Getting Data In

Thread Info

Monitored CSV where the headers and number of columns are determined by one of the fields.

I need to monitor a csv file where the first 6 column headers are static but based on the 3rd column (a number 0-5) t...

by Loves-to-Learn Lots in

Issue with AWS universal forward to SplunkCloud

Hello! There is some strange situation i did like in article https://medium.com/@robert.r.svensson/how-to-send-securi...

by Loves-to-Learn Lots in

Validate filter value and show error message if value is invalid

Hi, I want to validate the data i enter in data input filter and also want to show error message if user does not ...

by New Member in

How to apply ingest time log to metric?

Hi All, Let's say I receive log data through TCP on UF, and I want to save the data in event index and metric inde...

by Path Finder in

Increase the number of lines in the log set sourcetype

Can someone remind me of the name of the attribute used after ingesting a log to increase the amount of the log event...

by Communicator in

Does the Universal Forwarder Support LDAP?

We use the REST API regularly with several of our Universal Forwarders. I would like to setup LDAP with all of the...

by Engager in

cisco apic fabric device active connections

Hi, when i login to my CISCO APIC fabric devices, I see there are plenty of active connections with user splunk . ...

by Communicator in

Why is line breaking inconsistent - File Monitoring - Roxio SecureBurn Log file - .txt

Everytime a CD is burned with Roxio SecureBurn, a txt file log of the cd is created. The format of the .txt log file ...

by Path Finder in

Does reason exist that btool does not return the inputs.conf stanza for the Splunk log folder (/opt/splunk/var/log/splunk)?

Does a reason exist that btool does not return the inputs.conf stanza for the Splunk log folder (/opt/splunk/var/log/...

by Path Finder in

days information

Hi Guys, We have a field by name “Validity” which shows the validity date as below for different products; Vali...

by Path Finder in

help needed with UF settings distributed over deployment server

Hello, I would like to distribute one UF parameter to my clients, it is: limits.conf ... [inputproc] ...

by Builder in

Automatic field discovery / key value pairs with :=

Below are two line example of the data being indexed. 2020-01-17 15:40:53; 192.168.0.69; 192.168.0.69; Trap Servi...

by Explorer in

Please write Props for the following data because time format not working

Below is data : 30,01/21/20,11:56:24,DNS Update Request,ip,xxx,,,0,6,,,,,,,,,0 11,01/21/20,11:56:24,Renew,ip,xxx,4...

by Explorer in

"Project_migration_tool" of "splunk add-on builder" does not work because "python3" is not included in "Splunk8.0.1" of "docker".

"Project_migration_tool" of "splunk add-on builder" does not work because "python3" is not included in "Splunk8.0.1" ...

by New Member in

not able to forward shell script (it is using tty terminal) output to splunk

not able to forward shell script (it is using tty terminal) output to splunk . Please help me on it

by Explorer in

N number of configuration change on one host

Query to detect over N number configuration changes on a certain host within specific duration. Any help is greatly a...

by New Member in

how to find time difference in below format?

New_Time=2020‎-‎01‎-‎19T15:06:53.134000000Z Previous_Time=2020‎-‎01‎-‎19T15:06:53.134396700Z how to find the time ...

by New Member in

Search to alert user is logged into more than 1 VPN instance concurrently

Hello, I am trying to write a search to look for an admin logged into our cisco vpn1 and vpn2 instance at the same ti...

by Engager in

Changing the sourcetype to remove spaces

I'm working on a TA to process Venafi messages brought in via RestAPI. When I was testing I used hostname in the prop...

by Contributor in

Importing rsyslog json as metrics

Hi everyone, I'm trying to import the following type of log data as metrics (extract shown): Nov 14 03:23:42 ho...

by Engager in

Different target ports for different Log sources on Universal Log Forwarders

Does the Universal Log Forwarder support to send the syslogs traffic using different target ports based on source IP/...

by New Member in

How do I set the default index?

I've created a custom index that I want to be my new defaultdb. Currently, my defaultdb is "main" index. I want all e...

by Champion in

Can you track the size of a log file?

I've been browsing around and was wondering is there a way to track a specific log file size (source)? The main reaso...

by Explorer in

clientIP and date in logs, but in Date seconds are ignored.

I have a strange issue, not sure if this could be the reason. In my logs. Client IP and Date is logged, but in sp...

by Explorer in

How to resolve when data getting duplicated twice in indexers?

Hi Splunkers, I have noticed an issue in my Splunk environment: Issue: Data is getting duplicated twice in i...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Monitored CSV where the headers and number of columns are determined by one of the fields.

Issue with AWS universal forward to SplunkCloud

Validate filter value and show error message if value is invalid

How to apply ingest time log to metric?

Increase the number of lines in the log set sourcetype

Does the Universal Forwarder Support LDAP?

cisco apic fabric device active connections

Why is line breaking inconsistent - File Monitoring - Roxio SecureBurn Log file - .txt

Does reason exist that btool does not return the inputs.conf stanza for the Splunk log folder (/opt/splunk/var/log/splunk)?

days information

help needed with UF settings distributed over deployment server

Automatic field discovery / key value pairs with :=

Please write Props for the following data because time format not working

"Project_migration_tool" of "splunk add-on builder" does not work because "python3" is not included in "Splunk8.0.1" of "docker".

not able to forward shell script (it is using tty terminal) output to splunk

N number of configuration change on one host

how to find time difference in below format?

Search to alert user is logged into more than 1 VPN instance concurrently

Changing the sourcetype to remove spaces

Importing rsyslog json as metrics

Different target ports for different Log sources on Universal Log Forwarders

How do I set the default index?

Can you track the size of a log file?

clientIP and date in logs, but in Date seconds are ignored.

How to resolve when data getting duplicated twice in indexers?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions