Getting Data In

Community Activity

Sourcetype Override Hi guys... I have a couple of script inputs that generate network status data... the issue is that a single script in... by kenchisho Path Finder in Getting Data In 02-03-2012 1 2	1	2
custom timestamp parsing I have structured (CSV) files with named fields with a few different date-time formats - TIMEA,host,TIMET,DURATION,... by nikmeiser Explorer in Getting Data In 02-02-2012 0 1	0	1
Timestamp on one event determines subsequent line events in RMAN backup I want to index log events from RMAN backup log. This log has a log event per line but each line may not have a times... by rasingh Path Finder in Getting Data In 02-02-2012 0 1	0	1
Universal forwarder is not working as an intermediate forwarder. I have the below deployment topology Program -> Universal Forwarder (UF1) -> Universal Forwarder (UF2) (Intermediate... by asingla Communicator in Getting Data In 02-02-2012 1 4	1	4
Indexer Problem: ERROR TcpChannel - Fatal error on accept socket: Software caused connection abort Hi we get the following error message from time to time on our Indexers (Solaris 10 x86 64bit Splunk 4.2.5 or 4.3):... by chris Motivator in Getting Data In 02-01-2012 0 1	0	1
timestamp event Hi, I have already a date field on my CSV file but it isn't recognize. How I can help splunk to recognize this fiel... by gabriel94 New Member in Getting Data In 02-01-2012 0 1	0	1
Reduce on disk database size after delete I have run into a situation where a very large amount of data has been imported into the wrong index. This index con... by kevinzona Engager in Getting Data In 02-01-2012 1 2	1	2
Saved Search working in UI, but errors when called via REST I have a rather complex saved search that functions perfectly when accessed via the UI. But when a job is kicked off ... by emiller42 Motivator in Getting Data In 01-31-2012 0 1	0	1
duplicate hostnames with different cases Hello, How could we avoid duplicate reporting of the same host? Hosts (≥ 3) host Count Last Update 1 Tes... by sneuser New Member in Getting Data In 01-31-2012 0 2	0	2
How do I delete events? I have some data in my index that I don't want. How can I get rid of them? by the_wolverine Champion in Getting Data In 01-31-2012 10 4	10	4
Filtering events not working I've recently upgraded the forwarder to a universal forwarder on our app server.I'm collecting windows event logs as ... by remy06 Contributor in Getting Data In 01-31-2012 0 5	0	5
adding static field value using props transforms based on source Hey, I am looking to add a static field "instance=testdrive" to all results from a source input with td-idp-manager ... by sonicZ Contributor in Getting Data In 01-31-2012 0 3	0	3
Universal Fowarder support Apps I haven't seen any conclusive documentation on this, however does the Universal forwarder support Apps like the Splun... by ngcgoon Explorer in Getting Data In 01-30-2012 1 3	1	3
active-only/eatonlylivefiles in Splunk 4.3 The "active-only" feature doesn't seem to work in Splunk 4.3: # splunk add monitor /var/log/messages -active-only tr... by matthewpowell Engager in Getting Data In 01-30-2012 1 3	1	3
REST API Update UPDATE: I just downloaded the sourcecode from the SVN repository and made the modification myself and rebuilt the jar... by jcott28 Explorer in Getting Data In 01-30-2012 2 1	2	1
monitoring files - how does splunk count the size? Hi, I've configured a directory for monitoring in inputs.conf ([monitor://path_to_dir]) and separated index for this... by Vladimir Path Finder in Getting Data In 01-30-2012 0 6	0	6
Migrating database from windows 2003 to Linux Guys, I currently run splunk on a Windows box. Is it possible for me to move the database from Windows to Linux (Cent... by Nik New Member in Getting Data In 01-29-2012 0 2	0	2
Splunk Windows App I have the Splunk for Windows app installed but it is collecting syslog UDP:514 data as well. How do I exclude the s... by gharpe2 Explorer in Getting Data In 01-28-2012 0 1	0	1
ERROR: failed to load index config: 'maxTotalDataSizeMB' tag required in config for My Splunk won't start due to this error! What do I do? ERROR: failed to load index config: 'maxTotalDataSizeMB' tag... by Flynt Splunk Employee in Getting Data In 01-27-2012 2 3	2	3
Problems using the REST API to search Hello, I have several questions/issues with the Splunk API, so I'll try to keep this short and concise. First - doe... by merritsa Path Finder in Getting Data In 01-27-2012 3 12	3	12
Why is my wildcard descending into directories? According to this document: Specifyinputpathswithwildcards The asterisk wildcard matches anything in that specific ... by pheezy Explorer in Getting Data In 01-26-2012 1 3	1	3
Reindexing already indexed data and props/transforms.conf Hi All, Question about reindexing indexed data: I have a legacy 4.2.x splunk server running. Its set to index all d... by mark Path Finder in Getting Data In 01-26-2012 0 2	0	2
Search not coming upwith results for new hosts for non-admins We've recently changed out our servers and when I use the searches against these new hosts using my user I am not get... by jdibble Explorer in Getting Data In 01-26-2012 0 7	0	7
Setting up Forwarder and Testing So, I've installed and configured the Splunk forward on my Intranet Server. I'm trying to get the IIS logs from \Win... by bherbert Engager in Getting Data In 01-26-2012 0 3	0	3
Alternate timestamp for CSV files or forwarded data Does anyone know how we can use the timestamp of the file from the operating system as the timestamp for events? For ... by ngcgoon Explorer in Getting Data In 01-26-2012 0 4	0	4

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Getting Data In

Sourcetype Override

custom timestamp parsing

Timestamp on one event determines subsequent line events in RMAN backup

Universal forwarder is not working as an intermediate forwarder.

Indexer Problem: ERROR TcpChannel - Fatal error on accept socket: Software caused connection abort

timestamp event

Reduce on disk database size after delete

Saved Search working in UI, but errors when called via REST

duplicate hostnames with different cases

How do I delete events?

Filtering events not working

adding static field value using props transforms based on source

Universal Fowarder support Apps

active-only/eatonlylivefiles in Splunk 4.3

REST API Update

monitoring files - how does splunk count the size?

Migrating database from windows 2003 to Linux

Splunk Windows App

ERROR: failed to load index config: 'maxTotalDataSizeMB' tag required in config for

Problems using the REST API to search

Why is my wildcard descending into directories?

Reindexing already indexed data and props/transforms.conf

Search not coming upwith results for new hosts for non-admins

Setting up Forwarder and Testing

Alternate timestamp for CSV files or forwarded data

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation