Getting Data In

Thread Info

ingest events with a specific string - remove the rest

Hi all, I'm trying to ingest (multiline) events with the string "public_ip" and remove the rest props.conf: [p...

by Builder in

Excluding field values from JSON SPATH Table

Hi, Can someone help filter out a nested JSON value in a table? I have a search and SPATH command where I can't f...

by Explorer in

How can I identify buckets with past and future events

Hello I have a windows index that has data as old as 14000+ days. From researching its because there is data th...

by Communicator in

XML tags extraction at index time

Hello, I am trying to create some fields at index time from an XML log. I prepared the sourcetype definition in t...

by Explorer in

Tailor inputs.conf to match specific windows hosts AND mointor a specific file path

is it possibly to edit my Monitors:// to work with specific hostnames (Computer Names) and monitor a specific file lo...

by Path Finder in

Cloud-certified app's .py file is not found after installation on heavy forwarder 7.3 on prem customer instance

12-08-2020 21:54:50.912 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/bitg...

by Engager in

Domain controller data ingestion delay

Hi, facing issue with data ingestion for the windows security events from the domain controller servers index=wine...

by Explorer in

Indexing Log files which are in zip format

Hi, I am looking at indexing log files( windows event log .evt files which are zipped). Is there a step by step proce...

by Path Finder in

Change Index and Sourcetype

I have set of data, where I want to send events with a 404 error code to a different index as well as after processin...

by Explorer in

Line Break in multiline event doesn't work

Hello fellow splunkers! atm I'm trying to break up a huge multiline event that is merged together with &&&. Whe...

by Communicator in

Splunk API threat intelligence integration - Item Argument Missing

Hi, I'm trying to integrate an API feed into our threat intelligence collections via powershell, however I can't s...

by Engager in

Event annotations getting truncated?

Hey guys, I have been trying to add some event annotations to my line graph but keep getting the following error on t...

by Explorer in

Universal Forwarder - replace default self-signed certificate

I'm running Splunk Universal Forwarder v8.0.3.0. We are running it on Windows 2012 R2. What is the process to replac...

by New Member in

Can I configure universal forwarder to listen to a TCP port?

I have a network appliance publishing log to a remote server which has universal forwarder installed... Is it possibl...

by Path Finder in

Index time csv monitor

Hey All, Having issues getting data in. With the inputs monitor stanza only data comes thru but when I add the pro...

by Explorer in

Field Extraction, message separated by spaces

Hi everyone, I need some help with extracting the field 'message' from my logs coming to splunk. Right now, I am able...

by Loves-to-Learn Everything in

Inputs.conf "MonitorNoHandle" event start date issue

We are pulling in DNS debug logs from windows servers and I have a few servers that have been running for awhile, but...

by Engager in

Facing issue with TA-mailclient not able to get mails in Splunk

@seunomosowon Need help with this: I am using Splunk Enterprise Version:8.0.4 and TA-mailclient= 1.3.0 messag...

by Loves-to-Learn in

Capacity of HEC token

Hi, Splunk Enterprise resides in on-premises. What would be the capacity of the HEC token? How much logs can be...

by Builder in

Nested json array with missing fields into Splunk Table

I have the below JSON event with nested array in splunk -: { "index": 2, "rows": [ { "apple": 29 }, { "...

by Engager in

Extract a string from an existing field value

Hi guys, I have the following event: [ DefaultMessageHistory[ routeId=Receive, node=to618]], Ca...

by Loves-to-Learn in

Connect IP network to splunk

How do i start by connecting 2 of my network IP to splunk/ I would like to view the system activities and predicati...

by Observer in

Restore clustered frozen buckets to non-clustered instance

Hello guys, could you let me know how to properly restore frozen buckets from clustered indexers to non-clustered i...

by Motivator in

Remove XML elements via transforms (keep the tags)

Hi, I am trying to remove elements from XML in a log file using the heavy forwarder via transforms.conf Tried sev...

by New Member in

blacklist inputs.conf

I need that the "notice" type logs are not forwarded to the indexer I know I should add a line called "blacklist" b...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

ingest events with a specific string - remove the rest

Excluding field values from JSON SPATH Table

How can I identify buckets with past and future events

XML tags extraction at index time

Tailor inputs.conf to match specific windows hosts AND mointor a specific file path

Cloud-certified app's .py file is not found after installation on heavy forwarder 7.3 on prem customer instance

Domain controller data ingestion delay

Indexing Log files which are in zip format

Change Index and Sourcetype

Line Break in multiline event doesn't work

Splunk API threat intelligence integration - Item Argument Missing

Event annotations getting truncated?

Universal Forwarder - replace default self-signed certificate

Can I configure universal forwarder to listen to a TCP port?

Index time csv monitor

Field Extraction, message separated by spaces

Inputs.conf "MonitorNoHandle" event start date issue

Facing issue with TA-mailclient not able to get mails in Splunk

Capacity of HEC token

Nested json array with missing fields into Splunk Table

Extract a string from an existing field value

Connect IP network to splunk

Restore clustered frozen buckets to non-clustered instance

Remove XML elements via transforms (keep the tags)

blacklist inputs.conf

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions