Getting Data In

Thread Info

What are the pros and cons of running thousands of UFs as root

We have thousands of UFs running as Unix root and we have discussions whether to keep it like that or run the UFs as ...

by Motivator in

How to group multiple machines and user session time into a readable chart

Hi all! I am currently working on a dashboard metrics project that involves me attempting to create a dashboard pa...

by New Member in

Service item.update causes modular input to restart

In my modular input I want to update a configuration setting between runs so I don't poll for the same data again and...

by New Member in

Help with converting epoch to human readable at index time

I have json format data with a field called uploadDate .This has values like /Date(1584037059228)/ , /Date(1584033289...

by Builder in

How to send a specific index from one indexer to another without a heavy forwarder

So we have a client system that has their own Splunk indexer. For certain reasons they do not want their splunk univ...

by Explorer in

How to assign "source" during a search after a conditional statement?

I am creating a dashboard to show all Linux command line history per user and I would like to create an input where y...

by Communicator in

Is it possible to install multiple Universal Forwarders on Windows?

Can I install multiple Universal Forwarders on Windows?

by Engager in

Splunk Cloud: How to ingest data using API?

Is there a way to ingest data in Splunk using API (and without universal forwarder) if data is captured by native age...

by Communicator in

Why does service.export REST API fail when _raw is not excluded?

Using Java API and requesting a streaming export from Splunk a search like this: search index="client_ndx" sourcet...

by New Member in

Support for multiple CA for universal forwarder to heavy forwarder connections

We are working with mutiple platforms that will send log data to heavy forwarders. We want to encrypt and if possible...

by Explorer in

Power consumption logging logger

Hello, everyone! I need to understand how much power usage my pc,servers,network devices (consumption). I want to mon...

by New Member in

Time Range Picker doesn't apply to search, but modifiers work

Hello everyone, I'm faced with an issue of using Time Range Picker. When I put into search bar with this "sourcetype...

by Observer in

Monitoring Polycom syslog with Splunk

Hi all, We are trying to analyze the Syslog from Polycom, such as server.log, access.log, etc. However, we don...

by Splunk Employee in

how to send the local file using splunk forwarder docker image?

splunkuniversalforwarder: image: splunk/universalforwarder environment: - SPLUNK_START_ARGS=--accept-license - SPLUNK...

by New Member in

Index entire file content as one event

I am trying to index a file and i dont see why the events are broken. I have tried defining line breaker setting both...

by Communicator in

I am a Splunk Cloud customer. I would like access to the API. What do I need to do?

I have a single-instance (rainmaker) deployment, how do I gain access? I have a large (stackmaker) deployment, how do...

by Splunk Employee in

How to extract a JSON value based on a condition

I have payload as below and I need the StartTime and EndTime values where the payload has the first IsAvailable is eq...

by Engager in

how can I use log filename to set "host" "date"

Hi I have log files like this: log.machine03.20200310.bz2 log.machine04.20200310.bz2 log.machine05.20200310.bz2 ...

by Motivator in

Quiestions about Determine forwarder-indexer compatibility.

Hi team! I am preparing an update process and there is likely to be a mismatch of versions between the indexer and...

by Path Finder in

How to split multiline event on output

Hi, I have windows XML logs in input of my Heavy Forwarder (via the universal forwarder with the TA_windows). W...

by New Member in

Is there a REST API for putting a Cluster Master into Maintenance mode?

I was just curious about this since I couldn't find anything on it in the following page: https://docs.splunk.com/...

by Path Finder in

Http Collector Cloud Trial - 406 Not Acceptable

Hello, I'm trying out the Splunk Http Event Collector but not able to make a request! curl "https://myinstance1...

by New Member in

output syslog blocked at 1000 characters

Hi, I want tu use syslog-ng to send windows logs from a heavy forwarder to an indexer. But I got a problem, the me...

by New Member in

Compare splunk query with lookup and output the what is different in the query

I have a splunk query that gives me the different values of an appid and csv file which has a single field called app...

by Builder in

How can I mask the values for two identical keys in a multi-line event at index time?

I have a multiline event with two identical keys that I need to mask values for, as shown below. I am NOT especially ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

What are the pros and cons of running thousands of UFs as root

How to group multiple machines and user session time into a readable chart

Service item.update causes modular input to restart

Help with converting epoch to human readable at index time

How to send a specific index from one indexer to another without a heavy forwarder

How to assign "source" during a search after a conditional statement?

Is it possible to install multiple Universal Forwarders on Windows?

Splunk Cloud: How to ingest data using API?

Why does service.export REST API fail when _raw is not excluded?

Support for multiple CA for universal forwarder to heavy forwarder connections

Power consumption logging logger

Time Range Picker doesn't apply to search, but modifiers work

Monitoring Polycom syslog with Splunk

how to send the local file using splunk forwarder docker image?

Index entire file content as one event

I am a Splunk Cloud customer. I would like access to the API. What do I need to do?

How to extract a JSON value based on a condition

how can I use log filename to set "host" "date"

Quiestions about Determine forwarder-indexer compatibility.

How to split multiline event on output

Is there a REST API for putting a Cluster Master into Maintenance mode?

Http Collector Cloud Trial - 406 Not Acceptable

output syslog blocked at 1000 characters

Compare splunk query with lookup and output the what is different in the query

How can I mask the values for two identical keys in a multi-line event at index time?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions