Getting Data In

Discussions

Thread Info

return yesterday count on: ---| eval filename=strftime(now(), "xyz_%d.csv

Hello, I am running below search; daily (last 24h) .... which returns results and "outputlookup" results into a cs...

by Explorer in

How to avoid duplicates if two forwarders are monitoring the same directory?

We are considering to deploy Splunk forwarders on our servers. For resilience, we want to install a forwarder on each...

by Explorer in

How to extract timestamp from JSON file

I am uploading a JSON file into a test index and I'm trying to set the timestamp for and prefix. The events in the JS...

by Motivator in

crcSalt issue

We have used below monitor in inputs.conf [monitor:///usr/sap/IXP/SYS/profile/DEFAULT.PFL] disabled = false sou...

by Path Finder in

Splunk Forwarder enable boot start not working on Windows XP

Hi, I have Universal Forwarder on my Windows XP machine. I enabled the boot-start upon installation but upon rebootin...

by Path Finder in

Setting up "Windows Host Information" gathering with universal forwarder?

Good Morning I wanted to ask if i could get some assistance/clarification on setting up the Windows Host Informati...

by New Member in

Can Index on Satellite stay In sync with Index on Planet Earth?

I would like to deploy Splunk in a non reliable network. I have an Index on a Satellite which is indexing events loca...

by Splunk Employee in

Does EVENT_BREAKER configuration need to be added on a Splunk UF collecting logs via WinEventLog://ForwardedEvents inputs ?

Hello Splunkers, Will EVENT_BREAKER configuration be a good idea to reduce indexer stickiness for a Splunk UF coll...

by Path Finder in

how to get the string data as a json object for the below logstash logs?

{ @timestamp: 2020-02-04T13:46:41.274+00:00 domain: test environment: dev level: INFO logger_name: com.test.practice...

by New Member in

linebreaker for json sourcetype

I am trying to break the below json data into each event {"audit_logs": [{"url": "https://Company.udesk.com/api/v2...

by Explorer in

Make extractions in props.conf from search query

| makeresults | eval _raw="Nov 14 03:23:42 hostname rsyslogd-pstats:{ \"name\": \"global\", \"origin\": \"dynstats\"...

by SplunkTrust in

How to extract multivalue identity fields into their own identities

The following is a section of an larger JSON data source digested into our Splunk instance: "identities": [{"issue...

by New Member in

Sourcetypes with Docker and HTTP Event Collector

(Trying to pull a few similar discussions together and recorded for posterity) Challenge The current Docker Log...

by Ultra Champion in

Carriage return newline (\r\n) not working as delimiter for makemv

I am trying to break a field (httpRequest), into a multivalue field and then extract the value of one of the values. ...

by Engager in

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

The splunk index evaluation of _time is not consistent with what is in the log. See the two entries below. Both are f...

by Explorer in

log file parsing on IDX

Hello, I just want to parse a log file. I try every solution found on forum but never work. (Splunk 7.3.3) Log: ...

by Path Finder in

using rex mode="sed" to remove strings surrounded by # characters

Hi, I have a series of log entries that are in the form #4 MyApp\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT...

by New Member in

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

We have nine sites in a multi-site cluster with indexers at each site ranging from three to 15 servers. Each site's i...

by Path Finder in

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data int...

by Super Champion in

Send files from to Splunk server from Jenkins

Hello, I want to send report files which is in XML format from Jenkins to Splunk server. I am using Jenkins send f...

by New Member in

Getting Data In

Discussions

return yesterday count on: ---| eval filename=strftime(now(), "xyz_%d.csv

How to avoid duplicates if two forwarders are monitoring the same directory?

How to extract timestamp from JSON file

crcSalt issue

Splunk Forwarder enable boot start not working on Windows XP

Setting up "Windows Host Information" gathering with universal forwarder?

Can Index on Satellite stay In sync with Index on Planet Earth?

Does EVENT_BREAKER configuration need to be added on a Splunk UF collecting logs via WinEventLog://ForwardedEvents inputs ?

how to get the string data as a json object for the below logstash logs?

linebreaker for json sourcetype

Make extractions in props.conf from search query

How to extract multivalue identity fields into their own identities

Sourcetypes with Docker and HTTP Event Collector

Carriage return newline (\r\n) not working as delimiter for makemv

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

log file parsing on IDX

using rex mode="sed" to remove strings surrounded by # characters

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

Send files from to Splunk server from Jenkins

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Log ingestion Via HEC - Huge log volume

Changing data input (older data) for Splunk Add-On...

UF stops forwarding when splunk cloud is down

Duo Splunk Connector indexing very few events, thr...

Universal forwarder for Linux had mixture of permi...

Getting Data In

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >