Getting Data In

Discussions

Thread Info

Hardware requirement for heavy forwarder with DBConnect app

What is the minimum hardware requirement for installing heavy forwarder with DBconnect app which is sending data to S...

by Explorer in

Splitting of sourcetype

Hello there I am monitoring files using input.conf and define source source type there i am trying to split sourc...

by Explorer in

Which version of splunk Universal forwarder supports for AIX 5.X and AIX 6.X version OS.

Which version of spunk Universal forwarder I need to install for AIX 5.1 and AIX 6.1 version OS machines. We have Spl...

by New Member in

Multiple Indexes, single S3 Bucket with SQS

Given a Splunk environment with SQS (S3) as the data source, is it possible to "filter" messages at so that we can s...

by New Member in

Hardware reference for Stream App

Hi at all, I have to capture strems coming from some tap devices in my network using Steam App. Which are the min...

by SplunkTrust in

Getting data in from S3 to Splunk through SQS based S3 method

Hi Splunkers , We are collecting logs from multiple devices/application and sent to one single S3 bucket and th...

by Explorer in

Reusing Splunk Heavy Forwarder License

Can we stop using a Licensed Heavy Forwarder and reuse the same license on setting up another Heavy Forwarder ?

by Explorer in

DBConnect on Heavy Forwarder

1. Can DBconnect on Heavy Forwarder be configured to pull data from tables in DB2 database and pushed to Splunk cloud...

by Explorer in

How do I set different source types on one data input?

Hello, I have a Data Input for TCP:10514 where I am receiving logs from different devices (blue coat proxy (192.16...

by Communicator in

Unable to extract timestamp from CSV file

I'm trying to extract timestamp exactly from the CSV for each event, but doesnt happen. It show only indexed time in ...

by Explorer in

Monitor Splunk Updates

Hello, I need some help. One of our clients wants to see when the patch version of Splunk is updated. Is this possi...

by Explorer in

How do I index Kaspersky Security Center logs in Splunk?

Hello, I'd like to monitor the logs of Kaspersky Security Center with Splunk . I found that I should add in inputs...

by Engager in

Heavy forwarder redundancy and HA

Hi, My client needs High Availability in the heavy forwarders. They are collecting events from devices on a dat...

by Communicator in

Decode Logs coming from Syslog (SSL)

Hi, i am trying to send encrypted logs from Syslog to Splunk. To decrypt them i changed the splunk/etc/system/local/...

by Engager in

Extracting event timestamp from CSV

My apologies in advance for having to ask this question again but I did not get a definitive answer my first time. ...

by Path Finder in

Am I over utilizing Props/Transforms?

I'm going to describe a typical use case. The Software team will have one log file for most of it's outputs, le...

by Path Finder in

How to get a list of all indexers and their IPs in my Enterprise environment

How do I get a complete list of all indexers in my Splunk Enterprise environment?

by Builder in

search a query on splunk using the rest api

Hi, I want to create a rest api request to create a search in splunk and get the details(logs) of the search result...

by Observer in

Extract fields from the log

I am trying to get logs from a firewall into splunk. Usually i work with regex to extract the fields, but these logs ...

by Engager in

How to use "remove monitor" to remove security event logs from my inputs

When I had initiall installed my forwarder I selected "security" as one of my inputs. Now I want to remove this as an...

by Path Finder in

Monitoring Event Logs

Hi, I'm trying to pull the event logs when an account is being locked in Active Directory, but I could see multiple...

by Engager in

Input tab doesn't load : Microsoft Azure Add-On

Hi, We have to ingest activity log into Splunk. We installed Microsoft add-on for Splunk on our heavy forwarder. W...

by Loves-to-Learn in

System Time in Splunk off but log times are correct

Here is my environment Cluster Master, License Master, Deployment Server (on one Splunk instance) Cluster of 3 in...

by Engager in

Help filter out unwanted data from indexing using nullqueue Please

Hi if someone could please help that would be great, I have events showing up in the indexer that are pushing me over...

by Path Finder in

HEADER_FIELD_LINE_NUMBER = 1 not working

While trying to get the data from UF to indexer, the header is getting indexed as well. Attached the log file and the...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Hardware requirement for heavy forwarder with DBConnect app

Splitting of sourcetype

Which version of splunk Universal forwarder supports for AIX 5.X and AIX 6.X version OS.

Multiple Indexes, single S3 Bucket with SQS

Hardware reference for Stream App

Getting data in from S3 to Splunk through SQS based S3 method

Reusing Splunk Heavy Forwarder License

DBConnect on Heavy Forwarder

How do I set different source types on one data input?

Unable to extract timestamp from CSV file

Monitor Splunk Updates

How do I index Kaspersky Security Center logs in Splunk?

Heavy forwarder redundancy and HA

Decode Logs coming from Syslog (SSL)

Extracting event timestamp from CSV

Am I over utilizing Props/Transforms?

How to get a list of all indexers and their IPs in my Enterprise environment

search a query on splunk using the rest api

Extract fields from the log

How to use "remove monitor" to remove security event logs from my inputs

Monitoring Event Logs

Input tab doesn't load : Microsoft Azure Add-On

System Time in Splunk off but log times are correct

Help filter out unwanted data from indexing using nullqueue Please

HEADER_FIELD_LINE_NUMBER = 1 not working

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions