Getting Data In

Thread Info

Help with Ingesting Data into Splunk Cloud HEC via python script

Hello all, I am attempting to ingest data via a python script that retrieves data from an API and then forwards the...

by New Member in

duplicate host field when _raw is json

Hi all, I'm having non-indexed-extracted json in events. When there is a json "host" field host, which is different...

by Builder in

Add data from forwarders requires copy of clustered indexes indexes.conf on DS

Hello, is there any better solution than copying indexes.conf based in /etc/master-apps to the deployment server ap...

by Motivator in

Indexing PowerShell transcription files

Is there a resource for indexing powershell transcription files? We're using PowerShell 5.1. I've reviewed the inf...

by Communicator in

Line Merge difficulties

Hello helpful people, I'm afraid I have an issue that is related to many questions already asked, but I have not be...

by Communicator in

Pull a field through regex

I have the following log: Number=Test1,Code=DPCA , ErrorMessage= sun.security.validator.ValidatorException:...

by Path Finder in

Using span option in timechart doesn't show any values

I am trying to get a time difference of two events and using timechart, I wants to display MAX(time difference value ...

by Explorer in

How to use the foreach command to list a particular field that contains an email address?

I have events in JSON format as follows - Event 1: { QP_A:abc@gmail.com, QP_B:123, COUNTRY:USA} Event 2: { QP_C:...

by Contributor in

How to find status of files being monitored?

Is there a command or somewhere to look regarding the status of file monitoring? I've set up a UF on an rsyslog machi...

by Engager in

How to redirect uf log to specific index in indexer

Hi everyone,I would like to ask how to redirect uf log to a specific index in indexer.I cannot modify the uf outputs....

by Explorer in

Splunk Enterprise doesn't detect universal forwarder (linux)

I have one machine with Splunk Enterprise and on another machines I've installed a universal forwarder. Even-though e...

by Loves-to-Learn in

Add field to windows event

Hello, Is it possible to add fields to the windows event collected by a forwarder ? I would like to add an enviro...

by New Member in

Will upgrade to Splunk_TA_nix v8.2.0 still works with Splunk UF v7.0.4?

Hi Team, We have Splunk Enterprise v7.2.9.1 and planning to upgrade to v8.1.1. Now, as a pre-requisite, we will up...

by Communicator in

Route syslog from heavy forwarder to 3rd party, but only WinEventLogs?

We are sending logs received by our heavy forwarder to a 3rd-party syslog server. We thought we had it configured so ...

by Path Finder in

TA-meraki Not Logging all Events to Splunk

I've successfully installed and configured the TA-meraki app and have all the CIM compliant data coming into Splunk, ...

by Path Finder in

Catchpoint Splunk addons

I used splunk catchpoint add-ons to fetch the data from catchpoint. But after i mapped into splunk i can see only 12 ...

by Motivator in

Splunk integration with other tool

Hello I am having a single instance of Splunk enterprise on my environment ,Is there a way to forward the Splunk d...

by Explorer in

Query to list All indexes and sourcetypes of All Apps present in an instance

I need help to find a query that can list every source types and indexes of each and every app present in the search ...

by Engager in

Is it possible cluster master returns fqdn instead of IP's of Indexers ?

Is it possible cluster master returns fqdn instead of IP's of Indexers ? if yes please explain how ?

by Path Finder in

Is there a tool to forward logs from Windows 2000/2003 servers to Splunk?

Hi guys need your help. is there a tool which can monitor and forward logs from windows 2000/2003 servers to Splun...

by Explorer in

coldToFrozen Azure blob storage account

I have a distributed Splunk environment running in Azure IaaS. I need to start rolling my cold data off to archive an...

by Path Finder in

Forward data without effecting ingest volume

Hello, We have one universal forwarder, and two cloud instances. Currently I have all data going to 1 indexer, I'...

by Explorer in

Splunkd Service in splunk entprise 8

after installation of splunk enterprise 8.0, the Splunkd Service cannot restart

by Explorer in

Change log storage time

When the indexes were created, they were created by default. Now that I needed to know how long a log went from...

by Builder in

Wrongly merged Events/permanently blocked tcpout queue with Intermediate Universal Forwarder.

Using Universal forwarder as intermediate forwarder for source universal forwarders can cause Events being merged i...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Help with Ingesting Data into Splunk Cloud HEC via python script

duplicate host field when _raw is json

Add data from forwarders requires copy of clustered indexes indexes.conf on DS

Indexing PowerShell transcription files

Line Merge difficulties

Pull a field through regex

Using span option in timechart doesn't show any values

How to use the foreach command to list a particular field that contains an email address?

How to find status of files being monitored?

How to redirect uf log to specific index in indexer

Splunk Enterprise doesn't detect universal forwarder (linux)

Add field to windows event

Will upgrade to Splunk_TA_nix v8.2.0 still works with Splunk UF v7.0.4?

Route syslog from heavy forwarder to 3rd party, but only WinEventLogs?

TA-meraki Not Logging all Events to Splunk

Catchpoint Splunk addons

Splunk integration with other tool

Query to list All indexes and sourcetypes of All Apps present in an instance

Is it possible cluster master returns fqdn instead of IP's of Indexers ?

Is there a tool to forward logs from Windows 2000/2003 servers to Splunk?

coldToFrozen Azure blob storage account

Forward data without effecting ingest volume

Splunkd Service in splunk entprise 8

Change log storage time

Wrongly merged Events/permanently blocked tcpout queue with Intermediate Universal Forwarder.

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions