Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | I just installed Splunk 4.1 (configured to run on system accounts) and the first thing i did was add an input monitor... by jrich523 Path Finder in Getting Data In 04-12-2010 1 1 | 1 | 1 | |
| | Does anyone know if alwaysOpenFile still works in inputs.conf as of Splunk 4.1. It still shows up in the 4.1 docs, b... by Lowell Super Champion in Getting Data In 04-12-2010 1 6 | 1 | 6 | |
| | I have a file with ~6M events that gets FTP'd to Splunk on a daily basis. Unfortunately I don't have control of the ... by dskillman Splunk Employee  in Getting Data In 04-12-2010 1 1 | 1 | 1 | |
| | I am using Splunk to collect data from the security logs on my network. How long does Splunk store the data that it c... by jsondheimer New Member in Getting Data In 04-09-2010 0 2 | 0 | 2 | |
| | In inputs.conf the default host name is set to the fqdn, test-server.foobar.com. But when I search for that host, it ... by Jaci Splunk Employee in Getting Data In 04-08-2010 2 5 | 2 | 5 | |
| | Hi, I just created a new app and wanted to point my network inputs to another index, managed by my app. So, I modif... by rnutting24 Engager in Getting Data In 04-08-2010 1 3 | 1 | 3 | |
 | Is there a splunk command or REST endpoint to see the tailing status of monitored files? by the_wolverine Champion in Getting Data In 04-08-2010 4 2 | 4 | 2 | |
| | Search is index="_internal" source="*metrics.log" group="queue" | timechart perc90(current_size) by name Results are... by MikeyG Explorer in Getting Data In 04-07-2010 2 3 | 2 | 3 | |
| | I'm trying to index a file on a mapped network drive, but I keep getting seeing 'Access is denied' in splunkd.log. I... by Mick Splunk Employee in Getting Data In 04-07-2010 4 1 | 4 | 1 | |
| | On my old setup I had all syslogs going to syslog on the Splunk server, but now I'm doing a fresh setup with Ubuntu 9... by rogerssoftware Explorer in Getting Data In 04-07-2010 1 4 | 1 | 4 | |
| | I have a bunch of Lightweight Forwarders (LWF) forwarding to my central indexer. What happens to my events when the... by the_wolverine Champion in Getting Data In 04-06-2010 3 4 | 3 | 4 | |
| | I've just upgraded to 4.1 and now I'm getting an error when I search saying: The lookup table 'sid_lookup' does not ... by Alan_Bradley Path Finder in Getting Data In 04-06-2010 3 7 | 3 | 7 | |
| | How do I go about configuring splunk forwarders running on Linux to forward to a specific index for Linux-related inf... by cdavidy Explorer in Getting Data In 04-06-2010 5 2 | 5 | 2 | |
| | If the script to roll the hotDB to the warmDB is "| debug cmd=roll index=main", would there be one for rolling the wa... by BunnyHop Contributor in Getting Data In 04-06-2010 4 2 | 4 | 2 | |
| | In my office we have a script on our log servers that monitors the hosts sending logs and alerts us if a machine star... by thepocketwade Path Finder in Getting Data In 04-05-2010 0 4 | 0 | 4 | |
| | All of my events show up with gid=-1,uid=-1. Is this a bug or am I doing something wrong? by oreoshake Communicator in Getting Data In 04-05-2010 1 3 | 1 | 3 | |
| | UPDATE: This appears to be a bug specifically related to 4.0.10. The following is a work around in system/local/inp... by oreoshake Communicator in Getting Data In 04-03-2010 1 3 | 1 | 3 | |
| | I have lots of hosts in my environment, but I only want to search across a few of them from time to time. Can I someh... by maverick Splunk Employee in Getting Data In 03-31-2010 1 2 | 1 | 2 | |
| | We have an global application hosted within a VM environment feeding a common Splunk index server. However the serve... by matt_1 Explorer in Getting Data In 03-30-2010 0 2 | 0 | 2 | |
| | Everytime I run a splunk command on windows 7, the command runs in a separate window and closes before I can see what... by oreoshake Communicator in Getting Data In 03-29-2010 1 2 | 1 | 2 | |
| | Hai There, I am dealing with a forwarder to indexer which is reading a kiwi directory with several types of devices.... by Starlette Contributor in Getting Data In 03-29-2010 1 2 | 1 | 2 | |
| | Does a sinkhole work on all types of forwarders? by Michael_Wilde Splunk Employee in Getting Data In 03-29-2010 3 1 | 3 | 1 | |
| | How to disable hostname chaining? Splunk picks the chained hostname rather than the original. by zliu Splunk Employee in Getting Data In 03-26-2010 0 1 | 0 | 1 | |
| | I have a light forwarder (v4.0.7) I want to change this to a forwarder instead of a light forwarder. The reason being... by Alan_Bradley Path Finder in Getting Data In 03-26-2010 0 3 | 0 | 3 | |
| | We're upgrading our forwarders and we always get the warning that outputs.conf cannot be migrated. However, simply m... by oreoshake Communicator in Getting Data In 03-24-2010 0 1 | 0 | 1 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Top Labels
-
add-on
2 -
administration
12 -
AIX
1 -
audit
1 -
blacklist
92 -
CLI
1 -
configuration
32 -
CSV
208 -
data
475 -
development
5 -
encryption
1 -
eval
2 -
field extraction
552 -
fields
5 -
forwarder
1 -
forwarder management
3 -
heavy
1 -
heavy forwarder
939 -
host
155 -
HTTP Event Collector
437 -
index
539 -
indexer
704 -
indexing performance
1 -
inputs.conf
829 -
installation
5 -
intermediate forwarder
142 -
introduction
3 -
JSON
390 -
kvstore
1 -
Linux
453 -
login
1 -
Mac
30 -
metadata
1 -
metrics
2 -
modular input
189 -
monitor
308 -
monitoring console
1 -
other
49 -
proactive Splunk component monitoring
2 -
props.conf
975 -
regex
5 -
saved search
2 -
scripted input
242 -
search
1 -
search head
2 -
search job inspector
1 -
source
291 -
sourcetype
493 -
Splunk Enterprise
1 -
Splunk Investigate
1 -
splunk-assist
2 -
subsearch
1 -
syslog
317 -
time
204 -
transforms.conf
575 -
troubleshooting
15 -
universal forwarder
1,552 -
using Enterprise Security
3 -
using Splunk Cloud
4 -
using Splunk Enterprise
16 -
whitelist
60 -
Windows
587 -
XML
90
- « Previous
- Next »
Get Updates on the Splunk Community!
Data Management Digest – December 2025
Welcome to the December edition of Data Management Digest!
As we continue our journey of data innovation, the ...
Index This | What is broken 80% of the time by February?
December 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...
Hello Splunk Community,
We're thrilled to share an exciting update that will help you manage your data more ...
