Getting Data In

Ask a Question

Discussions

Thread Info

Accessing restricted Windows share

Hello all, I'm not sure what I have been asked to do is achievable. I'm hoping that someone can advise. We have ...

by Communicator in

Splunk Integration with OCI

I have been trying to integrate Splunk with OCI for data collection and the Add-On provided is not working. Error: ...

by New Member in

How to filter out lines that start with #

We have logs , where first few lines start with "#" and we don't need to ingest these lines. We tired to use diffe...

by Builder in

Splunk universal forwarder

Hi I am not receiving the data from Universal forwarders . What could the possible reasons be? Thanks

by Engager in

How to ingest only those lines from the log that start with "date/time"

We have logs , where first few lines needs to be omitted from ingesting.We only need to on-board the events , that st...

by Builder in

Who to split up $SPLUNK_DB and colddb

I have many indexes on my three indexers. I have attached NSF shares for the colddb. All the indexes are at $SPLUNK_D...

by Motivator in

Trigger alert when 1 user deletes more than 5 files

hi, I want to create an alert that will trigger when 1 user (no specific user name, just one persong from the organiz...

by Observer in

HF doesn't accept traffic from UF

Hi Splunk chaps, I'm facing problem with feeding HF from UF (HF is sending data to the cloud and this works fine)....

by Path Finder in

How to divide yesterdays data with today's data?

Hello Folks , Need help. Every day new file generates with a FileSizeBytes value, I need to compare the yesterday's...

by Engager in

have a need to email a CSV file into Splunk for consumption

anyone have a splunkbase app that will perform this function? I wish to email a CSV file (possibly ZIPPED too...

by New Member in

Splunk failed to start with errors

I recently had to realign our storage. Specifically, write cold data to one NFS share and hot/warm to another. Prior ...

by Loves-to-Learn Lots in

Create an alert when multiple files are deleted

Hi, I am trying to create an alert that triggers when more than 5 files are deleted in less than 3 minutes from the...

by Observer in

Can the Cluster Master Also Do Indexer Discovery in the outputs.conf

I've got my universal forwarders and heavy forwarders doing indexer discovery through the cluster master like so ... ...

by Communicator in

Integration with service now

Can Splunk be integrated with service now

by New Member in

Splunk_TA_Windows clash with ADFS lookup

Hi, MS ADFS will write inside WinEventLog:security and Splunk_TA_windows is watching that log and enriching with lo...

by Communicator in

Filtering with props and transforms

Hello.I have just enabled powershell logging and am now getting completely spammed with splunk forwarders running pow...

by Communicator in

wineventlog:security logs not receiving

Few DC servers not showing source=wineventlog:security. Can someone provide the troubleshooting steps to find the wha...

by Loves-to-Learn Lots in

How to get last 1 week or current logs for inputs.conf

Greetings, I have set the following configuration stanza on my inputs.conf but I am getting failures for using ign...

by Path Finder in

K8 AWS HF Delays / Timeouts

Hello, We are wondering if anyone else has experienced issues using a k8 cluster of heavy forwarders, to receive AWS ...

by Path Finder in

Configuration to send OTEL format data to Splunk observability cloud

We have an OTEL compliant exporter. What are the required definitions in an exporter configuration to send OTEL comp...

by New Member in

Oracle anonymous PL/SQL block with input and output parameters from Splunk DB Connect

Can DB Connect execute an Oracle anonymous PL/SQL block, with input parameters, and get the output parameters (for in...

by Builder in

Add data to index using REST API

Hello Experts, I have recently started exploring on Splunk API's and trying to find a REST API to Add data to a spl...

by New Member in

stanza's for props.conf

Hi, We are having bunch of HFs in our environment from HFs we have confusion from which HF is getting the data, so ...

by Engager in

Timezone issue

Hello, I have a timezone issue that I don't understand. I have two set of indexed logs in different indexes, inde...

by Explorer in

Splunk stopped indexing on index="main"

Hello guys, I will first mention that I'm pretty new to Splunk, but I noticed that Splunk has stopped indexing and ...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Accessing restricted Windows share

Splunk Integration with OCI

How to filter out lines that start with #

Splunk universal forwarder

How to ingest only those lines from the log that start with "date/time"

Who to split up $SPLUNK_DB and colddb

Trigger alert when 1 user deletes more than 5 files

HF doesn't accept traffic from UF

How to divide yesterdays data with today's data?

have a need to email a CSV file into Splunk for consumption

Splunk failed to start with errors

Create an alert when multiple files are deleted

Can the Cluster Master Also Do Indexer Discovery in the outputs.conf

Integration with service now

Splunk_TA_Windows clash with ADFS lookup

Filtering with props and transforms

wineventlog:security logs not receiving

How to get last 1 week or current logs for inputs.conf

K8 AWS HF Delays / Timeouts

Configuration to send OTEL format data to Splunk observability cloud

Oracle anonymous PL/SQL block with input and output parameters from Splunk DB Connect

Add data to index using REST API

stanza's for props.conf

Timezone issue

Splunk stopped indexing on index="main"

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions