Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

High memory usage by Forwarders due to Indexer unavailability

Hello, We had a power outage after which our main Splunk instance (which serves as a Search Head and an Indexer) we...

by Engager in

How to configure batch file in inputs.conf of the TA-app to run every X seconds?

I have a batch file in the jar directory of a TA-app on all my forwarders. The batch file has the following struc...

by Path Finder in

Prevent events from ingesting

Hello, after connecting AWS add-on and configuration, I have this query which is filling my index with much unwa...

by Loves-to-Learn in

Is it possible to ingest-time eval _indextime field?

Hello! I have a distributed deployment of Splunk Enterprise. All my UFs send raw events to two HFs, these send coo...

by Path Finder in

Getting error when using 'DATETIME_CONFIG = CURRENT' for a batch input.

Hi, I am using a batch input to ingest some huge files with a single line events that do not have a timestamp. ...

by Builder in

Universal forwarder upgrade

hi all, I need to upgrade the universal forwarder on a windows server. 1. Can I just download the latest version of...

by Path Finder in

How to change props.conf based on input/sourcetype

I have a couple .txt files that I want to parse differently than the rest of my data coming in from my forwarders. ...

by Path Finder in

Universal Forwarder doesn't forward specific log

Hello! It's my first time writing here so forgive me if my question may lack information. What I want to do: I...

by Explorer in

Sending MacOS logs to Splunk without involving another tool or agent

Trying to figure out a successful method for sending MacOS logs to Splunk without involving another tool or agent. We...

by Splunk Employee in

Splunk query output formating to Jason format

I have ingested some logs to Splunk which now looks like below when searching from search header. ...

by Engager in

Restart a UF via CLI / other remote means

Hi Is there a way to remotely restart a UF forwarder in splunk directly from within splunk e.g. using splunk cli ...

by Communicator in

Deployment of Universal Forwarder to Apple Mac fleet

Our company operates a fleet of Apple Macs. We would like to automate the deployment and configuration of the Univers...

by Explorer in

Indexer - Indexes not retaining logs for as long as they should

Hello, I have an issue with the Indexer not retaining logs for the expected period, and I'm really scratching my he...

by Engager in

Is there a way to migrate indexed data from a legacy standalone indexer to a new indexer cluster?

I've read through quite a few pages and there are mixed partial solutions. Is there a way to migrate indexed data...

by Contributor in

SQS based S3 input is skipping some objects from s3 but deleting the message from sqs

Hi We have a splunk add-on for aws to pull the logs from s3 bucket. we are using the sqs based s3 inputs created t...

by New Member in

AWS Add on AWS-- Issue with SQS-Based S3 and cloudwatch -Errors

HiCan anyone help me in understanding the errors im getting in the application aws addon, i have configured the input...

by Engager in

Splunk DB Connect - data formating

Hey everyone! Lately we had an unfortunate incident were most of our logs were deleted from splunk. Luckily we save...

by Observer in

How to resolve latency between event time and index time?

My index time is 7/6/20 3:37:42.210 PM My event time is 07/06/20 10:37:42.210 CDT My TIME_FORMAT=%x %H:%M:%S.%...

by Communicator in

Error while setting up connection using MongoDB Driver

Hi,I have installed MongoDB drive from unityjdbc http://unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk_dbconnect_...

by Observer in

How to change saved search permissions via python SDK?

Hey, I am looking for a way to change permissions to a saved search via splunk python SDK. I tried using the s...

by Path Finder in

Getting Data In

Discussions

High memory usage by Forwarders due to Indexer unavailability

How to configure batch file in inputs.conf of the TA-app to run every X seconds?

Prevent events from ingesting

Is it possible to ingest-time eval _indextime field?

Getting error when using 'DATETIME_CONFIG = CURRENT' for a batch input.

Universal forwarder upgrade

How to change props.conf based on input/sourcetype

Universal Forwarder doesn't forward specific log

Sending MacOS logs to Splunk without involving another tool or agent

Splunk query output formating to Jason format

Restart a UF via CLI / other remote means

Deployment of Universal Forwarder to Apple Mac fleet

Indexer - Indexes not retaining logs for as long as they should

Is there a way to migrate indexed data from a legacy standalone indexer to a new indexer cluster?

SQS based S3 input is skipping some objects from s3 but deleting the message from sqs

AWS Add on AWS-- Issue with SQS-Based S3 and cloudwatch -Errors

Splunk DB Connect - data formating

How to resolve latency between event time and index time?

Error while setting up connection using MongoDB Driver

How to change saved search permissions via python SDK?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Drop Windows Event Logs with EventID 5156 and not ...

Invalid key in stanza

Splunk add-on for Cisco Meraki getting data from o...

Files can't be ingested while being in transit via...

Using Splunk with NiFi

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >