Getting Data In

Thread Info

how to import .evtx file from diffrent machine

Hello splunk community, I am running splunk enterprice version 7.1.2 on a Windows server 2016. We are trying to...

by Explorer in

convert time format

Hi , In splunk query i need to convert time format as below . Current format - Apr 13 17:58:35 Required Form...

by Path Finder in

Data could not be written:

I have searched high and low for an answer here and on web, but seems that i can't find a suitable answer. Did ...

by Communicator in

Need to monitor only 4 hosts - data on boarding

Hello Team, Splunk UF has been installed in all our 1000+ windows servers and we are monitoring those logs. Now th...

by Path Finder in

Calculate duration of two different events

I have logs which shows the job status ( Running, succeeded and failed) and all jobs have unique job id , now I want ...

by Explorer in

Timerange as an argument

I am working on using the same time range as an argument used in the Time range picker. how do I do that?|metadata i...

by Engager in

Lines in log file not indexed if line has time stamp from the past

Hello all, One of our home grown apps copies logs to a directory monitored by Splunk once a day around midnight. Sp...

by New Member in

SC4S and Universal Forwarders

Hello, I am new to Splunk and working on getting our environment setup correctly. I have a SC4S server setup and ...

by Engager in

Heavy Forwarder config

I need to Forward All Windows Security/Application/system logs to 2 Separate Splunk instances with different Index na...

by Explorer in

What is the best way to re-run a summary index to collect missed events after an outage?

Hi - Let's say you have a scheduled query / report that runs daily (at mid-night) looking over a time range of Las...

by Builder in

Remove first part of string before creating a JSON source type

HI I have used the below answer to get me 95% to a full solution, but i just cant get the last bit. https://answer...

by Influencer in

Splunk server uptime - missing Splunk server details

Hi all, I am running the below query, I get responses from some of my Splunk servers but not all ? | rest /serv...

by Path Finder in

How to limit the use of resources like memory and CPU by Universal Forwarder?

I'm monitoring AD and DNS Server logs on Windows 2019 servers and Universal Forwarder has been the resource utilizati...

by Path Finder in

How to resolve "Problem replicating config (bundle) to search peer 'xxxxx.yyyy.com:8089', got http response code 400 HTTP/1.1 400 Unparsable URI-encoded request data."?

Have 1 indexer and 1 search head. Separate VM's. When trying to view indexed data from search head UI we receive the ...

by Path Finder in

How to monitor HAproxy logs of server in Splunk

Hi @gcusello , Could you please help me to monitor HA proxy logs of server in Splunk. What should be the steps ...

by Path Finder in

HTTP Event collector

Hi @gcusello , I am curious to know why I am able to see HTTP Event collector under the Data Inputs on my Ind...

by Path Finder in

filtering cisco devices with syslog-ng.conf to avoid catchall

Hello- I'm trying to filter cisco logs so that all data shows up in it's own folder in syslog-ng. However only so...

by Path Finder in

Splunk Docker - Which is the right folder for props.conf (and other config files)

Hi, I have found several locations with a props.conf in my Docker splunk:8.2 image: ./opt/splunk/etc/apps...

by Loves-to-Learn Lots in

Performance in Virtual versus Hardware Indexers for large and growing Enterprise Splunk instantiations

We have an Enterprise Splunk instantiation that has clustered virtual indexers. We have been advised that we need re...

by Path Finder in

TAXII 2.1 Inputs (Without Splunk Enterprise Security)

Hi all!I know ES ships with a TAXII client to ingest threat intel over TAXII. Does anything exist for users who do ...

by Contributor in

Splunk

Hi, I would like to know to the commands and procedures for failures happen for splunk 1. What if deployment ...

by Path Finder in

avoid some events

Hi Team, We are collecting data from Alibaba cloud through a heavy forwarder (using Alibaba add-ons) and ...

by Path Finder in

Indexes are randomly removed from roles

Hi everyone,Currently we're dealing with an odd one on the Enterprise search head (we're using 8.2.3). We have multip...

by New Member in

Filter splunk data to reduce ingestion size

We are transferring log using log drains and using token created using HTTP event collector. We need to filter data ...

by Observer in

Role of Heavy Forwarder between UF and Indexer

Hi, Indexer can do Parsing and Indexing then why do we use HF between UF and Indexer?

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

how to import .evtx file from diffrent machine

convert time format

Data could not be written:

Need to monitor only 4 hosts - data on boarding

Calculate duration of two different events

Timerange as an argument

Lines in log file not indexed if line has time stamp from the past

SC4S and Universal Forwarders

Heavy Forwarder config

What is the best way to re-run a summary index to collect missed events after an outage?

Remove first part of string before creating a JSON source type

Splunk server uptime - missing Splunk server details

How to limit the use of resources like memory and CPU by Universal Forwarder?

How to resolve "Problem replicating config (bundle) to search peer 'xxxxx.yyyy.com:8089', got http response code 400 HTTP/1.1 400 Unparsable URI-encoded request data."?

How to monitor HAproxy logs of server in Splunk

HTTP Event collector

filtering cisco devices with syslog-ng.conf to avoid catchall

Splunk Docker - Which is the right folder for props.conf (and other config files)

Performance in Virtual versus Hardware Indexers for large and growing Enterprise Splunk instantiations

TAXII 2.1 Inputs (Without Splunk Enterprise Security)

Splunk

avoid some events

Indexes are randomly removed from roles

Filter splunk data to reduce ingestion size

Role of Heavy Forwarder between UF and Indexer

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions