Getting Data In

Discussions

Thread Info

Is there a way to track when an index stopped bring in data?

Is there a way to track when an index stopped bring in data? I just noticed that one of our indexes is no longer brin...

by Explorer in

How can I immediately verify my changes have put these host's new events in the correct TZ?

I have a number of hosts sending logs "in the future". I've configured my indexer's props.conf to adjust the TZ for t...

by Explorer in

How can I disable a few logs from source?

Hi I want to disable a few logs from source. How can I do that. We have a server which forwards OS logs a...

by Explorer in

Deployment Server and Universal Forwarder- Which file is being monitored?

I saw a question on the internet while searching for answers for a separate question and a few comments below regardi...

by Communicator in

How important is specified JSON format?

Hello, documentation shows JSON format as a: metadata fields, events field with additional data in it. Format even...

by Observer in

Wildcards in source name in inputs.conf

We are monitoring log files that rotate multiple times daily. We have wildcards specified in the monitor command, bu...

by Explorer in

How to forward specific event data from HF to indexer?

Hello ALL,My deployment is UF ---->HF(local copy)----->indexerI would like to send logs from HF to indexer except som...

by Loves-to-Learn Lots in

Sending Opentelemetry collector logs to Splunk

Hello team, I want to forward Opentelemetry collector logs to Splunk. I'm not referring to sending application logs t...

by Observer in

How to display single value status indicator with external icons?

Hi Community! I am looking for a way to represent a status indicator with red, amber, green status indicator in Da...

by Loves-to-Learn in

Windows Scripted Input specify index

I am probably overengineering this but this is the only way I could get a script to execute on UF, via a deployed app...

by Explorer in

How to achieve auto field extraction of nested JSON with non-JSON in front?

Hello! We have some logs coming across which are in JSON and thus 'just work'. The problem is, inside the log field ...

by Communicator in

How to index certain logs only during a certain time range (6am - 6pm)?

Hello, I have 4 log files on one Host that I want to index/ingest. Log #1, #2, #3 will be ingested 24 hours a...

by Communicator in

NMON ADDON: permissions

Hi there.As in subject, how to make NMON aggregated data available NOT ONLY TO ADMIN users?I can query alla data from...

by Builder in

MS Windows AD Objects : Error with admon baseline

Hellohey, has anyone ever struggled to install the MS ad object app? During the installation it tells me that the bas...

by Engager in

UF on Syslog Server - Enqueuing Large Files - Logs Delayed

Hi, I would like some advice on how to best resolve my current issue with regards to the Logs being delayed that ar...

by Explorer in

Why are we getting extra blank lines along with the logs needed?

Hi there, we have implemented a component to send logs to splunk cloud but we are getting lot of extra blank lines...

by Loves-to-Learn in

If I save the data, will it be updated if the same data is included? Or is there no change?

by Explorer in

How to move partial data from index to another index?

Hi all, I need some help. I recently was wondering whether or not i could export some data from some index and ...

by Communicator in

How to utilize environmental variable in props.conf?

This has been asked before, and the questions seems to die. So here I am with a slightly different use case/phrasing....

by Path Finder in

Why am I experiencing this unexpected behavior on HEC with index/indexes setting on HF?

hi community i'd like to i tried to limit a HEC input to a certain index i have observed unexpected behavior...

by Loves-to-Learn in

How to use time elapsed after an event and a missing event to create an alert?

Hi there, I have 2 messages that log when a job is run, which share a job_id field event_name=process.sta...

by Engager in

How to ingest binary files to splunk?

Hi Splunkers, How to ingest binary files to splunk? i get error ," ignored due to binary file". Any help would ...

by Explorer in

Will a delayed report affect the next report?

There are reports that run every 0 and 30 minutes. And there's a lot of reports that start every 5 minutes, 35 minute...

by Explorer in

How do i resolve this error: ORA-12505, TNS:listener does not currently know of SID given in connect descriptor

I'm trying to troubleshoot a Connection that I made in DBConnect app, it show the error as above. I don't know if the...

by Communicator in

Any data forwarding issue using data cloning and different indexers ?

Hello, We have a question regarding a specific use case of data forwarding, we would like to know if there is a ri...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there a way to track when an index stopped bring in data?

How can I immediately verify my changes have put these host's new events in the correct TZ?

How can I disable a few logs from source?

Deployment Server and Universal Forwarder- Which file is being monitored?

How important is specified JSON format?

Wildcards in source name in inputs.conf

How to forward specific event data from HF to indexer?

Sending Opentelemetry collector logs to Splunk

How to display single value status indicator with external icons?

Windows Scripted Input specify index

How to achieve auto field extraction of nested JSON with non-JSON in front?

How to index certain logs only during a certain time range (6am - 6pm)?

NMON ADDON: permissions

MS Windows AD Objects : Error with admon baseline

UF on Syslog Server - Enqueuing Large Files - Logs Delayed

Why are we getting extra blank lines along with the logs needed?

If I save the data, will it be updated if the same data is included? Or is there no change?

How to move partial data from index to another index?

How to utilize environmental variable in props.conf?

Why am I experiencing this unexpected behavior on HEC with index/indexes setting on HF?

How to use time elapsed after an event and a missing event to create an alert?

How to ingest binary files to splunk?

Will a delayed report affect the next report?

How do i resolve this error: ORA-12505, TNS:listener does not currently know of SID given in connect descriptor

Any data forwarding issue using data cloning and different indexers ?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR