Getting Data In

Thread Info

How to separate hosts/other fields into other data indexes?

I've got several data indexes (only one server) already that are separated by forwarders or listener ports. However, ...

by Path Finder in

TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption":

Hi I get al lot of the following messages on my IX: TcpInputProc - Encountered S2S Exception=Invalid _meta atom: f...

by New Member in

SPLUNK could't parse all files in same directrory

please need your support as SPLUNK didn't parse all files from same path, i.e for example in my inputs.conf there are...

by Path Finder in

How to do custom encryption and decryption on a Splunk universal forwarder?

I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the ...

by New Member in

how to export a splunk app to .spl

What is command that i need to use to export a splunk app into .spl format ?

by Contributor in

Not able to read CSV from Universal forwarder

I am trying to read csv from one of my universal forwareder, below is my inputs file [monitor://D:\DUMP\Updated_Du...

by Path Finder in

KV_MODE = multi not capturing fields

I am using the splunk for unix app and the KV_MODE = multi entry in props.conf is not working. For example, I am stil...

by Communicator in

Question About Retetion Policy No Effect

Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeri...

by Path Finder in

Why did my data not deleted when reaching retention limit?

Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeri...

by Path Finder in

Custom timestamp detection for a sourcetype with some event w/o timestamp

Hello there, For a particular sourcetype there are events with a timestamp and events without timestamp. As Spl...

by Communicator in

How to convert JSON array of Key/Value pairs to Column/Value?

Lets say we have Json data in the following format ( using 2 events as an example) Event 1) Time Event 5/19/...

by Builder in

Parse json - relate parent key to child-array values

Source JSON Structure: { "working": { "https://site.number.one": [ { "metric":...

by New Member in

json output read single value when there are multiple for a segment

Hi, I have a json output which is getting indexed correctly. And i am collectng ip from remotemanagement{}.ip . But ...

by Communicator in

KV store keys, REST API and URL encoding forward slashes

I have a KV collection that uses a CIDR-style network address as the key value. This means that delete operations hav...

by Path Finder in

Is there a way to delay splunk universal forwarder from monitoring specific files?

Hello, We have an issue monitoring os_metrics logs where the log entries are generated from a Windows command wmic...

by Explorer in

Index main

Hello Splunkers! I have a question, i have installed a universal forwarder on a AIX server, but all the logs arriv...

by New Member in

Wildcards not working in tags.conf

I have the below config in tags.conf: [source=/some/directory/logs/foo-bar/error.log] sometag = enabled And thi...

by New Member in

Configure Spunk Hot/Warm, Cold and Frozen

How do I configure HOT / WARM, COULD, and FROZEN in Splunk Enterpise? I need to configure Splunk Data Retention an...

by Explorer in

Need seperate count for UP and DOWN Peer

Hi All, I have a query to display some BGP neighbour UP or DOWN. Output looks like nodelabel Status PEER_IP Ti...

by Communicator in

Why did a Splunk forwarder stop sending to log packet?

It was working fine until 1 month ago. There was no Splunk forwarder and network configuration change. No packets fro...

by Explorer in

Add hosts to Splunk multiselect UI

I want to populate the list of hosts in the multiselect input option in Splunk. index=someIndexName * host!="notTh...

by Path Finder in

Windows Security Events only being forwarded for a short time after restarting universal forwarder

Hi everyone, I have about 20 windows servers and 30 linux servers, all with universal forwarders installed and config...

by Path Finder in

Forward specific inputs from indexer to intermediate forwarder

Hi guys, here is the current setup I have. UF uses data cloning to send to both an indexer cluster and an intermed...

by Path Finder in

How to configure a heavy forwarder to receive logs over port 514/1514?

Hi, I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F...

by Contributor in

Visualization that takes into account time of day

Hey all, So I'm kind of scratching my head on this, and any kind of guidance would be extremely helpful! Alright,...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to separate hosts/other fields into other data indexes?

TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption":

SPLUNK could't parse all files in same directrory

How to do custom encryption and decryption on a Splunk universal forwarder?

how to export a splunk app to .spl

Not able to read CSV from Universal forwarder

KV_MODE = multi not capturing fields

Question About Retetion Policy No Effect

Why did my data not deleted when reaching retention limit?

Custom timestamp detection for a sourcetype with some event w/o timestamp

How to convert JSON array of Key/Value pairs to Column/Value?

Parse json - relate parent key to child-array values

json output read single value when there are multiple for a segment

KV store keys, REST API and URL encoding forward slashes

Is there a way to delay splunk universal forwarder from monitoring specific files?

Index main

Wildcards not working in tags.conf

Configure Spunk Hot/Warm, Cold and Frozen

Need seperate count for UP and DOWN Peer

Why did a Splunk forwarder stop sending to log packet?

Add hosts to Splunk multiselect UI

Windows Security Events only being forwarded for a short time after restarting universal forwarder

Forward specific inputs from indexer to intermediate forwarder

How to configure a heavy forwarder to receive logs over port 514/1514?

Visualization that takes into account time of day

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions