Getting Data In

Thread Info

Splunk - Adding stanza in input.conf file

i am using Splunk enterprise trial version and trying to push the windows logs to Splunk from the customize location ...

by Explorer in

Unable to initialize modular input

Hi, I designed a modular input using the splunk plugin for eclipse. After building the file with Ant, I installed ...

by Engager in

Why does checking the status of a forwarder make the forwarder stop running?

Hello, I have multiple Splunk forwarders in my setup. I am writing a script in which I need to check if Splunk for...

by Builder in

Splunk is not showing full JSON data from Chef Inspec log file on search

I have a json log file generated from chef inspec tool that contains 1000+ lines of data. The log file looks somethin...

by Engager in

How to get the total size of data in a distributed Splunk deployment ignoring replication

I would like to add a new indexer site to our distributed Splunk deployment but would like this new site to contain a...

by Engager in

How to add additional fields to log4j-submitted JSON?

We're using Splunk's "javalogging" JAR to send events to Splunk from our Java-application directly. This works, but t...

by Path Finder in

Syslog Json question

Hello, I've got a question on getting Splunk to extract key value pairs from syslog json events. The events loo...

by Communicator in

What is the easiest way to identify my universal forwarder versions

I'm looking for a search that will let me check what forwarder revisions are installed on individual machines. Any...

by Path Finder in

Lookup table not found for Automatic lookup

I have created a lookup table suppose productext.csv. I went to the Automatic lookup screen and selected the dropdown...

by Communicator in

Assigning sourcetype by host - UF

Hi All, I have a UF which gets logs of syslog via UDP:514. I am trying to set sourcetypes by hosts' IPs but i can'...

by Contributor in

How to configure forwarder filename with timestamp

I have a custom application and the log gets created at 7:00 UTC every day. The log file will have timestamp in the f...

by Observer in

Getting List of the Universal forwarders

Hi There, I wanted to get a list of forwarders from the metric logs. The base logs have confused me a lot. Below ...

by Explorer in

Integrity Check of Installed Files datetime.xml

Hello, After updating (replacing) the datetime.xml file in my Splunk, the following health check message appears. ...

by Explorer in

Windows Defender ATP

I have followed the various sets of instructions for sending Microsoft Defender ATP logs to Splunk, however I am gett...

by Contributor in

json events not breaking properly

trying to break events before incidentTicket event, but not breaking properly with BREAK_ONLY_BEFORE. props: [prd...

by Contributor in

Splunk API output

When I try the api endpoint curl -k -u username:passwd https://localhost:8089/servicesNS/admin/search/search/jobs/exp...

by New Member in

Python script to upgrade forwarder

Hi, Please give me the python script to upgrade rpm file of forwarder. Steps to upgrade 1) Get the rpm file ...

by Builder in

Capture data from scripted input

I'm trying to so a simple ps for ssh connections from a specific user. I have created a python script ! /usr/bin/p...

by Communicator in

log file not parsing properly - multiple lines per event

Hello, I have a file monitor for a log file where I am getting indexed data with multiple lines. Example of one e...

by Path Finder in

How to get the SID (via rest api) for a single scheduled report previously created from the Web UI

I have a number of scheduled reports previously created via the WEB UI following a template similar to the ones shown...

by New Member in

How to parse nested Json so I can extract parent process information that lines up attributes together?

The am having some issues with extracting what I want out of the json that goes into splunk from Tanium for signal al...

by Engager in

Sending logs to splunk using python script

Hi, Is there a way to send logs to splunk using python script? Can you please send me the sample script?

by Builder in

can Splunk HF run multiple Python scripts and forward it to multiple indexer

I am having 2 scheduled python scripts running in HF. First script is scheduled for 2 mins and get SNMP data and forw...

by Explorer in

json gets truncated

Valid json gets truncated for some reason. Below is the props.conf file: TRUNCATE = 0 KV_MODE = json NO_BINARY_CHE...

by Explorer in

Combine 3 csv reports and send it in one Email

Hi, I am stuck into a weird problem. I have 3 queries from 3 different source producing a table with a service name a...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk - Adding stanza in input.conf file

Unable to initialize modular input

Why does checking the status of a forwarder make the forwarder stop running?

Splunk is not showing full JSON data from Chef Inspec log file on search

How to get the total size of data in a distributed Splunk deployment ignoring replication

How to add additional fields to log4j-submitted JSON?

Syslog Json question

What is the easiest way to identify my universal forwarder versions

Lookup table not found for Automatic lookup

Assigning sourcetype by host - UF

How to configure forwarder filename with timestamp

Getting List of the Universal forwarders

Integrity Check of Installed Files datetime.xml

Windows Defender ATP

json events not breaking properly

Splunk API output

Python script to upgrade forwarder

Capture data from scripted input

log file not parsing properly - multiple lines per event

How to get the SID (via rest api) for a single scheduled report previously created from the Web UI

How to parse nested Json so I can extract parent process information that lines up attributes together?

Sending logs to splunk using python script

can Splunk HF run multiple Python scripts and forward it to multiple indexer

json gets truncated

Combine 3 csv reports and send it in one Email

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Enhance Your Splunk App Development: New Tools & Support

Adaptive filtering/Stateful cross-event logic to f...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions