Getting Data In

Thread Info

How to forward logs from universal forwarders to heavy forwarders for filtering before routing to indexers?

Hi Guies, We have multiple universal forwarders and 3 heavy weight forwarders. Currently all UFs are forwarding lo...

by Path Finder in

Linebreaking Failure - BREAK_ONLY_BEFORE_DATE

So here's a new one. I have an input (OpenLDAP Audit Logs). Each event (from #modify to #end modify) is generated at ...

by SplunkTrust in

Split _raw field

Hello there, I'm new to Splunk, and I have setup an alert to that returns some field including _raw field. The th...

by Explorer in

Is there any way to find out that my sourcetype is reading props

Is there any way to find out that my sourcetype is reading props? does it have any logs to check that whats all props...

by Loves-to-Learn in

Does anybody have experience monitoring Intersystems Cache with Splunk?

If so, what are the details of your implementation? I am interested in monitoring Cache processes with Splunk.

by SplunkTrust in

Is there an Integration between Spark and Splunk?

Hello everyone, I want to integrate Spark and Splunk, using Spark to process searches faster. With Splunk Analy...

by Explorer in

How to monitor data retention policy and tweak accordingly.

I've searched but havent yet been able to find the answer. We have a clustered index setup, and lots of data going in...

by Path Finder in

Splunk Daemon and Solarwinds

Hi everyone, We are looking into the possibility of another way to monitor the Splunk universal forwarders on our ...

by Path Finder in

advice for when you have more than 100 automatically extracted fields?

It seems that if you have a lot of fields being extracted automatically, like via INDEXED_EXTRACTIONS=csv or via auto...

by SplunkTrust in

Does UF 7.2.8 is compatable with RHEL 8

Does UF 7.2.8 is compatable with RHEL 8 ? Please let me know the minimum version of the UF agent that is compatible w...

by Path Finder in

log to metric from the output of a script

we are utilizing log2metrics in the form of a script writes a csv file, then Splunk reads that csv file and converts ...

by New Member in

How do I blacklist events with a field containing a specific value?

I have a set of JSON data and I would like to ignore (blacklist) all events where the field "id.orig_h" contains the ...

by Loves-to-Learn Everything in

CSV date being replaced/not parsed correctly

Let's say I have a CSV with the following spanning 10 years: Date | Time | Value 2020-05-01 4:00:00 PM 49.88 If...

by Splunk Employee in

Including log events from Microsoft Direct Access

Hi, We would like to forward log events from a Microsoft Direct Access server into Splunk. I've installed the univ...

by Path Finder in

How to tell when it's safe to query the API about a newly created user?

When using SSO with clustered search heads, users who lose SSO access leave behind knowledge objects and directories ...

by Path Finder in

Frozen Index Management

Is there an app/script/mechanism out there that would allow you to list your available frozen indices by their human ...

by Builder in

universal fowarder

I am not finding universal fowarder that supports windows 2012 , NT 6.2 version ??

by Explorer in

No data from indexes in cloud search head

Hi everyone, I could really use some input from you all. I am using Splunk cloud in my environment, with a deploym...

by Path Finder in

perfmon issue with %ProcessorTime scaling/max for a specific process

I am using the Universal Forwarder to collect information on a Java Process. When monitoring "% Processor Time" for a...

by New Member in

sizing cluster

Good afternoon I know that there is official information regarding the maximum number of concurrent searches, s...

by Path Finder in

Best Practice for Creating New Sourcetype - Splunk Cloud

Hi All, I'm a new Splunk admin working inside of a pretty large Splunk Cloud environment. Historically, the folks ...

by Path Finder in

Forwarder only reads file if i save it, ignores when script saves it

Hello everyone, I have Splunk Universal Forwarder running on a server watching a few files for changes. Log data i...

by Explorer in

How can I monitor hidden file and folder creation on a windows host/server ?

I am looking for a query that will help me monitor hidden file and folder creations on Linux/Win boxes. Can the co...

by Path Finder in

REST API Saved Searches POST Duplicating Searches

I'm trying to use the REST API to update a large number of alerts/saved searches across multiple environments. Specif...

by Loves-to-Learn Lots in

Has anyone successfully gathered logs from WSUS?

HI all, Just wondering if anyone here has been successful in getting logs out of WSUS that shows: number of hos...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to forward logs from universal forwarders to heavy forwarders for filtering before routing to indexers?

Linebreaking Failure - BREAK_ONLY_BEFORE_DATE

Split _raw field

Is there any way to find out that my sourcetype is reading props

Does anybody have experience monitoring Intersystems Cache with Splunk?

Is there an Integration between Spark and Splunk?

How to monitor data retention policy and tweak accordingly.

Splunk Daemon and Solarwinds

advice for when you have more than 100 automatically extracted fields?

Does UF 7.2.8 is compatable with RHEL 8

log to metric from the output of a script

How do I blacklist events with a field containing a specific value?

CSV date being replaced/not parsed correctly

Including log events from Microsoft Direct Access

How to tell when it's safe to query the API about a newly created user?

Frozen Index Management

universal fowarder

No data from indexes in cloud search head

perfmon issue with %ProcessorTime scaling/max for a specific process

sizing cluster

Best Practice for Creating New Sourcetype - Splunk Cloud

Forwarder only reads file if i save it, ignores when script saves it

How can I monitor hidden file and folder creation on a windows host/server ?

REST API Saved Searches POST Duplicating Searches

Has anyone successfully gathered logs from WSUS?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions