Getting Data In

Thread Info

Class question

Run a search in the metrics index over the last 15 minutes. Use the stats command to find the middle number, the aver...

by New Member in

How can I get the time difference between two events with particular ID?

I was trying to filter event ID in subsearch and then use it in the main search to find other events with related ID ...

by Explorer in

Local processing of forwarded events on heavy forwarder issues

A customer has a heavy forwarder (A) that is forwarding logs to my local heavy forwarder (B). I have no control over ...

by Explorer in

forwarding logs to third party system

Hello All , I want to check that whether Splunk forwarder agent (UF) can be use to forward collected raw data to a...

by Communicator in

Monitor input error

Hi guys, I´ve been trying to add data on my HF and when I get to submit my input I receive this error: I do ...

by Explorer in

Time notions in event processing

Hello everyone, I was reading through the docs and a question came to my mind. Does Splunk have different notions...

by New Member in

Monitoring browsing

I want to create a setup where splunk monitors browsing from Firefox browser on ubuntu machine.If a user browses a bl...

by New Member in

Working on Securing Data with SSL between Heavy Forwarder and Universal Forwarder using default certificates

Hi, I am having trouble attempting to get a deployment server and a deployment client to communicate and then access ...

by Loves-to-Learn Lots in

What is average Internal Events count per day on average servers??

Hi Splunkers, I've been working over capacity planning where for estimating indexer requirement. I'm stuck while...

by Communicator in

I am new to Splunk and have a question

Greetings! I am new to Splunk and I am trying to learn it so please take it easy on me  I setup an environmen...

by Loves-to-Learn in

Splunk DB Connect - ERROR io.dropwizard.jersey.errors.LoggingExceptionMapper - Error handling a request:

Im setting up a new DB connect to pull data from MS SQL server 2016 database to splunk : 1. Downloaded the latest v...

by Explorer in

Limit output network bandwidth during peer decommissioning

Hello, We are in a multi-site indexer cluster environment, and we are going to upgrade our infrastructure from 3 In...

by Builder in

Has anyone had props.conf and transforms.conf to work properly for Bluecoat 6.7.4.3 log formatting?

We use Splunk Bluecoat-TA but many fields are missing. They have not changed log format. But it seems they change...

by Splunk Employee in

Question on Regex for Windows Event Blacklist

Hi All, In our environment we are wanting to cut down on some windows event logs. There are quite a few logs th...

by Path Finder in

log4j2 configuration for Splunk HEC on EC2

I have my log4j2.xml as below, <?xml version="1.0" encoding="UTF-8"?> <Configuration status="info" name="ex...

by Loves-to-Learn in

Discard metrics

Hello to everyone, i'm trying to figure out how to discard metrics before they are indexed. Unfortunately the sourc...

by Path Finder in

Windows msiexec install is failing...why?

This is the command run as a ps1 script pushed out by Airwatch: msiexec.exe /i C:\Windows\Temp\splunk\splunkfor...

by New Member in

Logs retention policy

Hi SPlunkers, We have multiple sources reporting to same index, what we observe is for few sources we can see the s...

by Path Finder in

how to filter by "does not equal"

I know how to filter for a specific event so, for example, I always run this: source=wineventlog:* earliest_time=-24h...

by Explorer in

How to remove double quotes from a token using the replace method?

Hello!I have the token() whose content is this: $support_group_token$=support_group="Service Desk" Is there ...

by Engager in

Bypassing normal system/local/props.conf processing for .tar.gz files

Hello, I develop my own Splunk App for specific file. These files are archive files with the ".tar.gz" extension a...

by Engager in

Windows File Server integration with Splunk

Hello, What is the best third party app to monitor Windows File Server event logs such as (file read, file creation...

by Explorer in

Splunk indexing retention policy

hello Splunkers, We have a index whose retention pol;icy is varying for the applications that are reporting to that...

by Path Finder in

Azure Add-on user data truncation

I'm using the Azure Add-on for splunk to pull in our azure AD signin, audit and user data; all is work well for the m...

by Explorer in

Forwarding to a third party syslog server based on both host, sourcetype and regex

We have to forward some data from a Splunk Heavy Forwarder to a third party syslog server. This is possible as indi...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Class question

How can I get the time difference between two events with particular ID?

Local processing of forwarded events on heavy forwarder issues

forwarding logs to third party system

Monitor input error

Time notions in event processing

Monitoring browsing

Working on Securing Data with SSL between Heavy Forwarder and Universal Forwarder using default certificates

What is average Internal Events count per day on average servers??

I am new to Splunk and have a question

Splunk DB Connect - ERROR io.dropwizard.jersey.errors.LoggingExceptionMapper - Error handling a request:

Limit output network bandwidth during peer decommissioning

Has anyone had props.conf and transforms.conf to work properly for Bluecoat 6.7.4.3 log formatting?

Question on Regex for Windows Event Blacklist

log4j2 configuration for Splunk HEC on EC2

Discard metrics

Windows msiexec install is failing...why?

Logs retention policy

how to filter by "does not equal"

How to remove double quotes from a token using the replace method?

Bypassing normal system/local/props.conf processing for .tar.gz files

Windows File Server integration with Splunk

Splunk indexing retention policy

Azure Add-on user data truncation

Forwarding to a third party syslog server based on both host, sourcetype and regex

Get Operational Insights Quickly with Natural Language on the Splunk Platform

Stay Connected: Your Guide to August Tech Talks, Office Hours, and Webinars!

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions