Getting Data In

Ask a Question

Discussions

Thread Info

How to forward data when forwarder cannot contact indexer through firewall?

Hi all, I have a situation where there are servers from which we wish to get logs into Splunk. However, we cann...

by Path Finder in

Splunk Index Best Practices

Hi- We are indexing JSON data into Splunk. We push the data once every 24 hours. The Rest API will not give "Delta:...

by Loves-to-Learn Lots in

Splunk is getting duplicate events from Azure billing API,

Splunk is getting duplicate events from Azure billing API, We are using inbuild azure connector to onboard the data....

by New Member in

Timezone

My logs are that kind : <July 13, 2020 10:55:02,572 PM CDT> So i used TIME_FORMAT=%b %d, %Y %H:%M:%S, %3N%p%z B...

by Motivator in

How to see all source and sourcetype list

Hi, In splunk UI, I am seeing only top 10 source and sourcetype list. But I want to see all of them. Please sug...

by Communicator in

Line breaking not working for JSON logs (API at heavy forwarder).

We are using ingest pattern as API at Heavy forwarder. props.conf:- [kenna:applications] INDEXED_EXTRACTION...

by Explorer in

Ingest data from mongo db into Splunk

Hi Splunk Community I was using MySQL databases and DB connect to ingest data into Splunk. Working great! If I us...

by Path Finder in

Need assistance getting large data into Splunk

This is a note my client sent: I can’t really use the logs from Splunk, because they are spotty.. Think I figured o...

by Path Finder in

Splunk App For Infrastructure VMware vSphere

I'm trying to add VMware vSphere data using the Splunk app for infrastructure. When I try to, all I get is an alert "...

by New Member in

Running multiply Powershell scripts at the same time

I have been working the past 2 weeks with getting powershell scripts and cron jobs stable. but find that when i run 6...

by Explorer in

Windows Path monitor

When installing the "universal forwarder" I put a "path to monitor". But I would like to add another path. How do I...

by Explorer in

Getting syslogs from Avamar

Hi at all, I'm trying to get Avamar logs by syslog (UDP). The problem is that every time Avamar sends an event log, I...

by SplunkTrust in

How to add custom tags to event data via universal forwarder?

I am using universal forwarder. I wish to tag my logs with the application and some custom information like groupA...

by New Member in

field extractions transforms

Hi, I am unable to figure out a regex that matches the key value pairs of my data , I think the transforms.conf regex...

by Builder in

How to get data into splunk?

Hi, After setted a source by inputs.conf where inside is specified a sourcetype="something" and index="something"....

by Explorer in

Splunk 8.0.2 Docker environment variable or defaul.yml setting for python.version = python3

Is there an environment variable or a setting for defaul.yml I can set for python.version = python3 so that it is add...

by Path Finder in

Can I manually rename an index homePath with existing data?

Hi all, I'm dealing with a legacy Splunk installation where I'd like to clean up an index for consistency. Lets s...

by Path Finder in

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

I created an app named a_uf_inputs_conf. The app simply contains inputs.conf that has the monitor stanza's below. Thi...

by Path Finder in

Splunk Universal Forwarders audit logs merged - audit.conf configuration

Hi All, As indicated here (https://community.splunk.com/t5/Getting-Data-In/Why-am-I-unable-to-monitor-SPLUNK-HOME-v...

by Builder in

How to set up a Universal Forwarder to allow it to receive logs via the REST API?

We have a Universal Forwarder (UF) installation on premises that collects logs from various UF Agents and sends them ...

by New Member in

Unable to pull backlog data through TA-ms-loganalytics.

I have setup the TA-ms-loganalytics on my Splunk enterprise instance, and configured the inputs, i have given the sta...

by Path Finder in

Blacklist windows event log by Host Application field

Hello all, I would like to exclude the following windows event log on the universal forwarder. 07...

by Explorer in

Display JSON as list, not table

Hi, I'm trying to create some test data which contains some JSON embedded in it. I'm then trying to extract the JSO...

by New Member in

I want to monitor my email directory

We see lots of email alerts, and they come from a wide variety of places. I want to understand them better. So... ...

by Path Finder in

Search query does not return any values

User complains that the following query is not returning any values in Splunk. dbquery wmsewprd "select REC_TYPE,...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to forward data when forwarder cannot contact indexer through firewall?

Splunk Index Best Practices

Splunk is getting duplicate events from Azure billing API,

Timezone

How to see all source and sourcetype list

Line breaking not working for JSON logs (API at heavy forwarder).

Ingest data from mongo db into Splunk

Need assistance getting large data into Splunk

Splunk App For Infrastructure VMware vSphere

Running multiply Powershell scripts at the same time

Windows Path monitor

Getting syslogs from Avamar

How to add custom tags to event data via universal forwarder?

field extractions transforms

How to get data into splunk?

Splunk 8.0.2 Docker environment variable or defaul.yml setting for python.version = python3

Can I manually rename an index homePath with existing data?

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

Splunk Universal Forwarders audit logs merged - audit.conf configuration

How to set up a Universal Forwarder to allow it to receive logs via the REST API?

Unable to pull backlog data through TA-ms-loganalytics.

Blacklist windows event log by Host Application field

Display JSON as list, not table

I want to monitor my email directory

Search query does not return any values

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions