Getting Data In

Ask a Question

Discussions

Thread Info

Filter records using time modifiers

Can someone tell me why this is not working:- I need to filter records having 'Start_Time' within the mentioned ra...

by Communicator in

How to split a fieldvalue at the very first line break?

Hi, I want to split up a fieldvalue into two parts at the very first linebreak (in total there is an unknown amoun...

by Motivator in

Splunk and Active Directory

I am currently trying to use Splunk to parse data from our Active Directory. I have currently loaded the Apps: Spl...

by Communicator in

Sourcetype Assignment

Hello All, I have two servers with hostnames H1 & H2, both have the same log file named "/apps/logs/log.log" I ...

by Contributor in

Files Integrity Checker error ?

Hi All, We are getting this below message in our search head portal. We are using cluster search heads and splunk ver...

by Motivator in

remove whitelist restrictions?

I had been using an inputs.conf whitelist to filter event logs by event code but now I would like to send all securit...

by Explorer in

How to debug why a universal forwarder is reading all log files except one?

Hello, I have configured inputs.conf on a universal forwarder. The file contains around 20 entries for log files, ...

by Explorer in

Cisco Security Suite ASA firewall logs not showing in app

Hello, I've setup a new Splunk server to demo here and i'm pretty new to the whole Splunk scene. i'm trying to ad...

by Explorer in

Blacklist directories?

I'm missing something here: blacklist = (samba|yum|.gz) samba is a directory, the others are files. splunk s...

by Explorer in

How does the forwarder handle large amounts of data?

An internal client is asking - -- How often is the splunk forwarder reading data from the log files? does it ever ...

by Ultra Champion in

How to edit props.conf to line merge a set of results?

Hello I have below set of line events(repeating) which I want to convert to single event. For every 6 events I wa...

by Explorer in

Is it possible to re-index lost AD logs?

Good Day fellow splunkers, I just like to ask if is it still possible to re-index lost Windows Active Directory lo...

by Communicator in

i want to remove time(hours, minutes and seconds)

21-JUL-2017 00:00:09 i want only date. i am reading the data from csv file

by Builder in

How to configure Heavy Forwarder with License Slave in Splunk Cloud

Greetings, Is it possible to set up a heavy forwarder as a license slave in a Spluk Cloud architecture?

by Path Finder in

Is it essential to restart splunk universal forwarder after deletion of monitored logs?

Hello fellow ninjas, Good day. I'd like to ask if splunk uf restart is essential after I deleted a log file that i...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Filter records using time modifiers

How to split a fieldvalue at the very first line break?

Splunk and Active Directory

Sourcetype Assignment

Files Integrity Checker error ?

remove whitelist restrictions?

How to debug why a universal forwarder is reading all log files except one?

Cisco Security Suite ASA firewall logs not showing in app

Blacklist directories?

How does the forwarder handle large amounts of data?

How to edit props.conf to line merge a set of results?

Is it possible to re-index lost AD logs?

i want to remove time(hours, minutes and seconds)

How to configure Heavy Forwarder with License Slave in Splunk Cloud

Is it essential to restart splunk universal forwarder after deletion of monitored logs?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

Assistance Needed: Reformatting Provided Events to...

XML Regex Conversion

SC4S Initial setup error

Reports are not indexed correctly

Journald exclude specific services