Getting Data In

Thread Info

Recommended R-Syslog equivalent collector for Windows systems.

Hello, We have a relatively small network on a remote location that needs to forward logs onto our Splunk Instanc...

by Engager in

How to send data to different index if packet broker tags events

Hi, i have a setup where a packet broker is sending multiple data streams to a universal forwarder. I need to unde...

by Explorer in

Need help in parsing the CPU info with REX

I have been dumped with events what appears to be memory info. memTotalMB memFreeMB memUsedMB memFreePct mem...

by Contributor in

How to send data to HEC using Java SDK?

I'm looking for sample code that I can use to send json from my java app into the HEC. I'm having trouble connecting ...

by Contributor in

Forwarding data from Heavy forwarder to syslog server

I setup syslog output forwarding per the Splunk docs, but am not seeing anything being sent out nor receiving it on t...

by Builder in

Can multiple wildcards be used in host:: stanza in props.conf?

Is it possible to use multiple wildcards in the host:: stanza in the props.conf file? [host::svr-*-blah-*] TRANSFO...

by Contributor in

Increase use core by splunk

Hi all, I am using Heavy forwarder (splunk version 8.0.1 and os-windows) to ingest .zip log files but I could see ver...

by Builder in

Index a file according to the modify time only

I have files uploaded to the NT share The file is indexed and will be updated daily by QC system Most of the time t...

by Contributor in

how to find splunkd.log at windows server 2008 until 2016

server after restart splunk services few days later still happen not phone home between server to splunk Enterprise. ...

by New Member in

How can I prevent reindexing events after a reinstall of universal forwarder

I am working on a docker for a universal forwarder. The docker worked well until I reconfigured it for automatic rest...

by Path Finder in

6.1.3 forwarder compatibility

I have a 6.1.3 forwarder installed on Windows XP with a 6.5.3 Indexer installed on Windows 10. I am unable to receive...

by New Member in

Automatic lookup to match hostnames with and without FQDN

Hello, I need to generate an automatic lookup to match certain hosts for a project i'm working on. the thing is, I...

by Communicator in

Compare The Actual Start Time to The Expect Start Time

I need a query that will compare run statistics from a list of jobs (msg.jobName = RLMMTP*) that run everyday. The st...

by Engager in

How to configure universal forwarder to ignore a directory

Hello, I currently have a Splunk universal forwarder on a few of my windows servers. The UF config is received by my ...

by Path Finder in

HEC not giving JSON output when using python

I am fairly new to python and I am trying to use a python script to get the health of my HEC in JSON format. When ...

by Explorer in

Need help with inputs.conf

Hello I have some directories that I need to monitor. Using updated inputs for the TA_nix app I am adding syslog/l...

by Communicator in

different results searching json data depending on app

I am ingesting JSON data via the HEC on a HeavyForwarder, but when I query the data in SplunkCloud, I have different ...

by Path Finder in

Universal Forwarder don't write events to persistent queue with graceful service shutdown

I'm using distributed Universal Forwarders in remote location in order to collect events from remote sites. To preven...

by Explorer in

Sourcetype changes when we moved from loginsight to syslog-ng

Hi, It would be great if some out there has a better understanding of source typing than I could give us some help. ...

by New Member in

Build table by char position in string

Hi, I´ve got this event -> 2020/02/14/16:12:28:872 MachineNumber="K003991_HT" Pass="FPPPPPPFPPPPPPPPPPPPP...

by New Member in

Alfresco logs to Splunk Cloud

Our Servers are located in Private Subnets in EC2 instances on AWS. The Platform/Software that we are using is called...

by Contributor in

REST servicesNS reload index conf

We need the ability , from CLI (Linux) to reload indexes.conf. I run the command below and it succeeds. curl -X PO...

by Contributor in

How to Schedule a job to delete 30 days older records from KV Store?

Hi All, I have created a KV store which receives 100,000 records daily. I need only 30 days of historical data to...

by Explorer in

Not able to see VMWare related fields in splunk

Hi, I am trying to build dashboard which will list performance stats for VMWare like CPU, Memory and Storage utliz...

by Engager in

when a setup a blacklist in input.conf, will it decrease the usage of license?

As I asked, if I setup a blacklist to deny some logs, does the dropped logs still occupy the license quota?

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Recommended R-Syslog equivalent collector for Windows systems.

How to send data to different index if packet broker tags events

Need help in parsing the CPU info with REX

How to send data to HEC using Java SDK?

Forwarding data from Heavy forwarder to syslog server

Can multiple wildcards be used in host:: stanza in props.conf?

Increase use core by splunk

Index a file according to the modify time only

how to find splunkd.log at windows server 2008 until 2016

How can I prevent reindexing events after a reinstall of universal forwarder

6.1.3 forwarder compatibility

Automatic lookup to match hostnames with and without FQDN

Compare The Actual Start Time to The Expect Start Time

How to configure universal forwarder to ignore a directory

HEC not giving JSON output when using python

Need help with inputs.conf

different results searching json data depending on app

Universal Forwarder don't write events to persistent queue with graceful service shutdown

Sourcetype changes when we moved from loginsight to syslog-ng

Build table by char position in string

Alfresco logs to Splunk Cloud

REST servicesNS reload index conf

How to Schedule a job to delete 30 days older records from KV Store?

Not able to see VMWare related fields in splunk

when a setup a blacklist in input.conf, will it decrease the usage of license?

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions