Getting Data In

Discussions

Thread Info

Copying data between servers in different environments

I'm running two Windows Splunk servers (combo search heads and indexers, v6.0.1). One is dedicated to our non-product...

by Builder in

What are recommendations for reducing license usage?

Experts, we have 100GB license and that data is being fed to Splunk. Out of that 100GB, 10% is what need to be ret...

by Motivator in

Compare .csv file data against indexed event data

I have a .csv file containing a list of email addresses (approximately 35k addresses/rows). I'm trying to compare the...

by Engager in

Multiple sourcetypes correlation fields

Hey! i need a little help here, so i have two sourcetypes (bro_dns and sguild) and there is what i want to search ...

by New Member in

how to use rest api to get aggregated data from splunk?

hello I want to sent in splunk this request and get aggregated data search index=_intenal earliest=-2h@h http_status=...

by New Member in

When I use the inputcsv command with my data, I see an eventcount, but the events are blank. Why is this?

Hi all, when i do an inputcsv command, I see the data in the file I put on the splunk server. Since I want to see the...

by New Member in

Where is forwarded data stored in the indexer after getting indexed?

Hi Team, Where are the forwarded logs being saved in the indexer after getting indexed? As i know this is very kno...

by Explorer in

Where are my archived files getting saved?

Hi Team, i want to know where my archived files are getting saved as in my indexes.conf file "coldToFrozenDir = "....

by Explorer in

Modular Input Streaming with Python

So I have been reading the documentation on how to create modular inputs using the Python SDK here http://dev.splunk....

by Builder in

Is there any difference in how data will be stored between a universal and heavy forwarder if the indexer is down?

Suppose if indexer is down, how will data be kept in a universal forwarder and heavy forwarder? Is there any differen...

by New Member in

DB Connect: Why am I getting error "The Network Adapter could not establish the connection" trying to add an Oracle database?

Hi Im trying to use DB Connect Now I'm adding new external databases Database type is Oracle and i chose Transacti...

by New Member in

What are best practices for setting phoneHomeInterval between deployment clients when under the same deployment server?

Hello, I have been testing the configurations between DS and the clients. Currently I just have few clients to the...

by Communicator in

Maximum ID for bucket?

I intend on consolidating frozen buckets from multiple indexers onto a long term archival machine. The goal would be ...

by Path Finder in

Masking SSN info into splunk at index time

I would like to know how to mask SSN information in splunk at index time. There is a documentation available on the s...

by Explorer in

Splunk Universal Forwarder not monitoring files as expected?

I have a directory with a list of files as follows: /var/log/xxxxx/job01_SubsLoadAdHocBC01.log /var/log/xxxxx/job...

by Communicator in

How to verify the data held in two apps is the same?

Hi, I have a situation where i need to verify that the data held in two apps is the same. To perform this verifica...

by Engager in

How to configure Windows 2012 Universal Forwarder and/or Syslog application to monitor rolling log files?

We have been a long time linux shop for monitoring syslog data. However recently we have needed to switch to winOS si...

by Builder in

Why does my sourcetype= search return no results, but pairing with index= does?

I re-did some of my data inputs using the same indexes as before to add actual sourcetypes this time. I'm using HWF i...

by Communicator in

How to add a new field called "site" that sets a value for a site code (eg: site=uk) within an i_app in Splunk 6.1?

I need to set a value for a site code, which can later be used in searches. It needs to be added in the i_apps so tha...

by Explorer in

Does Hunk take .snappy files from Hadoop as an input?

Does Hunk takes .snappy files from hadoop as input...when we are trying to do so...we are getting the following error...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Copying data between servers in different environments

What are recommendations for reducing license usage?

Compare .csv file data against indexed event data

Multiple sourcetypes correlation fields

how to use rest api to get aggregated data from splunk?

When I use the inputcsv command with my data, I see an eventcount, but the events are blank. Why is this?

Where is forwarded data stored in the indexer after getting indexed?

Where are my archived files getting saved?

Modular Input Streaming with Python

Is there any difference in how data will be stored between a universal and heavy forwarder if the indexer is down?

DB Connect: Why am I getting error "The Network Adapter could not establish the connection" trying to add an Oracle database?

What are best practices for setting phoneHomeInterval between deployment clients when under the same deployment server?

Maximum ID for bucket?

Masking SSN info into splunk at index time

Splunk Universal Forwarder not monitoring files as expected?

How to verify the data held in two apps is the same?

How to configure Windows 2012 Universal Forwarder and/or Syslog application to monitor rolling log files?

Why does my sourcetype= search return no results, but pairing with index= does?

How to add a new field called "site" that sets a value for a site code (eg: site=uk) within an i_app in Splunk 6.1?

Does Hunk take .snappy files from Hadoop as an input?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...