Getting Data In

Thread Info

Why are events indexing with the wrong time stamp?

Hi,We have a custom TA to collect some logs from a Windows Server.This morning I just noticed that the Splunk is actu...

by Path Finder in

Why are events ingested using the journald modular input truncated at 4088 bytes?

I'm pulling in events from the journal of a number of Linux hosts using the journald modular input. I'm seeing tru...

by SplunkTrust in

Looking to collect latency info from Cisco devices?

Hello, Can anyone pls help me with the cisco add-on for splunk that collects latency info from cisco devices.I am ...

by Motivator in

Cisco/OpenDNS Umbrella/Investigate: so many apps, so many options ... What is best?

Here is what is on Splunkbase (maybe others, too):Umbrella Add-on for Splunk Enterprise: https://apps.splunk.com/app/...

by Esteemed Legend in

How to change the time field value /date(1548574937484) to human readable format ?

by Path Finder in

Changing date format and find date difference in days?

Hi , I want to change the date format and find difference in days from current day . Date format i have now is...

by Path Finder in

Not able to upload a file to splunk, getting oneshotwriter error?

Hi Team,I am not able to upload a local log file to my local Splunk getting below error in splunkd.logOneShotWriter f...

by Observer in

How do I convert "2022-11-01T23:56:07UTC" into MET in datetime.xml?

Hi, I searched a lot and found no answer. I have data with the above timestamp and I want to convert it into loca...

by Path Finder in

Two unique sourcetypes in directory with hundreds of logs

Hello! I am pulling in logs from a server, there are about 500 logs in the directory. We want to bring in all 498 o...

by Communicator in

What is the best way to send Mulesoft logs to Splunk?

Hi Splunkers, I'm searching about the best way to send Mulesoft logs and events.Here on community I found What is ...

by Contributor in

Installing of Splunk Universal Forward ver 9.0.0 on AIX 7.1 and 7.2 - The splunkd daemon dies seconds after startup

I have been experiencing issues with getting the Splunk Universal Forwarder agent installed on AIX 7.1 and 7.2 server...

by New Member in

What is the best way to find log patterns in Splunk consuming more bandwidth?

Hi All, I am looking for the best way to find log patterns in splunk consuming more bandwidth so that we can reduc...

by Builder in

Why are logs are not generating?

I am working on an app by using the splunk python SDK and trying to generate logs using logging library. I used al...

by Observer in

forwarding baked HEC traffic between two Splunk Entreprise Instances

Hello, I would like to forward data between two splunk instances in clear text. For that I use HEC. This is my outp...

by Engager in

Azure Event Hub not seeing logs in Splunk SH?

Hi all, We have successfully registered and connected a new Azure Event Hub namespace via the 'Splunk Add-on for M...

by Communicator in

How can I force a transforms.conf to also run on data onboarded with collect?

I'm trying to make a test with data that I onboarded with the collect command. What I see is that when I insert an...

by Path Finder in

Why I'm unable to add new DCN to Splunk Scheduler?

Hi, I'm trying to get logs from a vCenter server using the DCN. On the Collection Configuration page, I'm trying t...

by Explorer in

What does Process %_Processor_Time greater than 100% mean?

I have started collecting Process information on a virtual machine that has 1 processor. I am seeing %_Processor_Time...

by Explorer in

How to delete entire lookup table data?

Hello all, I have created a ldap search query to load identity data. I want all existing lookup table entries to b...

by Engager in

How to validate all the data from an indexer is uploaded to smart store?

What is the best way to validate entire data from an indexer is uploaded to smart store?

by Engager in

How to explain a variance in ingest volume?

I am trying to understand what would cause a variance in the volume used in our quota vs the log size it is ingesting...

by Path Finder in

Does anyone have reference material on the inputs.conf for MAC OSs and how to get the events into Splunk?

I'm a Windows guy working with Linux trying to get MAC OS events into Splunk. We don't have many MACs where I work, ...

by Communicator in

How to send data to Splunk from Azure Event Hub?

Hello there! I've been ingesting data from Azure Storage Explorer via the Splunk Add-On for Microsoft Cloud Servic...

by Explorer in

Which version of splunk Universal forwarder supports for AIX 6.1 version OS

by New Member in

How to verify that log sources are adhering to CIM model?

Hi, I just wanted to ask if there are specific ways or cli commands to check if my log sources adhere to CIM? I'v...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why are events indexing with the wrong time stamp?

Why are events ingested using the journald modular input truncated at 4088 bytes?

Looking to collect latency info from Cisco devices?

Cisco/OpenDNS Umbrella/Investigate: so many apps, so many options ... What is best?

How to change the time field value /date(1548574937484) to human readable format ?

Changing date format and find date difference in days?

Not able to upload a file to splunk, getting oneshotwriter error?

How do I convert "2022-11-01T23:56:07UTC" into MET in datetime.xml?

Two unique sourcetypes in directory with hundreds of logs

What is the best way to send Mulesoft logs to Splunk?

Installing of Splunk Universal Forward ver 9.0.0 on AIX 7.1 and 7.2 - The splunkd daemon dies seconds after startup

What is the best way to find log patterns in Splunk consuming more bandwidth?

Why are logs are not generating?

forwarding baked HEC traffic between two Splunk Entreprise Instances

Azure Event Hub not seeing logs in Splunk SH?

How can I force a transforms.conf to also run on data onboarded with collect?

Why I'm unable to add new DCN to Splunk Scheduler?

What does Process %_Processor_Time greater than 100% mean?

How to delete entire lookup table data?

How to validate all the data from an indexer is uploaded to smart store?

How to explain a variance in ingest volume?

Does anyone have reference material on the inputs.conf for MAC OSs and how to get the events into Splunk?

How to send data to Splunk from Azure Event Hub?

Which version of splunk Universal forwarder supports for AIX 6.1 version OS

How to verify that log sources are adhering to CIM model?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Target data from specific Active Directory OU's

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions