Getting Data In

Thread Info

Universal Forwarder not reading user-seed.conf (version 7.2.6).

I have read other articles but haven't found an answer. I recently pushed the universal forwarder to Windows clie...

by Explorer in

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

I am trying to enable encryption of the traffic from all of my universal forwarders to the indexer. Looks like this i...

by Communicator in

Conditional execution of transforms based on property of event

Does anyone know of a way to control execution of transforms based on a non-metadata property of an event? I have...

by Builder in

Clone Splunk Indexer?

Hey All, Off the wall question and was curious if anyone has tried this or not and if its advisable. Looking to ad...

by Builder in

How to index data from a single server when the log path is in a shared drive?

Hi All, I am facing the below issue: I am reading few log sources (monitor) from the 3 servers, Server1, Server2 a...

by Explorer in

Different sourcetype with one hostname

We have a series of logs from different devices such as (Firewall .waf. antivirus,...) that come from syslog server t...

by Explorer in

Debug HEC input

How debug HEC input? To see incoming JSON?

by New Member in

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

I need some help getting me config right in pros.conf. When the data comes I can see the _time is not set to the v...

by Explorer in

What is included in HEC introspection data?

I'm ingesting data via HEC and I know there is data about it in _introspection, but I don't know what I'm looking at ...

by Contributor in

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

I have a couple of apps that I am trying to update on my Indexer (TA's) and am constantly seeing a 400 bad request er...

by Explorer in

Indexer Splunkd services are not able to run

In indexer cluster environment one of the Indexer got stopped unable to start/restart C:\Windows\system32>d: D:>cd sp...

by Path Finder in

.bash_history

I have multisite environment and I want to monitor all the ssh user commands through .bash_history. for that purpose ...

by New Member in

Result of the report using rest api

Hi, How can i fetch result of an existing report in Splunk (report already executed) using a rest API. The report ...

by New Member in

Filtering NULL values after STATS

Hello Splunkers, First of all, than you all for such great community. I have a question. I am running a query i...

by New Member in

Metrics Button Share

All, After installing the Anlaytics Workspace app I would like the metrics button to appear in one of my custom a...

by Builder in

How to change time zone from EST to CET on schedule searches ?

Hi all, I have found all schedule searches are running on EST instead of CET timezone, if i go and props.conf in /...

by Engager in

Need to remove prefix from json array.

Need to remove prefix from json array. I want to remove everything before {"id" {"@odata.context":"https://graph.m...

by Explorer in

input for splunk

Hi, I should monitor a log file in a Splunk all-in-one windows-based. This file contains a sequence of rows with a ti...

by Explorer in

How can we restrict computer owners from injecting more data into splunk?

How can we restrict computer owners from injecting more data into splunk?. We have around 1000 computers which report...

by New Member in

What is the maximum size of the csv.gz file that can be generated in Splunk and sent to an external server by SCP?

We're sending CSV files from Splunk to an external server. The files are compressed (.gz format). What is the max...

by New Member in

how to sum the machine OS in a JSON file

Hi Guys, I have a JSON file for OS type in some cluster like below: { "clusterA": ubuntu, "clusterA": ubuntu, "...

by Explorer in

Why does installing a forwarder using msiexec keeps failing?

We are installing a forwarder to new workstations using the command below; *msiexec /i "splunkforwarder-7.0.0-c8a7...

by Splunk Employee in

How to check how many hosts are connecting (sending logs) to Splunk Forwarder

Hi Guys, We have a remote site with a Splunk forwarder installed. How to check how many hosts are connecting (send...

by Explorer in

Perfmon sending logs to the wrong indexer

I have a single instance deployment. I have a server that is sending Perfmon logs to my main index but I never told i...

by Communicator in

syslog server set-up

Hi, As a temporary measure (for 3 months), we have been asked to set-up one of the splunk server (HF) to work as s...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Universal Forwarder not reading user-seed.conf (version 7.2.6).

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

Conditional execution of transforms based on property of event

Clone Splunk Indexer?

How to index data from a single server when the log path is in a shared drive?

Different sourcetype with one hostname

Debug HEC input

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

What is included in HEC introspection data?

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

Indexer Splunkd services are not able to run

.bash_history

Result of the report using rest api

Filtering NULL values after STATS

Metrics Button Share

How to change time zone from EST to CET on schedule searches ?

Need to remove prefix from json array.

input for splunk

How can we restrict computer owners from injecting more data into splunk?

What is the maximum size of the csv.gz file that can be generated in Splunk and sent to an external server by SCP?

how to sum the machine OS in a JSON file

Why does installing a forwarder using msiexec keeps failing?

How to check how many hosts are connecting (sending logs) to Splunk Forwarder

Perfmon sending logs to the wrong indexer

syslog server set-up

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Observability Professionals: Build Resilience and Visibility with These .conf25 ...

See just what you’ve been missing | Observability tracks at Splunk University

Why is Splunk Universal Forwarder unable to interp...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions