Getting Data In

Ask a Question

Discussions

Thread Info

Time Prefix Question

Hello All I have a time prefix question Here is my timestamp May 20 10:59:30 svr-orw-nac-01 2020-05-20 17:59...

by Contributor in

How to extract Message field from a new WinEventLog source?

Hi, Splunk is unable to parse the Message field for a new WinEventLog source. These are AD changes(Recorded by Cha...

by Builder in

Monitoring unique log files

What is the best way to monitor log files that are unique to a host? For example, if hosta has log.x, and hostb has ...

by New Member in

How to stop Splunk forwarder from re-indexing files when I edit them with vi?

Splunk forwarder is re-indexing files when I edit them with vi. Has anybody seen this before? I have used the belo...

by Path Finder in

can i install heavy forwarder on my windows server ?

to integrate my mcafee with splunk ,sould i need to install heavy forward on my windows server

by New Member in

SNMP polling error

Have problem with snmp polling. I have 140 servers, which cpu i must monitor, and use snmp polling for it. But from 1...

by Path Finder in

How to forwarded logs from Splunk to MCAS

Hi What will be the best way to implement the below request ? We need to configure the some logs to be forwarde...

by Contributor in

Universal Forwarder not reading user-seed.conf (version 7.2.6).

I have read other articles but haven't found an answer. I recently pushed the universal forwarder to Windows clie...

by Explorer in

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

I am trying to enable encryption of the traffic from all of my universal forwarders to the indexer. Looks like this i...

by Communicator in

Conditional execution of transforms based on property of event

Does anyone know of a way to control execution of transforms based on a non-metadata property of an event? I have...

by Builder in

Clone Splunk Indexer?

Hey All, Off the wall question and was curious if anyone has tried this or not and if its advisable. Looking to ad...

by Builder in

How to index data from a single server when the log path is in a shared drive?

Hi All, I am facing the below issue: I am reading few log sources (monitor) from the 3 servers, Server1, Server2 a...

by Explorer in

Different sourcetype with one hostname

We have a series of logs from different devices such as (Firewall .waf. antivirus,...) that come from syslog server t...

by Explorer in

Debug HEC input

How debug HEC input? To see incoming JSON?

by New Member in

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

I need some help getting me config right in pros.conf. When the data comes I can see the _time is not set to the v...

by Explorer in

What is included in HEC introspection data?

I'm ingesting data via HEC and I know there is data about it in _introspection, but I don't know what I'm looking at ...

by Contributor in

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

I have a couple of apps that I am trying to update on my Indexer (TA's) and am constantly seeing a 400 bad request er...

by Explorer in

Indexer Splunkd services are not able to run

In indexer cluster environment one of the Indexer got stopped unable to start/restart C:\Windows\system32>d: D:>cd sp...

by Path Finder in

.bash_history

I have multisite environment and I want to monitor all the ssh user commands through .bash_history. for that purpose ...

by New Member in

Result of the report using rest api

Hi, How can i fetch result of an existing report in Splunk (report already executed) using a rest API. The report ...

by New Member in

Filtering NULL values after STATS

Hello Splunkers, First of all, than you all for such great community. I have a question. I am running a query i...

by New Member in

Metrics Button Share

All, After installing the Anlaytics Workspace app I would like the metrics button to appear in one of my custom a...

by Builder in

How to change time zone from EST to CET on schedule searches ?

Hi all, I have found all schedule searches are running on EST instead of CET timezone, if i go and props.conf in /...

by Engager in

Need to remove prefix from json array.

Need to remove prefix from json array. I want to remove everything before {"id" {"@odata.context":"https://graph.m...

by Explorer in

input for splunk

Hi, I should monitor a log file in a Splunk all-in-one windows-based. This file contains a sequence of rows with a ti...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Time Prefix Question

How to extract Message field from a new WinEventLog source?

Monitoring unique log files

How to stop Splunk forwarder from re-indexing files when I edit them with vi?

can i install heavy forwarder on my windows server ?

SNMP polling error

How to forwarded logs from Splunk to MCAS

Universal Forwarder not reading user-seed.conf (version 7.2.6).

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

Conditional execution of transforms based on property of event

Clone Splunk Indexer?

How to index data from a single server when the log path is in a shared drive?

Different sourcetype with one hostname

Debug HEC input

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

What is included in HEC introspection data?

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

Indexer Splunkd services are not able to run

.bash_history

Result of the report using rest api

Filtering NULL values after STATS

Metrics Button Share

How to change time zone from EST to CET on schedule searches ?

Need to remove prefix from json array.

input for splunk

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions