup a Universal Forwarder on a CentOS DHCP server to forward all DHCP messages written to the /var/log/mes... by nelsoko Engager in Getting Data In 04-24-2014 0 2	0	2
split syslog data from multiple ip addresses into separate indexes I have multiple linux hosts sending syslog data (port 514) and want to split the data into different indexes based on... by plj3736 New Member in Getting Data In 04-24-2014 0 5	0	5
Reporting on Duplicates Hello, So every 24 hours we run daily evaluations on computers that create numerical ratings. Our daily reports disp... by mphillips_18 Engager in Getting Data In 04-24-2014 0 5	0	5
alert_actions.conf for Exchange, no encrypted authentication Hello, I have been provided an Exchange account, which I configured in alert_actions.conf (via web console). No ssl,... by ericp56 Explorer in Getting Data In 04-24-2014 0 3	0	3
hex encoded unix timestamp? Can Splunk be configured to index my events (below) that have a hex encoded unix timestamp? 4c36117c maverick aaaaa ... by maverick Splunk Employee in Getting Data In 04-23-2014 3 6	3	6
Filter data out from Data Input Hi, I have spent last 2 hours searching for this simple scenario on Splunk Answers, without any luck. Here is the c... by bahmed New Member in Getting Data In 04-23-2014 0 6	0	6
Time Segregation from Timestamp Could you please let me know how to extract the day of the week, month,date(dd), time of the day (hh:mm:ss),year from... by Jananee_iNautix Path Finder in Getting Data In 04-23-2014 0 2	0	2
Adding new fields in an auto-extracted CSV. I have had a sourcetype working fine for months which used a \| as a field delimiter in a CSV file with a header. Yes... by howyagoin Contributor in Getting Data In 04-23-2014 0 1	0	1
Error 'Could not find all of the specified destination fields in the lookup table.' Please save my forehead from slamming into my keyboard over this one because it's eluding me and following the docs a... by cvervais Path Finder in Getting Data In 04-22-2014 0 6	0	6
Install problem with Splunk Universal Forwarder 5.0.2 for Windows x64 I'm having a strange problem where I can't get the universal forwarder to install on a Windows 2k8R2 box. Even instal... by aweitzman Motivator in Getting Data In 04-22-2014 0 1	0	1
Linux Syslog and Timezone Offset Hello, We have varying application servers that have different time zones set based on the customer's timezone locati... by BP9906 Builder in Getting Data In 04-22-2014 0 5	0	5
Automatic removal of duplicate log entries Hi, I currently have the following configuration: --> rsyslog server (with splunk forwarder... by tpride Engager in Getting Data In 04-21-2014 0 2	0	2

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

How to not index first X lines in CSV file ??

Splunk is re-indexing entire file, not just changes

Deployment Monitor - scheduled searches necessary?

Configuring nullQueue With Monitor and Sourcetype

avoid duplicate indexing in splunk

route data to indexes based on fields

Event Breaks at line 257

forward installer returns error code 1073741795 on Win2003

Using transforms to replace _raw data vs SEDCMD

Applying props on UF and transforms on the Indexer in Splunk 6

Log directly to Splunk with log4j

How to reindex the file when file added new lines in the tail?

licensing issues with splunk

Setup forwarder on CentOS DHCP server to a Splunk Server

split syslog data from multiple ip addresses into separate indexes

Reporting on Duplicates

alert_actions.conf for Exchange, no encrypted authentication

hex encoded unix timestamp?

Filter data out from Data Input

Time Segregation from Timestamp

Adding new fields in an auto-extracted CSV.

Error 'Could not find all of the specified destination fields in the lookup table.'

Install problem with Splunk Universal Forwarder 5.0.2 for Windows x64

Linux Syslog and Timezone Offset

Automatic removal of duplicate log entries

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation