Getting Data In

Thread Info

UF stops forwarding when splunk cloud is down

If you read the title, you are going "well of course it does", but hear me out. (This will be a long explanation th...

by Path Finder in

Palo Alto Networks config logs not showing before and after info

We forward all config logs from our Palo Alto Networks firewall directly into Splunk I can see that the config logs...

by Path Finder in

What is the best way to monitor large log files?

Hi Team, What is the best way to monitor large rolling log files?? As of now I have following configuration to mo...

by Builder in

Figure out what forwarder data came from

I am trying to figure out if there is a query that will tell me which forwarder some of the data I have in my indexer...

by Path Finder in

Free Splunk Add Data missing?

Hi, I'm new at splunk and signed up for Free Splunk Cloud. I setup a universal forwarder on a windows server and ...

by New Member in

Why has the Splunk Enterprise Trial license already expired in a brand new Docker container?

I'm using a Docker image, created in 2017, whose dockerfile specifies: from splunk/splunk:6.6.3 The image is a...

by Builder in

Importing csv files from directory

Hi all, I have been trying to monitor a directory with csv files. Let me explain. I have multiple PS scripts runnin...

by Communicator in

Input Monitor order of precedence

Hi, Will Splunk use a more explicit Monitor stanza vs a wildcard stanza. Since the stanza's are not identical I do...

by Explorer in

Using splunk to monitor Microsoft sql server backups.

Hello, I am looking into using splunk to monitor sql server backups, can the splunk app for SQL do this?, can’t see t...

by Communicator in

Delete Windows logs description at index time

Hi all, I´m trying to delete the description that came at the end of some windows events. From the CM I deployed th...

by Path Finder in

Anonymize data and keep original aside

Good afternoon fellow splunkthiasts, I need your help with data anonymization. Situation: Application on server wi...

by Path Finder in

Why is my ui-prefs.conf change to make the default search time range 15 minutes in all apps not being respected?

Goal - Change the default time of search to 15 minutes in all apps. I created a ui-prefs.conf in the local of the...

by Builder in

Issue with parsing Json data

Hello Splunkers, I'm facing problem with correct parsing json data. Splunk correctly recognizes data as json source...

by Path Finder in

S3 bucket log ingestion

Hi, We have integrated a S3 bucket with Splunk. Log path - aaa\folder\out.log aaa\folder\error.log aaa\fol...

by Builder in

Logs from Acronis Backups sent to Splunk

Hello Everyone, Does anyone know the best way to go about getting logs from our Acronis Backups solution to send it...

by Loves-to-Learn Lots in

Real time table load

I have a table with a join, which means there are 2 sources - x and y. I receive the logs from x first, I would like...

by Explorer in

Getting None value in timestamp along with Datetime value in timestamp field

In raw data, timestamp field value is 1606730113962778 but for the timestamp field in the interesting fields list i a...

by Engager in

Why does the Splunk Forwarder for Linux randomly stop sending and monitoring files?

The port is open and listening. The logs directory which I am monitoring contain hundreds of thousands of files in it...

by New Member in

Ingest GPX Files

Hello, I'm using an old copy of a Windows-based running tracking application. The mapping function no longer works....

by Explorer in

Unable to rewrite host meta key at ingestion

I have a reg ex tested and working that will extract the host out of these events. My transforms is as follows: ...

by Builder in

Universal Forwarder can't connect to Deployment Server

Spent a day on this and have been seeking help in Splunk IRC. Bout to lose it. Deployment Server states no clients...

by Path Finder in

How to troubleshoot why deployment client wont phonehome with my current configuration?

So I've been banging my head against the wall trying to get my Splunk Universal Forwarders to at least attempt to pho...

by Path Finder in

Cant get windows server into splunk

Im pretty technical... i got splunk installed in centos, everything works ok, but for the life of me i cant figure th...

by Loves-to-Learn in

Splunk app (forescout) could not read index

I am getting this error and needs help troubleshooting and resolving the issue: " App: [ForeScout App for Splunk] cou...

by Loves-to-Learn in

TIME_FORMAT in props.conf seems to not be working

Hello all... I have events that have a timestamp that starts with: 2014-05-07 13:12:27 2910 ......

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

UF stops forwarding when splunk cloud is down

Palo Alto Networks config logs not showing before and after info

What is the best way to monitor large log files?

Figure out what forwarder data came from

Free Splunk Add Data missing?

Why has the Splunk Enterprise Trial license already expired in a brand new Docker container?

Importing csv files from directory

Input Monitor order of precedence

Using splunk to monitor Microsoft sql server backups.

Delete Windows logs description at index time

Anonymize data and keep original aside

Why is my ui-prefs.conf change to make the default search time range 15 minutes in all apps not being respected?

Issue with parsing Json data

S3 bucket log ingestion

Logs from Acronis Backups sent to Splunk

Real time table load

Getting None value in timestamp along with Datetime value in timestamp field

Why does the Splunk Forwarder for Linux randomly stop sending and monitoring files?

Ingest GPX Files

Unable to rewrite host meta key at ingestion

Universal Forwarder can't connect to Deployment Server

How to troubleshoot why deployment client wont phonehome with my current configuration?

Cant get windows server into splunk

Splunk app (forescout) could not read index

TIME_FORMAT in props.conf seems to not be working

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions