Getting Data In

Discussions

Thread Info

How to configure Splunk to index a one line JSON file with 55,000 characters?

I have been trying to index a one line JSON file with 55,000 characters in a single line. Splunk seems to cut it off ...

by Path Finder in

sending AIX audit log stream to splunk

I was having major issues getting splunk to work with the "text" file that we are pushing all AIX commands to. Ori...

by Communicator in

Index only the first line and ignore the rest.

Hello I have few files for which I want to index just the first line and ignore everything else as its purely bein...

by Motivator in

How to filter the data in my log before indexing?

HI I have a scenario where I need to filter the data present in a log. I need to index only the last line from that l...

by Explorer in

Props and transforms: Order of execution of transforms for multiple stanza?

AS per props.conf documentation Use a comma-separated list to apply multiple transform stanzas to a single TRANSFO...

by Super Champion in

Extract and Transform Custom Event

I have events with the following format - [Thread-2505_GOOGLE_INT_20170424155901301f9e61-1493049600619-NSRLM_2_1_...

by Contributor in

Does the Windows Active Directory user for Splunk forwarder need "Remote Desktop access" rights?

Hello, Does the Windows user for Splunk forwarder need "Remote Desktop access" rights? In general, what kind of...

by Motivator in

Best practice to restrict access to view events by sourcetype?

Is there a best practice to restrict access to events in Splunk by index and sourcetype? I have tested using the ...

by Path Finder in

Running splunk diag gets stuck at "Getting index listings..."

Hi, I am trying to create a diag file on one of my indexers and the process is stuck at "Getting index listings......

by New Member in

Replace field at index time

Hi, I would like to replace the "action" field so it conforms with the CIM datamodel. action at present will alway...

by Path Finder in

Why are not all application logs getting forwarded to Splunk?

I have sporadic issues where not all the logs from application logs are getting forwarded to Splunk. I see gaps in lo...

by Communicator in

Linux Blocking Event Forwarding

It's always something! Now my Linux forwarder is saying the following: 05-10-2017 09:11:02.584 -0400 WARN Tcp...

by Explorer in

Testing renderXML=1 for Windows event logs in Splunk 6.2, why is the data contained in XML format different without XML?

Hello, I'm currently testing the 6.2 Feature renderXML=1 for Windows Event Logs, but it seems to me the informatio...

by Path Finder in

Why is the discard of specific events not working in props.conf and transforms.conf

I am forwarding data from Splunk Enterprise on one server to Splunk Enterprise on a second server. Data is getting in...

by Contributor in

Splunk cannot parse ISO8601/RFC3339 timestamp (e.g. 2017-05-09T19:56:50.233319+00:00)

I am having issues getting Splunk to parse the ISO8601/RFC3339 timestamps included in my log messages. I am using ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure Splunk to index a one line JSON file with 55,000 characters?

sending AIX audit log stream to splunk

Index only the first line and ignore the rest.

How to filter the data in my log before indexing?

Props and transforms: Order of execution of transforms for multiple stanza?

Extract and Transform Custom Event

Does the Windows Active Directory user for Splunk forwarder need "Remote Desktop access" rights?

Best practice to restrict access to view events by sourcetype?

Running splunk diag gets stuck at "Getting index listings..."

Replace field at index time

Why are not all application logs getting forwarded to Splunk?

Linux Blocking Event Forwarding

Testing renderXML=1 for Windows event logs in Splunk 6.2, why is the data contained in XML format different without XML?

Why is the discard of specific events not working in props.conf and transforms.conf

Splunk cannot parse ISO8601/RFC3339 timestamp (e.g. 2017-05-09T19:56:50.233319+00:00)

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

scheduler.log broken korean

Batch file Input not removing files.

Suggestions Please: REST Api, csv,html

Can you use ingest actions against _raw?

Can Data Manager import Cloudwatch ECS Fargate log...