Getting Data In

Thread Info

How to define timestamp in props.conf for JSON events?

I will be ingesting a JSON file daily that has a K/V field for the date as follows: "Date": "2023-01-04" ...

by Influencer in

.Net application: How to add custom Span/Trace using Splunk Open Telemetry SignalFx

I have an ASP .Net application that is currently setup to be monitored using Splunk Open Telemetry (Signal Fx) using ...

by New Member in

UF: Why is too much permissions given to Splunk when configured as a systemd service?

Hello Splunkers, I have followed this documentation in order to configure my Splunk on my UF as a systemd managed ...

by Contributor in

How to blacklist files with a wildcard in monitoring stanza?

Hi, I need to index windows server logs and blacklist all the previous year logs.Inputs.conf. [monitor://E:\ap...

by Builder in

Spot permissions denied errors- How could I spot this issue in the first place ?

Hello Splunkers,I faced the following issue : I deployed an app on a UF, this app should monitor a specific file i...

by Contributor in

Solution : event splitted even with SHOULD_LINEMERGE in props.conf

Hello,some events are not parsed correctly and not splitted only when there is timestamp especially with "slow" event...

by Motivator in

How to ingest some sample data into Splunk cloud?

I have splunk cloud url : https://prd-p-9alo5.splunkcloud.comusername : sc_admin

by Observer in

How to create regex for below data?

Need help with regex for below data. Please assist me on the same.field name -------- fieldvalue Devicename------G...

by Explorer in

What is the Splunk universal forwarder 6.5.3 compatibility with Splunk Enterprise 8.1.9?

Hi I am trying to upgrade my SPLUNK environment from 7.x to 8.1.9 I want to make sure if my universal fowarder...

by Explorer in

How to resolve error: Log to Splunk with Log4j2- 401 Unauthorized ?

Hi I am trying to integrate log4j with splunk as shown below and I am getting error - Log4j2-TF-1-AsyncLoggerConf...

by Observer in

How to convert bulk evtx files in a folder to CSV files for ingestion?

Hi all. I have a folder with about 200 evtx files. The following command works for 1 file. How can I process/convert ...

by Explorer in

How to avoid default LINE_BREAKING from splitting up the following log into multiple lines?

We see that the following log lines are always split into multiple events. I've tried multiple variations of LINE_BRE...

by Explorer in

Why is regex working fine in standalone Splunk but not in clustered environment?

Regex working fine in standalone splunk but not in clustered environment.1) Indexer conponent of app-->test_log_idx h...

by Explorer in

How to change all date fields with the correct time zone?

I have data with multiple date fields in GMT time. when I import the data with setting the TZ=Europe/Berlin, I see th...

by Explorer in

How to use rsync to move frozen data to another location?

I was looking at rsync to move some frozen buckets to another location. One concern, if rsync picks up new frozen d...

by Explorer in

Why do events duplicate when I use table command?

by Communicator in

Indexes/Source Types Best Practice - Data Onboarding

New customer seeking guidance for creating indexes/sourcetypes and determining granularity. Primarily we're looking ...

by Path Finder in

When I search splunk, I'm missing all data from about 100 of the files that list monitor shows that I'm watching?

I'm having an issue with one of my monitored paths. Here's the monitor stanza, the blacklist line should only blackl...

by Loves-to-Learn in

How to remove all duplicates?

Hi, i got this query | tstats summariesonly=t allow_old_summaries=t dc(All_Traffic.dest_port) as num_dest_port...

by New Member in

OSX - Unsigned library raises error for python3 modular input?

Hi, I developed a modular input making use of Python Cryptodome library (https://pycryptodome.readthedocs.io). When e...

by New Member in

Getting wrong time for event?

I have an add on for unix and linux downloaded on my monitored servers and the data is sent to my indexers. In the...

by Explorer in

Where can I get the updated sample data for practicing searches using SPL?

please where can i get the updated sample data for practicing searches using SPL? thanks in advance

by Path Finder in

custom fields overriding

Hi at all,a question before starting a new configuration. I configured custom fields on some Universal Forwarders u...

by SplunkTrust in

"Failed to find newline while reading transport header" when querying API

Hello, I have a problem with a custom app in Splunk. I've written a simple app that uses the Python requests-librar...

by Explorer in

High memory usage due to splunk universal forwarder

hai all, how to resolve high memore usage on splunk universal forwarder how to check due to which files causing ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to define timestamp in props.conf for JSON events?

.Net application: How to add custom Span/Trace using Splunk Open Telemetry SignalFx

UF: Why is too much permissions given to Splunk when configured as a systemd service?

How to blacklist files with a wildcard in monitoring stanza?

Spot permissions denied errors- How could I spot this issue in the first place ?

Solution : event splitted even with SHOULD_LINEMERGE in props.conf

How to ingest some sample data into Splunk cloud?

How to create regex for below data?

What is the Splunk universal forwarder 6.5.3 compatibility with Splunk Enterprise 8.1.9?

How to resolve error: Log to Splunk with Log4j2- 401 Unauthorized ?

How to convert bulk evtx files in a folder to CSV files for ingestion?

How to avoid default LINE_BREAKING from splitting up the following log into multiple lines?

Why is regex working fine in standalone Splunk but not in clustered environment?

How to change all date fields with the correct time zone?

How to use rsync to move frozen data to another location?

Why do events duplicate when I use table command?

Indexes/Source Types Best Practice - Data Onboarding

When I search splunk, I'm missing all data from about 100 of the files that list monitor shows that I'm watching?

How to remove all duplicates?

OSX - Unsigned library raises error for python3 modular input?

Getting wrong time for event?

Where can I get the updated sample data for practicing searches using SPL?

custom fields overriding

"Failed to find newline while reading transport header" when querying API

High memory usage due to splunk universal forwarder

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions