Getting Data In

Discussions

Thread Info

unable to install universal forwarder windows 10

Every time i try to install the universal forwarder on a windows 10 64bit machine it ends prematurely immediately. Wh...

by Engager in

Perfmon:CPU timestamp

Hello! I'm trying to change the timestamp (_time) from Perfmon:CPU before index, to use my Splunk Heavy Forwarder ...

by Explorer in

props.conf timestamp clarification

I have json data that can vary greatly in size with the timestamp field coming at the end of each event. I'm able to ...

by Path Finder in

How to split JSON events to usable format?

Good morning all, Complete novice with JSON workings, but essentially I have managed to configure a REST api that'...

by Explorer in

How to use wildcards and whitelists in monitor stanza (inputs.conf)?

I'm using a deployment server to distribute a single inputs.conf file to a number of servers in a class. The location...

by Explorer in

universal forward different domain from where the Splunk is running

When installing the universal forward into a trusted domain, do I need to add account from domain A into domain B? Th...

by Explorer in

I cant understand the buckets segrigation in Indexes.conf

Question 1: In my org have Splunk ES 7.2.X with 4 VMs(win os) i.e., 1 Search Head, 1 Deployment server, 2 Indexers Se...

by Path Finder in

Official support for Splunk 7.3 in Container

We're considering setting up Splunk enterprise 7.3.0 (for heavy forwarding) in a docker container. https://docs.sp...

by New Member in

Use hostname variables in index_time EVAL

Hi everyone, I am trying to add a custom field on every events that coming from a Heavy-Forwarder, so that from se...

by Contributor in

[Splunk HTTP Event Collector] Having trouble connecting to HEC port.

We are often seeing the following error messages from HEC servers and users are complaining of failures connecting to...

by Splunk Employee in

How to export CSV from Splunk to a third-party system in batch mode?

We have a requirement to send Splunk processed data as a CSV to a third-party system. Currently the CSV file is sent ...

by Super Champion in

what is the minimum level of logging required for erex to output its regex in the search information icon in splunk?

I'm trying to use splunk on a search head I don't manage but I noticed that whenever I try to use erex on the search ...

by Contributor in

What is the difference between single-instance and multiple-instance modular inputs for REST API?

Hi Dear Splunkers, I am trying to develop a Modular Input for our REST API which will ingest some data from our AP...

by Path Finder in

Monitor Windows Event Log for Critical/Error

I want to monitor certain events and all Error/Critical level events. https://answers.splunk.com/answers/663023/ho...

by Builder in

Raspberry Pi Universal Forwarder Bug Report for splunkforwarder-8.0.3-a6754d8441bf-Linux-arm.tgz:

On a Raspberry Pi 3 armv7l GNU/Linux, INDEXED_EXTRACTIONS=JSON in the props.conf file results in unrecoverable JSON S...

by Path Finder in

HF different index names for each target group

I have a Splunk enterprise cluster which also needs to forward some logs to a completely separate Splunk cluster. ...

by Engager in

Export results to a file gives Invalid Json file

When I export my results to a JSON file and then try to validate it with jsonlint.com I get an EOF error. Is there...

by Communicator in

how to import some columns from csv

I have a csv file to import by app data ->monitor i would to import some columns (not all) before to index. It's poss...

by Path Finder in

Forwarder tells me there's an "ERROR JsonLineBreaker ... had parsing error:Unexpected character: '5'" - but the error originates in the forwarder's own log?

Hello good people of the Splunk Community. This one's got me foxed. I noticed this morning that the splunkd logs o...

by Path Finder in

Free Trial Instance issue

Hi Team, i have opened an account for free trail on Splunk cloud, but the instances are not created. will it take ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

unable to install universal forwarder windows 10

Perfmon:CPU timestamp

props.conf timestamp clarification

How to split JSON events to usable format?

How to use wildcards and whitelists in monitor stanza (inputs.conf)?

universal forward different domain from where the Splunk is running

I cant understand the buckets segrigation in Indexes.conf

Official support for Splunk 7.3 in Container

Use hostname variables in index_time EVAL

[Splunk HTTP Event Collector] Having trouble connecting to HEC port.

How to export CSV from Splunk to a third-party system in batch mode?

what is the minimum level of logging required for erex to output its regex in the search information icon in splunk?

What is the difference between single-instance and multiple-instance modular inputs for REST API?

Monitor Windows Event Log for Critical/Error

Raspberry Pi Universal Forwarder Bug Report for splunkforwarder-8.0.3-a6754d8441bf-Linux-arm.tgz:

HF different index names for each target group

Export results to a file gives Invalid Json file

how to import some columns from csv

Forwarder tells me there's an "ERROR JsonLineBreaker ... had parsing error:Unexpected character: '5'" - but the error originates in the forwarder's own log?

Free Trial Instance issue

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

why i get error that “could not load lookup xxx” w...

Do we have a Splunk script that will tell us the t...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?

Get Blob Data W/O Key or SAS Token (use service ac...