Getting Data In

Discussions

Thread Info

Installing the same Splunk License on multiple Master instances

I'm currently trying to solve a Fail-Over licensing solution between to Server sites. I currently have one License...

by Builder in

Recommendation for segregating data between product test runs

If I'm doing product testing and wanted to store data from test runs, how would you recommend associating events with...

by New Member in

Show only duplicated fields

I have customers who upload sets of files every day. The upload is done automatically. Sometimes there will be a hitc...

by Builder in

Unable to backfill a summary index

Hi, I've been having no issues summary indexing previously, but suddenly when trying to do this (from the command ...

by Path Finder in

>256 lines events on universal forwarder

Hello. How to load more than 256-line events when we use universal forwarders?

by Communicator in

Free license group (Failing to Search)

I was initially using the Splunk Enterprise Download Trial. On Feb 10th that license expired and now I'm using the Fr...

by Communicator in

Hunk - SimpleCSVRecordReader

Hi, I have been recommended the SimpleCSVRecordReader to convert CSV to JSON. I have tried to set up a Virtual ...

by Explorer in

What is the best option for redundancy? Cluster, duplicate Indexers, or other?

I am looking for the best way to provide redundancy to my Splunk solution and plan for the future at the same time. C...

by Explorer in

Timestamp parsed incorrectly

Hi all I have the following log: 09-feb-14 10:54:06.501 [w3wp.1320] {VproofApi}proofApi.GetOpenSessio...

by Engager in

sourcetype from regex ignored.

Hi guys, I'm having trouble configuring my splunk. Indeed, i try to set sourcetype based on regex but, nothing ...

by New Member in

Can anyone give me a hint about why my xml file might not be indexing properly?

I have an xml file that I've tried to index but have had a very difficult time with it. I just want a new event made ...

by Communicator in

How to easily parse syslog data into multi value field

I'd like to parse some data provided by syslog. The format is: date host service: key1=value1 key2=value2 key3=val...

by Explorer in

Hunk - Conditional Record Format

Hi, I have an input file in the format as follows; 1|{json_data} 1|{more_json_data} 2|aa|bb|cc 3|11|aa...

by Explorer in

split windows event log

Windows event log, I want to index only part of the message exemple LogName=Security SourceName=Microsoft Win...

by New Member in

Remove generic index data.

Does anyone know how to remove the generic Host-001, ACME-001, etc that shows up in the indexed data? I think this is...

by Explorer in

How can index ldif data?

I have the export of an open ldap directory, in ldif format. I need to have this data indexed and somehow pivoted. ...

by New Member in

Windows: How to correct possible typo in stanza

I just installed Windows v5.0.2 I have an error on restart from the command line. "Possible typo in stanza [ui] in %S...

by Path Finder in

Splunk Universal Forwarder and Two Destinations

Hi, I have a Splunk forwarder sending data to my prod box and i see a need to build a new dev server for testing/r...

by Path Finder in

Filtering results from inputlookup by date/time

I have searched for hours on this and can't seem to find a way to do it. I have a .csv file being read in with inputl...

by Builder in

Remove Universal Forwarder default monitoring sources

I've just installed the Universal Forwarder on Windows using the MSI. During installation, I told it to only monitor ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Installing the same Splunk License on multiple Master instances

Recommendation for segregating data between product test runs

Show only duplicated fields

Unable to backfill a summary index

>256 lines events on universal forwarder

Free license group (Failing to Search)

Hunk - SimpleCSVRecordReader

What is the best option for redundancy? Cluster, duplicate Indexers, or other?

Timestamp parsed incorrectly

sourcetype from regex ignored.

Can anyone give me a hint about why my xml file might not be indexing properly?

How to easily parse syslog data into multi value field

Hunk - Conditional Record Format

split windows event log

Remove generic index data.

How can index ldif data?

Windows: How to correct possible typo in stanza

Splunk Universal Forwarder and Two Destinations

Filtering results from inputlookup by date/time

Remove Universal Forwarder default monitoring sources

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

sysmon event didnt sent to splunk SH

ForwardedEvents ingestion broken after update to 9...

GBK convert UTF-8

Why is my LINE_BREAKER is not working?

How to add a UNC paths shared folder to inputs.con...