Getting Data In

Ask a Question

Discussions

Thread Info

Field Extraction from Source Field in props.conf

Hello, I am going bananas trying to figure out the error in my props.conf. All of my logs are collected using Spl...

by Engager in

Why can't my UF send data from /var/log/messages?

Question: why is /var/log/messages not forwarded to index? My deployment: UF: version 7.1.2 RHEL 6.10 /opt/splu...

by Engager in

How do you collect log within 1 hour from file log rotate?

Dear all, I have file log access /var/log/secure . Use log rotate ( setting daily) I need collect log login fail 3...

by New Member in

Why is my UDP-input data appearing duplicated in the index?

I've carried out two searches to find out splunk is indexing duplicate search results which are from the same host, s...

by Path Finder in

Using SPATH notation in conf files

Hi guys, I need to uto extract fields and values during search time using SPATH notation in props.conf and transforms...

by Explorer in

Why is Splunk not indexing in milli seconds?

Hi All, I configured an input in which the timestamp field is in format 20180830112930314 (%Y%m%d%H%M%S%3N). The s...

by Path Finder in

This XML file does not appear to have any style information associated with it. The document tree is shown below.

This XML file does not appear to have any style information associated with it. The document tree is shown below. ...

by New Member in

HEC: Share a basic hello world script with Ruby to send to HEC?

All, I need to send some data from a Ruby script to HEC collectors. Anyone have a basic hello world script they c...

by Builder in

Not receiving readable logs from Brocade Switches

We have added brocade switches to heavy forwarder via tcp:6514. We are able to receive the logs , but not in a readab...

by Explorer in

How to use blacklist in inputs.conf?

Hi, How do you edit inputs.conf to blacklist some hosts from indexing and index those hosts to different index? ...

by Path Finder in

SNMP -- Correcting date/time output and rogue ap mac address

Hello, I just configured an SNMP-Trap on an RHEL box to send to Splunk. Getting the following output: Agent Ho...

by New Member in

Need help on TIME_FORMAT and TIME_PREFIX

I have a props.comf that is not working for TIME_FORMAT and TIME_PREFIX for the below log structure. Trying to break ...

by Explorer in

How can I override sourcetype and redirect to another index?

Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those w...

by Explorer in

Why is my Remote File & Directory input not automatically inputting data?

I currently have a Remote File & Directory Data Input on the following log 'C:\Windows\System32\winevt\Logs\Microsoft...

by Engager in

How do you audit for who is disabling Data Input?

Recently, we found one data input for receiving syslog was stopped. We don't know if the service issue is auto sto...

by New Member in

How to have my JSON output data in separate rows and not a single one?

This is the output of my JSON data. I would want to see it in separate rows and not in a single row. When I do mvexpa...

by Path Finder in

The precise sourcetype setting when importing ESET logs

I currently use the ESET Remote Administrator. However, I can not divide log fields with sourcetype. Please tell me t...

by New Member in

Is it possible to generate the sourcetype based on the source?

We have hundreds of ldap servers ready to be splunked. We would like to generate the sourcetype based on the source. ...

by Ultra Champion in

Why is date not parsing correctly on my search head cluster?

I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: T...

by Path Finder in

Proofpoint TAP modular input in the distributed environment.

How to install Proofpoint TAP modular input in the distributed environment. how to configure the inputs.conf files

by Explorer in

Can you make .conf changes with the rest API?

Has anyone used the rest API to successfully edit a conf file? I understand there are 3 methods GET, POST, DELETE...

by Builder in

how to host splunk distributed instance on microsoft Azure?

We are in the phase of deploying splunk on Microsoft azure. we would like to know what are the limitation if we deplo...

by New Member in

What have people's experiences been setting up Splunk in Azure?

Hi guys, just a general question asking about what people's experiences have been when setting up a clustered spl...

by Communicator in

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

Hi all, I've just stumbled across this issue. I have a linux host running rsyslogd. When I forward my events to th...

by Explorer in

How to expand the values as separate events in my JSON data?

{ "results": [ { "statement_id": 0, "series": [ { ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Field Extraction from Source Field in props.conf

Why can't my UF send data from /var/log/messages?

How do you collect log within 1 hour from file log rotate?

Why is my UDP-input data appearing duplicated in the index?

Using SPATH notation in conf files

Why is Splunk not indexing in milli seconds?

This XML file does not appear to have any style information associated with it. The document tree is shown below.

HEC: Share a basic hello world script with Ruby to send to HEC?

Not receiving readable logs from Brocade Switches

How to use blacklist in inputs.conf?

SNMP -- Correcting date/time output and rogue ap mac address

Need help on TIME_FORMAT and TIME_PREFIX

How can I override sourcetype and redirect to another index?

Why is my Remote File & Directory input not automatically inputting data?

How do you audit for who is disabling Data Input?

How to have my JSON output data in separate rows and not a single one?

The precise sourcetype setting when importing ESET logs

Is it possible to generate the sourcetype based on the source?

Why is date not parsing correctly on my search head cluster?

Proofpoint TAP modular input in the distributed environment.

Can you make .conf changes with the rest API?

how to host splunk distributed instance on microsoft Azure?

What have people's experiences been setting up Splunk in Azure?

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

How to expand the values as separate events in my JSON data?

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

Intermediate Forwarder Limited to 1000 connections

How to use inputlookup and search together ?

CSAM Reports - 500 ERROR

Splunk Stream Addon Setup for Edgerouter X

Extracting wineventlog from Azure EventHub Windows...