Getting Data In

Ask a Question

Discussions

Thread Info

Splunk Indexing is Paused Internal Grace Period?

Hi All We are Using the Splunk Enterprise version with the Perpetual License Model with Index Capacity of 5 GB . W...

by New Member in

Getting data into Splunk from Nagios-LS

Howdy, I was wondering if anyone has any guidance on how to ingest data from Nagios Log Server? Prior to my arriv...

by Loves-to-Learn in

How to configure the forwarding of Microsoft Windows Print Server logs?

Hi Guys, I have installed universal forwarder on Print server, Windows Server 2012 R2 and configured the receiver IP ...

by New Member in

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline?

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline? F...

by Engager in

Why are events with equal timestamps merged into one event?

I have a few files in which the log events happen to not be in chronological order. Specifically, an event with sa...

by Path Finder in

How to remove logs from specific sourcetype being indexed?

Hi Everyone, Im trying to stop the following index from being indexed into Splunk using the props/transforms confs...

by Path Finder in

Can a Heavy-Forwarder just raw forward and not parsing?

Hi all. Like the subject, can i tell an HF not to PARSE the events, just do a banal tcp forwarding of the raw data...

by Builder in

How to send aws eventbridge events to a specific index on splunk cloud

We have been trying to ingest aws eventbridge events to splunk cloud using API destination partners provided by aws b...

by New Member in

Does the data flow through those same queues at the indexer?

If an HF is used for a intermediate / aggregation tier and the data is parsed, what does the ingestion pipeline look...

by Communicator in

Why does UF still require clientCert when requireClientCert is already disable in indexer?

Hello Splunkers, I would like to understand why a cert is need for the UF, when indexer already has requireClientCert...

by Explorer in

How to forward an index to another Splunk instance (n00b)?

I found this Index and Forward data into another splunk instance and then found the current version of the reference...

by Explorer in

How to add multiple _meta from one field?

Hi all, I want to have on a HF (8.1.4) multiple _meta of one field values in one stanza.Any sugestion how?Example:...

by Explorer in

Upgraded Indexer shuts down pipeline and has to be restarted?

We have recently upgraded an indexer from 8.2.6 to 9.0.2 (running on Windows) and since then we have been plagued by ...

by Communicator in

How to blacklist server from heavy forwarder?

Currently my Heavy Forwarder is receiving unwanted logs from a lot of different devices, and it is taking up a lot of...

by Engager in

inputs.conf blacklist format- Is there a format that needs to be adhered to when using a blacklist with regex?

is there a format that needs to be adhered to when using a blacklist with regex? I am trying to format "New Proce...

by Explorer in

Telegraf - How to solve this HEC SSL Issue?

Hi, I am trying to use Telegraf to send data to Splunk HEC. However not sure how to get past the certificate issue. ...

by New Member in

Can a Heavy Forwarder send cooked but unparsed data?

Is it possible to have a heavy forwarder send unparsed (not raw) cooked data? I have a server which needs to forward ...

by Explorer in

Recommended settings for HEC batch?

When sending batch data to HEC server, with multiple events per request, is it better to send large (10k-100k), mediu...

by Contributor in

How can I reorganize ColdBucket lost+found folder data?

One of my coldbucket indexer lost connection to the SAN and now I have a lot of data and files in my ColdBucket lost+...

by Path Finder in

Which is best practice, enable the metrics inputs in UF local or windows/nix add on local?

We want to use ITSI with universal forwarders (windows and nix). Which is best practice, enable the metrics inputs i...

by Engager in

How to compare lookup with index and number of hosts to see whats missing?

I have a lookup which in column A is the index and column B is the number of hosts, I have this as a lookup. I would...

by Engager in

Why am I not seeing the events for a file?

Hi All, i have added an input to ingest one file into splunk from deployment server i have created new app and cr...

by Path Finder in

Using Splunk HEC and validating Certificates

Hi I have seen that when I am doing a post request to "https://splunk_host:8088/services/collector/event" with val...

by New Member in

How to Load Balanced HEC entrypoint with indexer ack

Hi ! I wonder how to correct the following behaviour. Here's my architecture : 1 dns entry point load balanc...

by Communicator in

How can I overcome TCP cooked connection timeout?

Getting Tcpoutputproc cooked connection to ip is timed out, Can any one help me here how can I overcome this

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Indexing is Paused Internal Grace Period?

Getting data into Splunk from Nagios-LS

How to configure the forwarding of Microsoft Windows Print Server logs?

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline?

Why are events with equal timestamps merged into one event?

How to remove logs from specific sourcetype being indexed?

Can a Heavy-Forwarder just raw forward and not parsing?

How to send aws eventbridge events to a specific index on splunk cloud

Does the data flow through those same queues at the indexer?

Why does UF still require clientCert when requireClientCert is already disable in indexer?

How to forward an index to another Splunk instance (n00b)?

How to add multiple _meta from one field?

Upgraded Indexer shuts down pipeline and has to be restarted?

How to blacklist server from heavy forwarder?

inputs.conf blacklist format- Is there a format that needs to be adhered to when using a blacklist with regex?

Telegraf - How to solve this HEC SSL Issue?

Can a Heavy Forwarder send cooked but unparsed data?

Recommended settings for HEC batch?

How can I reorganize ColdBucket lost+found folder data?

Which is best practice, enable the metrics inputs in UF local or windows/nix add on local?

How to compare lookup with index and number of hosts to see whats missing?

Why am I not seeing the events for a file?

Using Splunk HEC and validating Certificates

How to Load Balanced HEC entrypoint with indexer ack

How can I overcome TCP cooked connection timeout?

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions