Getting Data In

Community Activity

Calculate meantime among requests based on timestamp Hello Folks, This time I would like to have the difference between two timestamps, but, considering all the logs in ... by wagnerbianchi Splunk Employee in Getting Data In 06-11-2013 0 3	0	3
Using a lookup table to filter out traffic header for known networks - using CIRD Have not had luck with this yet. I am looking at all of my "blocked" traffic in the firewall logs and hope to weed o... by splunkroberts New Member in Getting Data In 06-10-2013 0 2	0	2
What is [accepted_keys] in transforms.conf? I noticed that in Splunk 5.0.3, transforms.conf has a new section called [accepted_keys]. Does anyone have an example... by loudsong Explorer in Getting Data In 06-10-2013 1 5	1	5
Upgraded to Splunk 5.0.3, and noticing "Undocumented key used in transforms.conf" messages during startup After upgrading to Splunk 5.0.3, upon startup, I noticed the following messages: Undocumented key used in transforms... by bmignosa_splunk Splunk Employee in Getting Data In 06-10-2013 2 1	2	1
file descriptor cache is full - trimming... Hi, I'm getting a lot of "File descriptor cache is full (100), trimming..." messages on a couple of my windows serve... by a212830 Champion in Getting Data In 06-10-2013 1 1	1	1
Host and OS type How do I phrase a search to give me all the machines sending data and their OS type? by jawehren Engager in Getting Data In 06-10-2013 0 3	0	3
Splunk Index is slow or delayed The issue I'm having is with an index and real time reporting that uses that index. We currently use Rabbit MQ to s... by dbuchanan46 New Member in Getting Data In 06-07-2013 0 1	0	1
SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out I installed Splunk on my laptop and wanted to receive the logs from 2 other desktops. So on these desktops I installe... by mathdewulf New Member in Getting Data In 06-07-2013 0 2	0	2
Unable to find the source file hi, I have this source showing in the splunk source=/opt/splunk/var/spool/splunk/singlehost.sample.sav But when I... by dhs_harry08 Path Finder in Getting Data In 06-07-2013 0 5	0	5
I can not set the timezone. Hi. With some network devices to the server Splunk receives syslog-events. Time on these devices is set to GMT. Event... by imoskal Engager in Getting Data In 06-07-2013 0 2	0	2
TIME_PREFIX regex help Hi, I seem to be incapable of figuring out what regex to provide in the TIME_PREFIX for my source type in order to r... by wouterr Explorer in Getting Data In 06-06-2013 0 2	0	2
Problem running Custom Script Have created a custom Perl script, added it to commands.conf - it finds the script just fine. The script outputs the ... by Greg_LeBlanc Path Finder in Getting Data In 06-06-2013 0 5	0	5
Setting up syslog on a wireless router I have configured Splunk to capture syslog data on UDP:514 of my router but do not see any log data being captured, n... by John_neville New Member in Getting Data In 06-06-2013 0 2	0	2
keep some events and discard the rest i have a huge log file with events, i need to keep around 20-30 events and discard the rest. I have used a stanza in ... by trkalva Engager in Getting Data In 06-05-2013 0 1	0	1
Index files in order of timestamp or record file timestamp as a field I'm indexing a bunch of CSV files provided by an external vendor over ftp ( mapped or synched to my local drive ) the... by leecaf Explorer in Getting Data In 06-05-2013 0 1	0	1
How to test succesful Universal Forwarder installation? I've installed the universal forwarder on a windows client to forward the data to my central log collecter which is a... by mathdewulf New Member in Getting Data In 06-05-2013 0 6	0	6
Can the universal forwarder route based on field found in the log message? A file I am monitoring looks something like the following [timestamp] index=layer1 message="123456" [timestamp] inde... by juniormint Communicator in Getting Data In 06-05-2013 0 1	0	1
Is it possible to manage Forwarders with mounted knowledge bundles? I'm considering a Splunk cluster setup, where the Search Heads and Indexers (Peers) will be managed using mounted kno... by Gutenburg New Member in Getting Data In 06-05-2013 0 1	0	1
Splunk forwarder config not working since are trying to separate out splunk forwarder config ("inputs.conf") according to indexer. we defined forwarder c... by amitj New Member in Getting Data In 06-05-2013 0 6	0	6
search/jobs/export does not return results with empty column headers I using the following command to retrieve a particular macro search result. curl -k -u admin:admin https://:8089/ser... by testingteam Engager in Getting Data In 06-05-2013 0 2	0	2
Monitoring files from multiple inputs How can I set my monitor in inputs.conf so that both of these directories are monitored- 1./var/lib/usr 2. /var/lib/n... by anna_kendrik Engager in Getting Data In 06-04-2013 0 1	0	1
Exchange App (Lookup - Database Information) not working I'm setting up the Exchange App, data is received in the correct indexes however I'm not seeing data in all the dashb... by andykiely Path Finder in Getting Data In 06-04-2013 0 1	0	1
Define a default date format per Database I've realised that there is no default Date format, so every date is in timestamp format, and so not readable for the... by sbsbb Builder in Getting Data In 06-03-2013 0 2	0	2
How would you determine if data is pre-parsed? We have three (Windows 2008 R2) domain controllers sending events to a single Splunk collector. We need to reduce ou... by rmavery Explorer in Getting Data In 06-03-2013 2 3	2	3
Timestamp detection fails I try to parse out the timestamp of this line: Jun 3 17:39:09 svlog.myserver.net svdcdev 04/29/2013 09:14:37 AM L... by FRoth Contributor in Getting Data In 06-03-2013 0 1	0	1

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

Getting Data In

Calculate meantime among requests based on timestamp

Using a lookup table to filter out traffic header for known networks - using CIRD

What is [accepted_keys] in transforms.conf?

Upgraded to Splunk 5.0.3, and noticing "Undocumented key used in transforms.conf" messages during startup

file descriptor cache is full - trimming...

Host and OS type

Splunk Index is slow or delayed

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

Unable to find the source file

I can not set the timezone.

TIME_PREFIX regex help

Problem running Custom Script

Setting up syslog on a wireless router

keep some events and discard the rest

Index files in order of timestamp or record file timestamp as a field

How to test succesful Universal Forwarder installation?

Can the universal forwarder route based on field found in the log message?

Is it possible to manage Forwarders with mounted knowledge bundles?

Splunk forwarder config not working

search/jobs/export does not return results with empty column headers

Monitoring files from multiple inputs

Exchange App (Lookup - Database Information) not working

Define a default date format per Database

How would you determine if data is pre-parsed?

Timestamp detection fails

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation