Getting Data In

Ask a Question

Discussions

Thread Info

Connecting JMS Modular Input to Remote IBM MQ Exception

Trying to access IBM MQ topic or queue using JMS modular input, defined input.conf as [jms://topic/:MyTopic1] init...

by New Member in

Setup.xml handle save (POST) to a scripted input error

So here are the details. I have an app called myapp. under myapp/default I have a setup.xml defined like this ...

by New Member in

Transform to exclude lines in a log and keep the rest

Hi, I need to import a log file in to Splunk however I want to exclude a certain type of entry. The entry to be ignor...

by New Member in

Unable to see vmware esxi syslog in splunk

we are forwarding vmware esxi syslog to splunk by using heavy forwarder. we have not installed any universal forwarde...

by New Member in

need help in time conversion

Currently am having a code that converts the time value to a formatted way. | rename _time as Time_CST | fieldf...

by Communicator in

CSV Input, duplicates values

I am monitoring my PKI certificates with a PowerShell script which returns the number of valide days for each certifi...

by Explorer in

steps to move universal forwarder from oracle database server to other without loosing any app config/setting

I am new to splunk, can i get advice on moving splunk universal forwarder from one db host to another. I am looking f...

by New Member in

Wrong indexed fields.

Hi, I want to index this csv file: run_time;field1;field2;field3;field4;field5;field6;field7;field8; 80s;"iFiel...

by Contributor in

Regex parse message to multiple lines help

I have a below message: [32minfo[39m: [Clean Storage] brand/market/testing1.html, brand/market/testing2.html, brand/...

by Engager in

Splunk_TA_esxilogs - Why Verbose and Trivia Log are set to NullQueues in transforms.conf

Hi Splunk Support Team, We have utilized the vmware app add-on Splunkbase Splunk_TA_esxilogs and just want to un...

by Engager in

LINE_BREAKER keep the line breaking regex string

Hi team, I have logs like this: This is Tom This is Amy This is David This is Ben I want the line breaking ...

by Contributor in

Need your help once again - Index file, json with EPOCH time

"grid_w":1693,"solar_pct":0,"epoch":1586824635}} I need to ingest a JSON file with epoch time stamps.. its timest...

by Path Finder in

splunk universal forwarder not monitoring all files in a folder

Same version of splunk forwarder (8.0.2) on 2 linux servers are behaving differently. One lists all files under a ...

by New Member in

Splunk Install in Forwarder Mode and Props

Hi, I want to preface I understand that props isn't fully processed if you install it on the universal forwarder. ...

by Communicator in

Splunk Add-on for Blue Coat ProxySG: Has anyone have props.and transforms to work properly for Bluecoat 6.7.3.5 log formatting?

Hi Experts Splunk Add-on for Blue Coat ProxySG: Has anyone gotten the props and transforms to work properly for Bluec...

by Loves-to-Learn Everything in

How to send journal logs to splunk ?

How do i send journal logs to splunk?? journalctl -u servicename Here journal logs are raw logs. Will splunk re...

by New Member in

Setnull and Setparsing

I am using SETNULL and SETPARSING to include and exclude log events. Here is the files - Props.conf [OktaIM2:log]...

by Path Finder in

Order of execution / precedence of multiple TRANSFORMS

consider: Log: 2020-04-01 10:20:30 firstabc secondxyz props.conf [test] REPORT-a = report_a, report_b ...

by Motivator in

parsing mix of json and other type without Splunk query

if the field is mix of json and some other type. is it possible to parse the field at index time or search time witho...

by Path Finder in

Can we index data to Splunk which is from custom search command?

Hello all,I have an add-on with written a custom search command and I wanted to know in How can I push the results of...

by Explorer in

REST API - Unauthorized error

I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-...

by New Member in

Splunk Enterprise Trial version - Need to change the index name

Hi, I have downloaded Splunk enterprise Trial version for Windows 64 bit. Only the Search Head is accessible?I cre...

by Builder in

What is the proper use of props.conf for timestamp conditional mapping

Hello, I have the following data in plain text format that contains several datetime values, it looks like this : ...

by Loves-to-Learn Lots in

Number of events in logs after migrating to Exchange 2016

We recently added Exchange 2016 to our Exchange environment and moved all mailboxes/pubic folders to it. We have a...

by Path Finder in

Which props.conf for my .csv ?

Hi I have a .csv file without header but with fixed fields which i would like to send to my Splunk server with the...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Connecting JMS Modular Input to Remote IBM MQ Exception

Setup.xml handle save (POST) to a scripted input error

Transform to exclude lines in a log and keep the rest

Unable to see vmware esxi syslog in splunk

need help in time conversion

CSV Input, duplicates values

steps to move universal forwarder from oracle database server to other without loosing any app config/setting

Wrong indexed fields.

Regex parse message to multiple lines help

Splunk_TA_esxilogs - Why Verbose and Trivia Log are set to NullQueues in transforms.conf

LINE_BREAKER keep the line breaking regex string

Need your help once again - Index file, json with EPOCH time

splunk universal forwarder not monitoring all files in a folder

Splunk Install in Forwarder Mode and Props

Splunk Add-on for Blue Coat ProxySG: Has anyone have props.and transforms to work properly for Bluecoat 6.7.3.5 log formatting?

How to send journal logs to splunk ?

Setnull and Setparsing

Order of execution / precedence of multiple TRANSFORMS

parsing mix of json and other type without Splunk query

Can we index data to Splunk which is from custom search command?

REST API - Unauthorized error

Splunk Enterprise Trial version - Need to change the index name

What is the proper use of props.conf for timestamp conditional mapping

Number of events in logs after migrating to Exchange 2016

Which props.conf for my .csv ?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions