Getting Data In

Thread Info

Forward filtered logs to indexer and full logs to third party syslog server

Hello, I am currently forwarding logs from uf to HF to idx. What I am trying to achieve is drop windows event w...

by Explorer in

i can't find the existing index

Greetings!! I can't find the existing index, after inputs other data into that index? I have done /opt/Splunk/b...

by Communicator in

Where do I have to set persistent queue configuration in order to offload event on UF's disk?

Hi, I am collecting event from UF to IDX. Sometimes events are missing due to network issue btw UF and IDX. So I am t...

by Path Finder in

Help with props and regex for index time extraction and adjustment of time zone

A typical Event (which has no line breaks): HOSTVULN: HOST_ID=109436564, IP="10.1.40.106", TRACKING_METHOD="AGENT"...

by Path Finder in

Splunk stencil icons in LucidChart.com?

Has anybody gotten any of the Splunk stencil icons to import into LucidChart.com? There is an import for Omnigraffle ...

by Esteemed Legend in

Transaction Command: Determine Outliers/Mismatches Only

I am using the transaction command in Splunk to group the events of an identical log file across two hosts. Essential...

by Path Finder in

Script Input

Hello Friends! I was trying to send an input Script to all my AIX servers ( i have aprox 20) but the script only g...

by New Member in

How to get non matching value by comparing two multivalued field without using join or append?

I want to get value from one multivalued field which are not present in other multivaliued field from same index and ...

by Engager in

Forward matching events to a third party system.

I would like to understand if the following requirement can be made to work.. We are ingesting AWS Cloudtrail even...

by Explorer in

Filter events from UF based on source + sourcetype or host

Hello, is it possible to filter events based on sourcetype + (host OR sourcetype) with props.conf/transforms.conf ...

by Motivator in

How to separate hosts/other fields into other data indexes?

I've got several data indexes (only one server) already that are separated by forwarders or listener ports. However, ...

by Path Finder in

TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption":

Hi I get al lot of the following messages on my IX: TcpInputProc - Encountered S2S Exception=Invalid _meta atom: f...

by New Member in

SPLUNK could't parse all files in same directrory

please need your support as SPLUNK didn't parse all files from same path, i.e for example in my inputs.conf there are...

by Path Finder in

How to do custom encryption and decryption on a Splunk universal forwarder?

I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the ...

by New Member in

how to export a splunk app to .spl

What is command that i need to use to export a splunk app into .spl format ?

by Contributor in

Not able to read CSV from Universal forwarder

I am trying to read csv from one of my universal forwareder, below is my inputs file [monitor://D:\DUMP\Updated_Du...

by Path Finder in

KV_MODE = multi not capturing fields

I am using the splunk for unix app and the KV_MODE = multi entry in props.conf is not working. For example, I am stil...

by Communicator in

Question About Retetion Policy No Effect

Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeri...

by Path Finder in

Why did my data not deleted when reaching retention limit?

Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeri...

by Path Finder in

Custom timestamp detection for a sourcetype with some event w/o timestamp

Hello there, For a particular sourcetype there are events with a timestamp and events without timestamp. As Spl...

by Communicator in

How to convert JSON array of Key/Value pairs to Column/Value?

Lets say we have Json data in the following format ( using 2 events as an example) Event 1) Time Event 5/19/...

by Builder in

Parse json - relate parent key to child-array values

Source JSON Structure: { "working": { "https://site.number.one": [ { "metric":...

by New Member in

json output read single value when there are multiple for a segment

Hi, I have a json output which is getting indexed correctly. And i am collectng ip from remotemanagement{}.ip . But ...

by Communicator in

KV store keys, REST API and URL encoding forward slashes

I have a KV collection that uses a CIDR-style network address as the key value. This means that delete operations hav...

by Path Finder in

Is there a way to delay splunk universal forwarder from monitoring specific files?

Hello, We have an issue monitoring os_metrics logs where the log entries are generated from a Windows command wmic...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Forward filtered logs to indexer and full logs to third party syslog server

i can't find the existing index

Where do I have to set persistent queue configuration in order to offload event on UF's disk?

Help with props and regex for index time extraction and adjustment of time zone

Splunk stencil icons in LucidChart.com?

Transaction Command: Determine Outliers/Mismatches Only

Script Input

How to get non matching value by comparing two multivalued field without using join or append?

Forward matching events to a third party system.

Filter events from UF based on source + sourcetype or host

How to separate hosts/other fields into other data indexes?

TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption":

SPLUNK could't parse all files in same directrory

How to do custom encryption and decryption on a Splunk universal forwarder?

how to export a splunk app to .spl

Not able to read CSV from Universal forwarder

KV_MODE = multi not capturing fields

Question About Retetion Policy No Effect

Why did my data not deleted when reaching retention limit?

Custom timestamp detection for a sourcetype with some event w/o timestamp

How to convert JSON array of Key/Value pairs to Column/Value?

Parse json - relate parent key to child-array values

json output read single value when there are multiple for a segment

KV store keys, REST API and URL encoding forward slashes

Is there a way to delay splunk universal forwarder from monitoring specific files?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions