Getting Data In

Community Activity

Extracting multiple occurrences of a field from a syslog-ng statistics message. Hi, I am trying to extract multiple occurrences of two fields from the statistics message that is generated by syslo... by brettw10 Explorer in Getting Data In 02-25-2013 0 2	0	2
Structuring nested data Hi all, I have an application that needs to write some data that may be several levels deep and I'm struggling to un... by Tim Explorer in Getting Data In 02-24-2013 0 2	0	2
To which source the _geo field belongs to?? Hi All, Please let me know to which source or sourcetype the _geo field belongs to? I want this for second search que... by shri_27 Path Finder in Getting Data In 02-23-2013 0 1	0	1
time difference issues I need to be able to calculate the time difference between two dates and everytime i try anything...it returns blank ... by testAnalysis Explorer in Getting Data In 02-22-2013 0 1	0	1
Windows Events filtering Hi All, Trying to filter on Win Sec events, dropping events that don't have particular eventids and Account Name con... by only4luca New Member in Getting Data In 02-22-2013 0 4	0	4
indexing a file uploaded with same filename Hi, scenario: a log uploader application helps in uploading logs to a directory. let it be splunkdata/timeofupload/yo... by smolcj Builder in Getting Data In 02-22-2013 0 6	0	6
Anonymize data using regex transform Hi Splunk experts, I am using regex transform to mask data in splunk. But splunk only masks first occurence of string... by vaibhavagg2006 Communicator in Getting Data In 02-22-2013 0 5	0	5
TIME_FORMAT ignored Hi, I'm trying to set timestamp recognition for a sourcetype, in order to avoid recognising timestamp in the event's... by echalex Builder in Getting Data In 02-22-2013 0 3	0	3
active directory monitoring is generating too many audit events in WinEventLog:Security I just turned on a splunk forwarder with the active directory monitoring on my AD server. Since the windows logs WinE... by yannK Splunk Employee in Getting Data In 02-21-2013 3 1	3	1
Monitor Files via UNC outside of the Domain I need to come up with a way to monitor files via UNC (I know this is not the preferred way) for ~140 servers that ar... by ShaneNewman Motivator in Getting Data In 02-21-2013 0 1	0	1
Data replication across two indexers I have currently one Splunk server who works as indexer and searcher. I want to add second server which will be a mir... by bckq Path Finder in Getting Data In 02-20-2013 0 5	0	5
App deployment in Splunk 5.0 clustering from a master node Is it possible to deploy an app from the Splunk master node /master-app/cluster/local to all the peer nodes ? by ssankeneni Communicator in Getting Data In 02-20-2013 2 4	2	4
Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection I have a requirement where in order for the remote machine to send data over the TCP connection to Splunk, it needs S... by rohitgupta New Member in Getting Data In 02-20-2013 0 1	0	1
NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start Hello, I'm new in splunk. Splunk with syslog works correct now. I try test netflow from cisco asa. I set netflow int... by popo80 New Member in Getting Data In 02-20-2013 0 1	0	1
How to force the host with syslog sourcetype This is a common issue with the syslog sourceytype. By default it behave differently from the other inputs, the host ... by yannK Splunk Employee in Getting Data In 02-20-2013 2 1	2	1
props. conf file help Using [monitor://path] Stanza i need to monitor a folder which contains binary data. When i set the props.conf as, [... by chimbudp Contributor in Getting Data In 02-20-2013 0 3	0	3
How to monitor a folder in Windows ? C:\Windows\assembly I would like to monitor assembly folder in windows. Path :- C: \Windows \assembly I have set the inputs.conf in Univ... by chimbudp Contributor in Getting Data In 02-20-2013 0 8	0	8
SEDCMD to anonymize CC data isnt working Hi, Ive been playing with the SEDCMD in my props.conf to anonymize CC data in a log. Originally I tried this: [... by doreno Explorer in Getting Data In 02-19-2013 0 11	0	11
Indexing only specific fields in an event I want to index only specific fields like error status in an event and discard the rest. How do I set splunk to do th... by pdash Path Finder in Getting Data In 02-19-2013 0 3	0	3
Inputs.Conf - Historical Logging - Chicken and the Egg? I know that you can control the Universal Forwarder to grab historical event logs from Windows using "current_only = ... by vragosta Path Finder in Getting Data In 02-19-2013 0 2	0	2
Inputs.conf $decideonstartup Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added... by dchodur Path Finder in Getting Data In 02-19-2013 1 6	1	6
To monitor a Folder in Windows Server ? I need to monitor the Assembly folder in Windows Server : [monitor://C:\Windows\assembly] index=Assembly_monitor th... by chimbudp Contributor in Getting Data In 02-19-2013 0 4	0	4
syslog priority/level not logged? Is there any way to distinguish the various priorities/levels of syslogged messages when viewed from Splunk? I don't ... by NK_1 Path Finder in Getting Data In 02-19-2013 0 3	0	3
Adavanced searches are too slow since they don't seem to make use of indexes Hey folks, Long time Splunk fan here. Initially when we started using Splunk, our queries were simple, and so search... by KA_splunk Explorer in Getting Data In 02-19-2013 2 11	2	11
Splitting sourcetype from a monitor input stanza I am using a Universal Forwarder to monitor the following directories and files, but somehow it is not routing it to ... by tsunamii Path Finder in Getting Data In 02-19-2013 0 2	0	2

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers, So you searched, “what is the name of the usb key inserted by bob smith?” Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Getting Data In

Extracting multiple occurrences of a field from a syslog-ng statistics message.

Structuring nested data

To which source the _geo field belongs to??

time difference issues

Windows Events filtering

indexing a file uploaded with same filename

Anonymize data using regex transform

TIME_FORMAT ignored

active directory monitoring is generating too many audit events in WinEventLog:Security

Monitor Files via UNC outside of the Domain

Data replication across two indexers

App deployment in Splunk 5.0 clustering from a master node

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

How to force the host with syslog sourcetype

props. conf file help

How to monitor a folder in Windows ? C:\Windows\assembly

SEDCMD to anonymize CC data isnt working

Indexing only specific fields in an event

Inputs.Conf - Historical Logging - Chicken and the Egg?

Inputs.conf $decideonstartup

To monitor a Folder in Windows Server ?

syslog priority/level not logged?

Adavanced searches are too slow since they don't seem to make use of indexes

Splitting sourcetype from a monitor input stanza

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation