Getting Data In

Community Activity

	Metadata and tstats give different sources: How do I get the list of sources based on the tstats result? I have two search queries: \| metadata index=* type=sources that results in something like the following (under the so... by yaharga Path Finder in Getting Data In 03-15-2022 0 1	0	1
	How to extract wordcount from Array? I'm trying to extract the total word count from field1 but am unable to find the correct solution. The format is: fi... by kkosiur Loves-to-Learn Lots in Getting Data In 03-15-2022 0 5	0	5
	How to add 4 hours to each field in this Date time format? I have this date/time format, I need to add 4 hours to each field, can it be possible? if yes please help me by Kisame27 Explorer in Getting Data In 03-15-2022 0 4	0	4
	How to break one event to multiple events using my univarsal forwarder props.conf? Hi I wanted to break the line from {"id" so that splunk will treat it as a new event from {"id from below event, I ha... by bapun18 Communicator in Getting Data In 03-14-2022 0 5	0	5
	To import csv files, do we need a heavy forwarder or can we just use a universal forwarder? Hi, To import csv files do we need a heavy forwarder or can we just use a universal forwarder? I tried a universal f... by sreis Loves-to-Learn Everything in Getting Data In 03-14-2022 0 5	0	5
	Is there a hard limit of "five splunk_servers" that a single heavy forwarder can write to? I have been trying to load balance firewall logs across a 12 node index cluster the heavy forwarder is under cluster ... by jonxilinx Path Finder in Getting Data In 03-13-2022 0 1	0	1
	How to change host with props.conf and transforms.conf I have an add-on running on a heavy forwarder that is using the name of the HF as the host. I'm trying to change th... by ilhwan Path Finder in Getting Data In 03-11-2022 0 6	0	6
	Do I need to uninstall Splunk in windows(.exe) file in order to install through Linux? Hi Everyone, I am using Splunk enterprise MSI file in my own windows laptop. So for practice i would like to install ... by Atchyuth_P Path Finder in Getting Data In 03-11-2022 0 6	0	6
	Why are larger events are truncated (10000 bytes)? Hi, The data flow is UFs-->HWF-->INDEXERs Some of the event lines sizes are 100K to 300K bytes. By default Splunk... by jayannah Builder in Getting Data In 03-11-2022 0 15	0	15
	Does anyone know how to do a Chromeleon and Robotics DBC application integration? Hi Team, Any one has integrated below application with SPlunk if yes. Please suggest how Chromeleon- Chromatography D... by splunkpri Explorer in Getting Data In 03-11-2022 0 0	0	0
	Is there a way to get a service status from a remote centos8 machine? is there anyway to setup something on a dashboard that will tell me if a service on a remote centos box goes down. I ... by tazzvon Engager in Getting Data In 03-11-2022 0 2	0	2
	How do I create a TA CIM compliant for Qumulo? Hi at all, I have to create a Technical Add-On to integrate Qumulo Audit logs in Enterprise Security. I found that th... by gcusello SplunkTrust in Getting Data In 03-10-2022 0 3	0	3
	How do I write props.cof for below log structure? Actual log:- [{area: "CU", subid: "M", slgdattim: "2022022109515500", slgproc: "1362100032D2", slgmand: "200", sid: "... by sathiyasun Explorer in Getting Data In 03-10-2022 0 1	0	1
	How to add data from the Linux machines to Splunk? hi all, I'm completely new to Splunk and have some problems understanding the dataflow and what to configure where.i ... by pbnl Path Finder in Getting Data In 03-10-2022 0 2	0	2
	Why is there an error in pushing AWS cloudwatch logs using log group? Hi Team I am trying to push AWS cloudwatch logs to splunk using the log stream in splunk add for AWS, but could not a... by rajivsplunk New Member in Getting Data In 03-10-2022 0 1	0	1
	How to separate different log entries from a single source? I'm getting logs from a dockerized in-house developed application and ingesting them into Splunk. There are 3 types o... by rubenmuradyan Explorer in Getting Data In 03-10-2022 0 4	0	4
	Is is possible to index a small CSV file with only 1 column (both with monitoring and manually)? I am trying to index a small CSV file with only 1 column (both with monitoring and manually ) is it impossible ? w... by rayar Contributor in Getting Data In 03-10-2022 0 12	0	12
	What is the recommended way to index massage trace logs? Hi what is the recommended way to index massage trace logs ? currently we are using Microsoft Office 365 Reporting... by rayar Contributor in Getting Data In 03-10-2022 0 0	0	0
	Error on Configure application receivers for monitoring » Nagios "found unknown escape character" Nagios — Splunk Observability Cloud documentation Please assist as I not able to start OTEL service due to the error ... by fongpen Path Finder in Getting Data In 03-09-2022 0 3	0	3
	How to completely remove/not select the directory path if it "remote" in its folder structure? How to completely remove/not select the directory path if it "remote" in its folder structure my regex --- specific... by DataOrg Builder in Getting Data In 03-09-2022 0 6	0	6
	Why are there field extraction issues when indexing Barracuda Web Security Gateway via syslog? We've been indexing logs from our Barracuda Web Security Gateway via our syslog server with a default sourcetype of s... by pl2345 Path Finder in Getting Data In 03-09-2022 0 0	0	0
	Scripted input with bash script is not generating any results I have a bash script that queries audit.log using ausearch for events that I have configured in audit.rules to have a... by ricotries Communicator in Getting Data In 03-09-2022 0 4	0	4
	Wildcard magic in monitor stanzas- Need help with inputs.conf Hi, we have a directory with daily log files I want to read into Splunk 8.1.5: /dir1/dir2/dir3/dir4/file-20220309.log... by vgrote Path Finder in Getting Data In 03-09-2022 0 2	0	2
	I am unable to upgrade Splunk universal forwarder 7.3.3 -> 8.1.3 Hi everyone, I have an issue with upgrade splunk universal forwarder 7.3.3 to 8.1.3 (windows platform).During our inv... by marcinss Loves-to-Learn in Getting Data In 03-09-2022 0 9	0	9
	How to monitor specify window service using telegraf/win_services? Hi, I found the following telegraf service monitoring, is that anyway to specify service name (e.g Print Spooler serv... by fongpen Path Finder in Getting Data In 03-09-2022 0 1	0	1

Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...

Getting Data In

Metadata and tstats give different sources: How do I get the list of sources based on the tstats result?

How to extract wordcount from Array?

How to add 4 hours to each field in this Date time format?

How to break one event to multiple events using my univarsal forwarder props.conf?

To import csv files, do we need a heavy forwarder or can we just use a universal forwarder?

Is there a hard limit of "five splunk_servers" that a single heavy forwarder can write to?

How to change host with props.conf and transforms.conf

Do I need to uninstall Splunk in windows(.exe) file in order to install through Linux?

Why are larger events are truncated (10000 bytes)?

Does anyone know how to do a Chromeleon and Robotics DBC application integration?

Is there a way to get a service status from a remote centos8 machine?

How do I create a TA CIM compliant for Qumulo?

How do I write props.cof for below log structure?

How to add data from the Linux machines to Splunk?

Why is there an error in pushing AWS cloudwatch logs using log group?

How to separate different log entries from a single source?

Is is possible to index a small CSV file with only 1 column (both with monitoring and manually)?

What is the recommended way to index massage trace logs?

Error on Configure application receivers for monitoring » Nagios "found unknown escape character"

How to completely remove/not select the directory path if it "remote" in its folder structure?

Why are there field extraction issues when indexing Barracuda Web Security Gateway via syslog?

Scripted input with bash script is not generating any results

Wildcard magic in monitor stanzas- Need help with inputs.conf

I am unable to upgrade Splunk universal forwarder 7.3.3 -> 8.1.3

How to monitor specify window service using telegraf/win_services?

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

How to use Lambda to push logs to Splunk Cloud

Clarity on metrics license usage and how the data ...

ServiceNow Technical Add-on for CMDB Pull

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Getting Data In

Join the Conversation