×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ankit
Explorer
Member since: ‎03-17-2021
‎07-08-2021
Community Statistics
Posts 7
Solutions 0
Karma Given 6
Karma Received 0
Member Since ‎03-17-2021
Activity Feed
View All

Re: Indexing all text log files in a directory

by in Getting Data In
‎05-11-2021 07:50 AM
‎05-11-2021 07:50 AM
I went ahead and tried a different approach. I had each of the 749 files compressed as log.gz files beforehand. So just copied those compressed files to a directory on my Splunk instance and added a directory input. Worked like a charm !  ... View more

Re: Indexing all text log files in a directory

by in Getting Data In
‎05-10-2021 05:39 AM
‎05-10-2021 05:39 AM
Thanks @gcusello @aasabatini . I will be copying the compressed directory to the server, uncompress them and selecting the Directory input method from Splunk Web.  ... View more

Indexing all text log files in a directory

by in Getting Data In
‎05-09-2021 12:24 PM
‎05-09-2021 12:24 PM
I have a directory with about 750 log files. The files are all text files and the total size of this directory is 117 GB. I need to index the files once (not continuously).  Would the best option to index all the files in the directory be to copy the files to my Splunk instance and then use the directory input option from Splunk Web i.e. Settings > Data Inputs > Files & Directories ?  Any other recommended options ? ... View more
Labels

Re: makemv and mvindex not working as expected

by in Splunk Search
‎04-28-2021 04:28 PM
‎04-28-2021 04:28 PM
Awesome ! That worked @tscroggins ! Thanks a lot for helping out.  Could you point me to a link, if possible, to what Splunk considers as special characters ?  ... View more

makemv and mvindex not working as expected

by in Splunk Search
‎04-28-2021 04:05 PM
‎04-28-2021 04:05 PM
I am working with JSON data type events and am trying to extract the username (user1, user2) from the pathspec data structure in my events (sample below) : "pathspec": {"__type__": "PathSpec", "location": "/media/APA_windows/Users/user1/AppData/Local/Microsoft/Windows/UsrClass.dat", "type_indicator": "OS"} "pathspec": {"__type__": "PathSpec", "location": "/media/APA_windows/Users/user2/AppData/Local/Microsoft/Windows/UsrClass.dat", "type_indicator": "OS"} I am using the below SPL to split up pathspec.location into a multi value field and then use mvindex :    ..... | makemv delim="/" pathspec.location | eval user_name = mvindex(pathspec.location, 3)   However when I table out the user_name field it does not show any results. Not sure why this is not working. Any suggestions would be helpful  Desired output from the user_name field would be    user1 user2 . . . . .           ... View more
Labels

Re: Lookup returns all events

by in Splunk Search
‎03-18-2021 08:40 AM
‎03-18-2021 08:40 AM
Thanks @gcusello . I was a little confused between the usage of lookup and inputlookup. Your answer and this post here cleared it up.  Also appreciate you pointing out the tip about using the 'index' field.  Thank you !  ... View more

Lookup returns all events

by in Splunk Search
‎03-17-2021 09:45 AM
‎03-17-2021 09:45 AM
Hi  I'm a beginner at Splunk and am running into a problem with lookups. I have indexed IIS data in one sourcetype called 'iis' and uploaded a lookup csv called 'cve-ip'  which is defined already. Trying to corelate and find matches for the 'src_ip' column in the 'cve-ip' file with the 'c-ip' field in the 'iis' source type. Here is the SPL lookup I am running :  sourcetype=iis | lookup cve-ip src_ip AS c_ip  This SPL is returning all events in the 'iis' sourcetype and not only those which match the values in the 'src_ip' column in the 'cve-ip' file. I would like some help figuring out why this is happening and returning all events as opposed to just matching events. Happy to provide any details as needed ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-08-2021 09:47 PM
Karma given to