Getting Data In

Ask a Question

Discussions

Thread Info

What does Splunk-perfmon.exe need to write to registry keys?

Have an antivirus reporting some writing attempts from process splunk-perfmon.exe to the following registry keys: ...

by Splunk Employee in

Help with SEDCMD-drop

Here is my issue, i have logs that look like this: <--CT<-- -------------------------------------------------- 10:...

by Contributor in

Blacklist format

-- I want to see events of 4648. I want to filter out certain ones. Is my stanza configured correctly? \etc\system...

by Explorer in

Whitelist bad logon

I want to whitelist events when users put the password in the logon window during login. See example below, note the ...

by Explorer in

help on CSV default limit issue

hi If I launch the files separately, I have results But since a few days, I am unable to cross the data between th...

by Motivator in

Fully disable perfmon

Hello all, I am trying to fully disable perfmon from our splunk instance as we don not use this data to monitor an...

by Explorer in

Cisco Networks App - no results found, open in search does show results

Hi, I'm having an issue with some dashboard of the Cisco Network App. Take for example the routing dashboard. Ther...

by Loves-to-Learn Lots in

Unable to move index database to another drive in Windows Server 2019

Hey Guys! I am very new to Splunk Enterprise and it's still in testing phase. I am trying to use this documentation h...

by Explorer in

Error while installing Splunk forwarder in windows system

I am installing 7.0.13.1 UF Agent but I am receiving above error... In Windows server 2012 R2 64 bit Universal for...

by Engager in

Line Break Problem due to non-standard timestamps

Hi Have some data coming into Splunk that has some unusual timestamp formatting: here is an example log file: *...

by Path Finder in

Best way to delete all data in an index every night?

I have an index (few million rows) that I need to delete and re-index the new data every night from a DB input. The d...

by Communicator in

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

I've followed the docs for setting up log-to-metrics but I haven't been able to get it to work as intended. I have...

by New Member in

extract complete path from a wildcard Inputs file monitor

Example monitor://foo/bar I want all the file it grabs under bar with the full path to those file. like if there i...

by Explorer in

inputs.conf says only monitor application event logs but it is logging system and security also

my inputs.conf says to monitor only application events but it is monitoring security and system logs as well. below i...

by New Member in

How Do I assign src_ip to all event codes those are having same Logon_ID?

I would like to assign src_ip to all events who is having same logon_id. but the src_ip coming only to EventCode=4624...

by Engager in

Why my configuration is not working ? (nullQueue Windows)

Hi everyone, First of all i have tried every solution present in splunk answers on this subject but no one solved ...

by Explorer in

“Create Source Type” inquiry

“Create Source Type” inquiry. We want to create a new sourcetype that break events based a word orderActivityRep {...

by New Member in

Splunk Support for Active Directory: How to use GSS-API authentication rather than Simple-Auth

Splunk Version: 6.6.11 SA-ldapsearch App Version: 2.1.6 Build: 738 Hello, we have multiply domains in the fore...

by Explorer in

How can we set the index time to be the event time?

We would like to set the index time to be the event time (at index time). How can we do it?

by Ultra Champion in

Universal forwarder setup wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup wizard again. Click the finish button to exit the setup Wizard.

When Installing UF I am receiving error on Windows servers could you please help me on this

by Engager in

How to adhere rate limit headers and leave calls for others

Our Splunk is hitting a 3rd party API and using up all of the API calls we are allocated. Other users are unable to a...

by New Member in

How do i exclude some events from being indexed by Splunk?

i have a data source that is very noisy, and i only want to index specific events from it, not all of them. for examp...

by Splunk Employee in

How do I migrate Indexes from one multisite cluster to another multisite cluster?

Hi Community Members, I would like to migrate indexes from one multisite cluster to another multisite cluster. Bot...

by Ultra Champion in

Issue to find the format to convert string to date

Hi I tried to convert some string to date but it doesn't work. Below an example of date ("Created Time") ...

by Engager in

Monitored CSV where the headers and number of columns are determined by one of the fields.

I need to monitor a csv file where the first 6 column headers are static but based on the 3rd column (a number 0-5) t...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What does Splunk-perfmon.exe need to write to registry keys?

Help with SEDCMD-drop

Blacklist format

Whitelist bad logon

help on CSV default limit issue

Fully disable perfmon

Cisco Networks App - no results found, open in search does show results

Unable to move index database to another drive in Windows Server 2019

Error while installing Splunk forwarder in windows system

Line Break Problem due to non-standard timestamps

Best way to delete all data in an index every night?

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

extract complete path from a wildcard Inputs file monitor

inputs.conf says only monitor application event logs but it is logging system and security also

How Do I assign src_ip to all event codes those are having same Logon_ID?

Why my configuration is not working ? (nullQueue Windows)

“Create Source Type” inquiry

Splunk Support for Active Directory: How to use GSS-API authentication rather than Simple-Auth

How can we set the index time to be the event time?

Universal forwarder setup wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup wizard again. Click the finish button to exit the setup Wizard.

How to adhere rate limit headers and leave calls for others

How do i exclude some events from being indexed by Splunk?

How do I migrate Indexes from one multisite cluster to another multisite cluster?

Issue to find the format to convert string to date

Monitored CSV where the headers and number of columns are determined by one of the fields.

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions