Getting Data In

Thread Info

_audit and _internal index data retention

EDIT: Splunk version = 4.1.6 Are there any guidelines on the length of time that _audit and _internal index data s...

by Path Finder in

Log translation when raw log is not English

Hi Everyone I have a some standard Windows log that is not in English, when I get the data in how can I translate i...

by Communicator in

Help to get only number from Number of Files Found

Hi Team,My Query : index=*** kubernetes.container_name=*** cluster_id=*** "Number of Files Found" Result will be li...

by New Member in

Is it possible to use wildcards in sourcetype props.conf stanzas

We have a large number of logs deserve a different sourcetype, but are effectively from the same application, and hav...

by Builder in

Splunk logging driver for Docker - EOF error

Hi, I am facing a strange issue. The HEC setup to send container logs to splunk intermittently posts below error. T...

by Explorer in

INDEXED_EXTRACTIONS=CSV not parsing?

I have a props.conf file on a heavy forwarder: [my:csv:report] INDEXED_EXTRACTIONS = CSV HEADER_FIELD_LINE_NUMBER =...

by Contributor in

WinEventLog WhiteList 4662

Greetings-- I am trying to set-up an WinEventLog inputs.conf whitelist for LAPS (EventCode=4662).These events have ...

by Communicator in

Query for Splunk Forwarder is active or not?

We have received an alert for splunk Forwarder not active on 1 host. We are not able go see the contributing events f...

by Loves-to-Learn in

How to split data into separate sourcetypes with transforms

I am trying to split some data into difference source types using a lookup table. I am testing this locally. I h...

by Engager in

forwarding AIX errpt to splunk

Do you have a new and valid link for that procedure? http://docs.splunk.com/Documentation/Storm/Storm/User/Howtoset...

by New Member in

ingesting huge file continuously

we have seen as issue where Splunk UF stops reading a specific file once file gets more than 20MB , and going to batc...

by Loves-to-Learn in

Splunk Add-on for Java Management Extension : [main] ERROR - Error executing modular input : null : java.lang.NullPoint

I am using Splunk Add-on for JMX over the years but in sudden it stopped working and below is the error.So then i hav...

by Explorer in

Windows universal forwarder to Splunk Cloud issues

I am trialing the Splunk Cloud software and having read through all the information on how to setup universal forward...

by Observer in

Identify number of deployment server clients?

When looking to update a deployment enterprise instances, we are exploring using a deployment server. Splunk docume...

by Explorer in

Splunk fundamental training lab 4

Post followed up, module 4 lab "Splunk Fundamentals 1 Lab Exercises" --ingesting data, i am not getting any number of...

by New Member in

Sending Wineventlog to logrhythm with different inputs.conf renderXML

Hi all, I have hundreds of UF (universal forwarders) setup and sending wineventlogs to our splunk cloud instance. ...

by Loves-to-Learn in

Windows Event Forwarding

I have Windows Event Forwarding Configured and have installed a Universal Forwarder to send events to a Heavy Forward...

by Path Finder in

Issue with getting data to Splunk App for Hyperledger Fabric

I am very new to splunk, We are trying to monitor our hyperledger fabric network with the Splunk App for fabric in th...

by Observer in

unable to get MS Azure event hub using Splunk Addon for Microsoft cloud services add on

Hi, I am using Splunk Addon for Microsoft cloud services add on to integrate splunk with MS Azure. I want to inge...

by Loves-to-Learn in

How to exclude duplicate Data while onboaring the data in below scenerio

I have a python script with runs daily and saves output in csv file for example: if i run that script today it wi...

by Explorer in

Citrix TA-XD7-Broker - ps script requires cloud login and MFA

Hello fine Splunk folks, We have 10x Cloud Connectors which function as the DDC and BrokerAgent. The Splunk U...

by Communicator in

issue with batch input that has stopped working

We have a long standing batch input that has stopped working. No matter how i change the input including pointing the...

by Communicator in

Installing Splunk Universal Forwarder on Oracle Linux is having issue

Hi All, I have setup Oracle Linux on my VM to collect logs using Universal forwarder. UF not able to start service...

by Explorer in

Help with a regex (extract the file name from the file path)

Hi Splunkers, I need some help with a regex/command to extract the file name from the file path : path\\to\\the\\...

by Path Finder in

What is the proper syntax to whitelist a single EventCode from wineventlog security with a UF ?

Hi - Not having any luck testing or finding the answer in documentation so hopefully someone can confirm. I ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

_audit and _internal index data retention

Log translation when raw log is not English

Help to get only number from Number of Files Found

Is it possible to use wildcards in sourcetype props.conf stanzas

Splunk logging driver for Docker - EOF error

INDEXED_EXTRACTIONS=CSV not parsing?

WinEventLog WhiteList 4662

Query for Splunk Forwarder is active or not?

How to split data into separate sourcetypes with transforms

forwarding AIX errpt to splunk

ingesting huge file continuously

Splunk Add-on for Java Management Extension : [main] ERROR - Error executing modular input : null : java.lang.NullPoint

Windows universal forwarder to Splunk Cloud issues

Identify number of deployment server clients?

Splunk fundamental training lab 4

Sending Wineventlog to logrhythm with different inputs.conf renderXML

Windows Event Forwarding

Issue with getting data to Splunk App for Hyperledger Fabric

unable to get MS Azure event hub using Splunk Addon for Microsoft cloud services add on

How to exclude duplicate Data while onboaring the data in below scenerio

Citrix TA-XD7-Broker - ps script requires cloud login and MFA

issue with batch input that has stopped working

Installing Splunk Universal Forwarder on Oracle Linux is having issue

Help with a regex (extract the file name from the file path)

What is the proper syntax to whitelist a single EventCode from wineventlog security with a UF ?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions