Getting Data In

Thread Info

How can I add new text file everyday?

Hello splunkies! I'm trying to be and admin and I'm doing an exercise but I cannot find the way to configure my inp...

by Explorer in

Experiencing duplicate indexing- How do I solve this problem?

I have a directory that is being monitored on a splunk heavy forwarder./app_monitoring The above directory will ...

by Path Finder in

How to determine ingestion sizing with a single instance deployment

Hello, I'm currently undergoing a sizing exercise to determine how large of a Splunk license I need, and was wonde...

by Explorer in

Does Splunk have a precedence for what logs to forwarder first?

If I had logs for the `_internal` index and logs for a `linux_os` index on a Heavy Forwarder, does the HF prioritize ...

by Explorer in

Why does the heavy forwarder forwarding to external syslog stops working after a few minutes?

Using HF to forward all events to Indexer and external syslog. When using syslog with tcp all processing basically st...

by Loves-to-Learn in

Is there a way to set all fields using eval in Props.conf

Props.conf [mysourcetype] EVAL-field1=trim(field1) Field1 must contain all fields for that source type. I...

by Path Finder in

Is it possible to manually roll specific buckets to frozen?

Hi, is it possible to roll specific buckets to frozen? I have some buckets which the customer wants to be deleted ...

by Explorer in

Unable to add splunk universal forwarder as a sidecar to a container in EKS

ERROR OBSERVED TASK [splunk_universal_forwarder : Setup global HEC] *************************** task path: /opt...

by Engager in

How to optimize view of a line chart in Splunk?

Hi Everyone, I'm working on a Splunk dashboard visualisation using a line chart, and I span the data for every 1week....

by Path Finder in

Why does universal forwarder stop sending data?

Hello!I have an environment with about 200 machines, all Windows Servers. All servers are sending TCP information thr...

by Explorer in

How to ingest MongoDB logs from new servers into splunk?

Hi All, We have a python code to ingest MongoDB logs into splunk and we are successfully ingesting logs from old s...

by Builder in

Is it possible to ingest ZAP(Zero-hour auto purge) logs into Splunk?

Hi All,We want to ingest ZAP(Zero-hour auto purge) logs into Splunk. We are using Splunk Add-on for Microsoft Offi...

by New Member in

How to calculate total_OPS?

Query: index=xxx source=Perfmon:LogicalDisk host=$h$ ( counter="Disk Reads/sec" OR counter="Disk Writes/sec" )...

by New Member in

Why is filtering IIS/Catalina sourcetype not working?

Hi , I am facing a weird issue - where on a Splunk indexer I am trying to filter out log events using props and tr...

by Loves-to-Learn Lots in

How to set Splunk Cloud HTTP-INPUT Truncating to 10000 Characters

Hi all,We are using Splunk Cloud, and I am using the https://http-inputs-mydomain.com/services/collector/raw to send ...

by Path Finder in

How to configure Defender ATP Add On Settings

Hi, Trying to configure the Add-On for Microsoft Defender https://splunkbase.splunk.com/app/4959/ Can anyone co...

by Observer in

Help with extracting the fields and related data from vmstat logs which are coming into Splunk

Hi All, Can you please help me to extract the fields and related data from vmstat logs which are coming into splun...

by Explorer in

Why after trying to show the source of an event, Splunk shows only "loading ..."?

Hello, If I try to show the source of an event, splunk shows only "loading ...".I took care, that the result is fi...

by Path Finder in

Why does eval search work but eval in the props conf file doesn't creating new field?

Hi, My environment has multiple apps. I got a requirement to default a value to a temp field. While my eval in the...

by Builder in

How to optimize Splunk forwarder consuming windows paging file?

Faced with the problem of consuming windows paging file by splunk universal forwarder. I didn't find a similar proble...

by Loves-to-Learn Lots in

How to search data usage by sourcetype

Hello everyone, I need query to find out sourcetype =gshshsh is using how much of data 1. From ...

by Explorer in

Is DB connect json possible?

Hello, everyone! I want to configure getting data in json format through splunk db connect. Database is mysql. ...

by Contributor in

Why is multiline single event with sourcetype nginx:plus:kv intermittently showing?

I am using the nginx app to ship nginx logs to Splunk, everything works well but intermittently I see a single event ...

by Explorer in

Is it possible to ingest the events into two different HEC endpoints with Splunk forwarder?

Splunk forwarder is running in the host and sending the audit logs to Splunk instances through HEC. Now i want to sen...

by Engager in

How to activate forward-server?

I am struggling to send data from remote machine to Splunk server due to lack of quality documentation. can anyone...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How can I add new text file everyday?

Experiencing duplicate indexing- How do I solve this problem?

How to determine ingestion sizing with a single instance deployment

Does Splunk have a precedence for what logs to forwarder first?

Why does the heavy forwarder forwarding to external syslog stops working after a few minutes?

Is there a way to set all fields using eval in Props.conf

Is it possible to manually roll specific buckets to frozen?

Unable to add splunk universal forwarder as a sidecar to a container in EKS

How to optimize view of a line chart in Splunk?

Why does universal forwarder stop sending data?

How to ingest MongoDB logs from new servers into splunk?

Is it possible to ingest ZAP(Zero-hour auto purge) logs into Splunk?

How to calculate total_OPS?

Why is filtering IIS/Catalina sourcetype not working?

How to set Splunk Cloud HTTP-INPUT Truncating to 10000 Characters

How to configure Defender ATP Add On Settings

Help with extracting the fields and related data from vmstat logs which are coming into Splunk

Why after trying to show the source of an event, Splunk shows only "loading ..."?

Why does eval search work but eval in the props conf file doesn't creating new field?

How to optimize Splunk forwarder consuming windows paging file?

How to search data usage by sourcetype

Is DB connect json possible?

Why is multiline single event with sourcetype nginx:plus:kv intermittently showing?

Is it possible to ingest the events into two different HEC endpoints with Splunk forwarder?

How to activate forward-server?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions