Getting Data In

Discussions

Thread Info

Universal Forwarder on Windows: Errors with Splunk Indexer (SSL).

So I have a Universal forwarder installed on a Windows system (v7.3.3) and I have it set up to communicate with my Sp...

by New Member in

Can't install universal forwarder on windows server 2012 R2

When I run the MSI installer for the universal forwarder on a clean install of windows server 2012 R2, I'm getting th...

by New Member in

Call for review - Chrome/Firefox Extension to format XML Logs

Hello everyone, I published a chrome/firefox extension to format XML Based Events and i want to share it with you....

by Path Finder in

Windows Universal Forwarder unable to read log files

Hi all, In our environment, we have several Windows UF managed by a deployment server. We didn´t apply any change ...

by Path Finder in

Index earliest data still moving after increasing index size.

Hello, A few days ago I had a problem with an index. The index_size_max was equal to the index_size, with the defa...

by Observer in

Can't determine universal forwarder service account

Hi, I've inherited a poorly documented splunk deployment that seems to have been misconfigured. the universal forw...

by Path Finder in

Load Balancing Splunk using F5 Load balancer

I have a client requirement to use F5 Big IP LB for load-balancing the splunk data collection. Can anyone help me wit...

by Explorer in

How come our API results are only returning the first 100 results for metadata?

I'm trying to get the number of hosts reporting to Splunk via API, but the a normal curl -k is only able to return 10...

by Explorer in

Duplicate labels causing conflict

I have this problem on my dashboard, "Duplicate labels causing conflict" what would be the cause of this? I have chec...

by Explorer in

How to limit heavy forwarder bandwidth in limits.conf?

Hello guys, is it possible to limit Heavy forwarders bandwidth like UF (setting [thruput] in limits.conf for forwa...

by Motivator in

Data Archiving and Retirement

I am trying to configure a new instance of splunk, my requirements for data retention are: Searchable 14 daysArchi...

by Explorer in

retention policy on log files

Hi, I want to implement retention policy on log files, in the doc https://docs.splunk.com/Documentation/Splunk/8.0.3/...

by Explorer in

Splunk AWS Heavy Forwarder Web link not accessible.

Hi All, I am unable to login to Splunk Heavy Forwarder weblink access. and it showing that the page is not display...

by New Member in

http event collector looks disabled | no action to enable

Using Splunk Cloud - After adding first http event collector the status shows disabled, actions do not show a enable ...

by New Member in

Having trouble deleting identities.conf file using API (Error: authentication failed/ method not allowed).

Hi Team, I am trying to use below command to delete the identities.conf file /opt/splunk/etc/apps/splunk_app_db_co...

by Explorer in

What is the backup plan for Splunk HTTP Event Collector implementation if indexers have issues?

Hi All, Can you please let me know what approach and steps would be in case the Splunk HEC implementation on index...

by Communicator in

Why is maxKBps in limits.conf limited to 258 even though default is 0?

Although the docs and my ./default/limits.conf say maxKBps = 0 (ie unlimited), I am receiving a INFO log entry in spl...

by Path Finder in

How can we monitor CSV file ?

Hello splunker, we have one test case in which we have to monitor one csv file(1K records) for any change. If we a...

by Path Finder in

Why does introspection on a Splunk 6.3.3 AIX universal forwarder not give data on Resource usage (PerProcess, Hostwide, or Dispatch)?

Hi. After having enabled introspection_generator_addon on a Universal Forwarder on AIX, I get data for partion and...

by Contributor in

Logging for Microsoft Dynamics 365

Does anyone have any guides around pulling down Dynamics 365 logs? I already have o365 logs being pulled down but I'm...

by Explorer in

how much Splunkd of the universal forwarder uses windows memory and CPU?

Hi all, I installed Splunk universal forwarder on windows 2016. Is it possible to get a log of how much Splunkd...

by Path Finder in

100% use of my events.

Hello community. I have a query and I don't know if what I'm thinking can be achieved and how or if Splunk already...

by Path Finder in

Why is the processing missing data in Splunk_TA_NIX Process Monitoring?

Hi, we are using the Splunk_TechnologyAdd-on(TA)_Linux(NIX) for process Monitoring. Recently I noticed that not al...

by Splunk Employee in

Parsing JSON file

Hi everyone, I'm having an issue with a JSON file. The thing is, I have to extract some evaluations that the file doe...

by Explorer in

Splunk Parser Ignore Datetime and Host Fields

Hello, I'm struggling with finding a parser in splunk for the following log: May 20 12:22:21 127.0.0.1 {"rootId...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal Forwarder on Windows: Errors with Splunk Indexer (SSL).

Can't install universal forwarder on windows server 2012 R2

Call for review - Chrome/Firefox Extension to format XML Logs

Windows Universal Forwarder unable to read log files

Index earliest data still moving after increasing index size.

Can't determine universal forwarder service account

Load Balancing Splunk using F5 Load balancer

How come our API results are only returning the first 100 results for metadata?

Duplicate labels causing conflict

How to limit heavy forwarder bandwidth in limits.conf?

Data Archiving and Retirement

retention policy on log files

Splunk AWS Heavy Forwarder Web link not accessible.

http event collector looks disabled | no action to enable

Having trouble deleting identities.conf file using API (Error: authentication failed/ method not allowed).

What is the backup plan for Splunk HTTP Event Collector implementation if indexers have issues?

Why is maxKBps in limits.conf limited to 258 even though default is 0?

How can we monitor CSV file ?

Why does introspection on a Splunk 6.3.3 AIX universal forwarder not give data on Resource usage (PerProcess, Hostwide, or Dispatch)?

Logging for Microsoft Dynamics 365

how much Splunkd of the universal forwarder uses windows memory and CPU?

100% use of my events.

Why is the processing missing data in Splunk_TA_NIX Process Monitoring?

Parsing JSON file

Splunk Parser Ignore Datetime and Host Fields

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions