Getting Data In

Thread Info

Splunk_TA_Windows 8.2.0 - User DN incorrect extraction

Edit: After working with Splunk support, this issue is fixed in TA version 8.5.0. I recently upgraded our Windo...

by Path Finder in

How to route to index by Source

Hi All, Having an issue trying to route events to an index by source, posting as a new question as I've not found a...

by Explorer in

Any service to use GetMetricsData API from cloudwatch

Hey team, we have integrated Splunk in our app, and we are using it for the last few days. And we wanted to kno...

by New Member in

McAfee ePO Splunk Cloud

Hello! We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've be...

by New Member in

How do I delete from the 'main' index

I have a standalone instance of Splunk Enterprise. I uploaded a few XML files to perform some testing and now I want ...

by Splunk Employee in

Index-time extraction and non-indexed field

Hi there. I was wondering... All the docs and howtos regarding index-time extractions say that you need to set fi...

by SplunkTrust in

Tail/Batch readers confusion

I'm having more strange situations with my UF ingesting many big files. OK, I managed to make the UF read the curre...

by SplunkTrust in

spunk perfmon.exe counters not found error in splunk internal index

After windows UF upgrade from 7.1.10 to 8.2.0, we are getting the spunk perfmon.exe counters not found error in splun...

by Loves-to-Learn Lots in

MCAS Salesforce

Hi, How to ingest MCAS Salesforce logs into splunk.

by Builder in

How to overcome CSV max results to email?

Hello. We have a user who wants to receive some rather large reports daily. In one particular case, the search ret...

by Builder in

How to handle huge payloads in splunk

Hello, We have a usecase where the Json payloads are more than 1 million bytes, our current truncation limit is set...

by Motivator in

Custom itsi_im_metrics / what is itsi_im_metrics_indexes for?

Hello, I am planning to setup some custom metrics indexes using this guide: https://docs.splunk.com/Documentation/I...

by Path Finder in

Clone events to 2 indexers

Hello everyone, Here's the situation : indexer1, deployment server role indexer 2 fowarder 1. I distrib...

by Communicator in

How to Watch Multiple Log Files with Similar Names with Universal Forwarder

Hi, I'm setting up Splunk Universal Forwarder to watch logs generated from an application I have in AWS Elastic Beans...

by Explorer in

What is meant by Splunk integration?

Hi, what do you mean by integrating and application with Splunk and what are the steps?

by Path Finder in

How to extract ingested data and display in interesting fields ?

Example: MyNameisKumar I want name=kumar from this ingested Data . Please help me with the solution

by Loves-to-Learn Lots in

Multiple regex conditions in transforms.conf

Hi , I have a transforms to send logs from prod hosts to one index and from non prod to other. Transforms: [prod...

by Explorer in

Log events are missing

Hello everyone, When I was trying to search source type=... Xxx and checked from date from 3 /09/2021 to 6 /07/2021...

by Explorer in

Can I change TRUNCATE and MAX_EVENTS to unlimited ?

I have large logs, with more than 10000 chars per line, and multiline events as large as whole XML file. They are alw...

by Communicator in

Exporting results from api search

Hello, I am trying to export the results from an api search, currently I am using the curl command: curl -k -u use...

by Explorer in

WMI and timestamp problems

I'm pulling events from remote computers using WMI as described in the splunk docs. Everything seems to be going quit...

by SplunkTrust in

How to discard extra text from a single line in events?

Example: Mynameissachintendulkar .Except sachin I need to remove remaining all text .please help me with the query. T...

by Loves-to-Learn Lots in

Monitoring many files over CIFS

At the beginning I want to say that I did search the forums and I saw the most typical responses like "use logrotate"...

by SplunkTrust in

Unable to forward to indexer - cooked connection timed out

Hi, I'm trying to forward data into my Splunk indexer, but when I do a "./splunk list forward-server", it shows up ...

by Path Finder in

How to get the host value from INDEXED_EXTRACTIONS = json

How can I get the "host" value extracted from a JSON event with "INDEXED_EXTRACTIONS = json" into the events host fie...

by SplunkTrust in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk_TA_Windows 8.2.0 - User DN incorrect extraction

How to route to index by Source

Any service to use GetMetricsData API from cloudwatch

McAfee ePO Splunk Cloud

How do I delete from the 'main' index

Index-time extraction and non-indexed field

Tail/Batch readers confusion

spunk perfmon.exe counters not found error in splunk internal index

MCAS Salesforce

How to overcome CSV max results to email?

How to handle huge payloads in splunk

Custom itsi_im_metrics / what is itsi_im_metrics_indexes for?

Clone events to 2 indexers

How to Watch Multiple Log Files with Similar Names with Universal Forwarder

What is meant by Splunk integration?

How to extract ingested data and display in interesting fields ?

Multiple regex conditions in transforms.conf

Log events are missing

Can I change TRUNCATE and MAX_EVENTS to unlimited ?

Exporting results from api search

WMI and timestamp problems

How to discard extra text from a single line in events?

Monitoring many files over CIFS

Unable to forward to indexer - cooked connection timed out

How to get the host value from INDEXED_EXTRACTIONS = json

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions