Getting Data In

Discussions

Thread Info

JSON is one huge single entry - Is there a way to break it apart in Splunk?

Hello. We just installed the REST API Modular Input App into Splunk in order to capture Dynatrace logs from the Dynat...

by Path Finder in

Error : Bug during applyPendingMetadata, header processor does not own the indexed extractions confs

While indexing csv files, splunk is not indexing some of my csv files showing below error in Splunkd.log Error : 0...

by Path Finder in

Splunk website monitoring timeout

I am getting the below error when trying to add new url for website monitoring app. Encountered the following erro...

by New Member in

Exclude certain log with specific attribute from a search that has mutiple sources

I am trying creating a report that will run on schedule which combines different sourcetype to run from the datamodel...

by Explorer in

How to create table from large JSON data?

I've got a large JSON result from an API of the results from multiple domains {"success": true, "message": "OK", "...

by Path Finder in

How to parse/index only json entry from raw data which are in non-uniform pattern?

by New Member in

Powershell Logging and ingesting to Splunk

Hello! I am very interested in turning on Powershell logging in my environment and then sending those logs to Splunk....

by Explorer in

Dynamic SNMP OID - Convert ASCII number to Text Value

Let me start by admitting there are likely a half dozen better ways to ingest the data but I don't have access to cha...

by Engager in

Hot buckets filling up

I have 36 indexers each with 2.7gb of space. There are currently 29 of the 36 at capacity and keeping entering abnorm...

by Engager in

Whitelist/Blacklist Event ID using Forwarder Management

I am running Splunk Enterprise 7.1.1 and testing how the Forwarder Management uses the Serverclass.conf for Event ID ...

by Engager in

Need CPU and Memory peak utilization of multiple VM's

Hi All, I am very new to Splunk. My organisation uses Splunk for all infra monitoring, I am trying to get the "Pea...

by New Member in

Search the data from a xml based log file based on the condition

Hi, I am trying to search and display the data from a xml based log file with the matching condition. My XML is like ...

by New Member in

Time zone conversion.

Hello, please help on below query i have data that start time and end time in system location but users are in ...

by Loves-to-Learn in

What does Splunk-perfmon.exe need to write to registry keys?

Have an antivirus reporting some writing attempts from process splunk-perfmon.exe to the following registry keys: ...

by Splunk Employee in

Help with SEDCMD-drop

Here is my issue, i have logs that look like this: <--CT<-- -------------------------------------------------- 10:...

by Contributor in

Blacklist format

-- I want to see events of 4648. I want to filter out certain ones. Is my stanza configured correctly? \etc\system...

by Engager in

Whitelist bad logon

I want to whitelist events when users put the password in the logon window during login. See example below, note the ...

by Engager in

help on CSV default limit issue

hi If I launch the files separately, I have results But since a few days, I am unable to cross the data between th...

by Motivator in

Fully disable perfmon

Hello all, I am trying to fully disable perfmon from our splunk instance as we don not use this data to monitor an...

by Explorer in

Cisco Networks App - no results found, open in search does show results

Hi, I'm having an issue with some dashboard of the Cisco Network App. Take for example the routing dashboard. Ther...

by Loves-to-Learn Lots in

Unable to move index database to another drive in Windows Server 2019

Hey Guys! I am very new to Splunk Enterprise and it's still in testing phase. I am trying to use this documentation h...

by Explorer in

Error while installing Splunk forwarder in windows system

I am installing 7.0.13.1 UF Agent but I am receiving above error... In Windows server 2012 R2 64 bit Universal for...

by Engager in

Line Break Problem due to non-standard timestamps

Hi Have some data coming into Splunk that has some unusual timestamp formatting: here is an example log file: *...

by Path Finder in

Best way to delete all data in an index every night?

I have an index (few million rows) that I need to delete and re-index the new data every night from a DB input. The d...

by Communicator in

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

I've followed the docs for setting up log-to-metrics but I haven't been able to get it to work as intended. I have...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

JSON is one huge single entry - Is there a way to break it apart in Splunk?

Error : Bug during applyPendingMetadata, header processor does not own the indexed extractions confs

Splunk website monitoring timeout

Exclude certain log with specific attribute from a search that has mutiple sources

How to create table from large JSON data?

How to parse/index only json entry from raw data which are in non-uniform pattern?

Powershell Logging and ingesting to Splunk

Dynamic SNMP OID - Convert ASCII number to Text Value

Hot buckets filling up

Whitelist/Blacklist Event ID using Forwarder Management

Need CPU and Memory peak utilization of multiple VM's

Search the data from a xml based log file based on the condition

Time zone conversion.

What does Splunk-perfmon.exe need to write to registry keys?

Help with SEDCMD-drop

Blacklist format

Whitelist bad logon

help on CSV default limit issue

Fully disable perfmon

Cisco Networks App - no results found, open in search does show results

Unable to move index database to another drive in Windows Server 2019

Error while installing Splunk forwarder in windows system

Line Break Problem due to non-standard timestamps

Best way to delete all data in an index every night?

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions