Getting Data In

Thread Info

Splunk is not logging data

User complained that Splunk is not logging data Data being stopped logging after 1:40 PM on Tue Dec 3rd. Please...

by Explorer in

Is it possible to forward data to third-party systems in other formats than syslog and raw?

Is it possible to forward cooked parsed data (containing all fields) in json format to some external TCP end-point (u...

by Explorer in

How to compare two CSV files with multiple rows

I am looking to compare two CSV files to output a change or addition. Example: File 1: User Date Status Dave 1/1 ...

by Explorer in

One API key to multiple sources

Can the same API key be used to ingest multiple different http event collector sources?

by New Member in

UF to indexer and forward specific sourcetype to third-party siem

Hi, from a customer I have this type, UF with Security events that sends them to a Splunk indexer. I would like to fo...

by New Member in

How to open 8088 port and enable HTTP event collectors for a Splunk Cloud - free trial ?

Hi, I called support for this query and I was asked to write a question here, since i am on a free trial. So here ...

by New Member in

How to measure Execution Latency of Ad-hoc Searches?

Hi Everyone How to determine and measure if any Ad hoc Searches are getting queued and by what time on total? Basi...

by Builder in

Why doesn't Splunk Enterprise 8 display the results of a command (i.e. btool, etc.) on Windows 10 using SSH (putty)?

Hi so I've been teaching myself Splunk and I don't really have the HDD space to run VM on my WIndows 10 desktop or la...

by Explorer in

Windows performance counter with name spaces fills with underscores

Hi, We collect windows performance logs. After the update to 7.2.0, each performance counter with a Space in its n...

by Path Finder in

Is a Heavy Forwarder able to load balance a network input among indexers?

Does a Heavy Forwarder have the same limitation as a Universal Forwarder in bold below? Please note, I already kno...

by Motivator in

How to convert HH:MM:SS.6Q time format in to Minutes

Hi, I am trying to convert Timestamp into Minutes and the result is not being displayed. I have the timestamp form...

by Explorer in

Simple scenario with intermediate forawarder to syslog - any help appreciated

I would like to achieve the following: run Splunk on some Windows (2003, 2008, 2008R2) hosts and: send all ev...

by New Member in

Extending job lifetime via REST

Is there a way the extend the lifetime of a job via REST like you can via UI ? https://docs.splunk.com/Documentat...

by Explorer in

Windows Deployment Server to *Nix deployment client permission issues.

Hello All, Problem: Using a Splunk Deployment Server on Windows with *Nix Deployment Clients. When using a Win Dep...

by Champion in

Receiving "User does not exist: undefined" error when adding data

Hi, I'm trying to add data to Splunk enterprise. I'm getting "User does not exist: undefined" error when trying t...

by New Member in

Windows inputs.conf blacklist testing process

Does anyone out there have a best practice for testing Windows event inputs.conf blacklist entries? What actual ev...

by Builder in

sourcetype TIME_FORMAT changed

hello to everyone, the monthly logs received from the ivr has changed the time format. Until now it was %d/%m%/Y r...

by Explorer in

Does Splunk have a timeline for releasing 7.2.9.1 or 6.6.12.1 to fix the Issues SPL-178915, SPL-171961

It seems like we have a fix in 7.3 for the splunk date-time issue since 2019-11-07 Not that long ago we were told to...

by Path Finder in

xyseries removes field line break

Hi, I have the following search where I create two fields which has a line break (Topic and value): index="example...

by Explorer in

AccountName disappears when I forward Windows Security Eventlogs

I have 5 computer who send security logs to a server. This server forward those logs to my splunk server so I can put...

by Engager in

How to dynamically route logs uto multiple indexes and sourcetypes based on file path and filename

Hi, I am working on OS log onboarding data under multiple hostname folders and these hostname folders are located at ...

by Builder in

On Windows, Forwarder crash - splunk_wmi.exe

Hello, I have installed the Forwarder on windows, and Forwarder works well for a period of time. But, forwarder c...

by New Member in

404 Client Error with Microsoft Office 365 Reporting Add-On for Splunk

Hi, we have a the Microsoft Office 365 Reporting Add-On for Splunk configured with an account which is a member of...

by Contributor in

Can UF send data to multiple indexes

I am using Splunk forwarder (not HEC) and want to know if I can send data to multiple indexes. If yes, how?

by Path Finder in

Can Splunk Ingest This?

Hi, can Splunk ingest .edb (Exchange Database) files?

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk is not logging data

Is it possible to forward data to third-party systems in other formats than syslog and raw?

How to compare two CSV files with multiple rows

One API key to multiple sources

UF to indexer and forward specific sourcetype to third-party siem

How to open 8088 port and enable HTTP event collectors for a Splunk Cloud - free trial ?

How to measure Execution Latency of Ad-hoc Searches?

Why doesn't Splunk Enterprise 8 display the results of a command (i.e. btool, etc.) on Windows 10 using SSH (putty)?

Windows performance counter with name spaces fills with underscores

Is a Heavy Forwarder able to load balance a network input among indexers?

How to convert HH:MM:SS.6Q time format in to Minutes

Simple scenario with intermediate forawarder to syslog - any help appreciated

Extending job lifetime via REST

Windows Deployment Server to *Nix deployment client permission issues.

Receiving "User does not exist: undefined" error when adding data

Windows inputs.conf blacklist testing process

sourcetype TIME_FORMAT changed

Does Splunk have a timeline for releasing 7.2.9.1 or 6.6.12.1 to fix the Issues SPL-178915, SPL-171961

xyseries removes field line break

AccountName disappears when I forward Windows Security Eventlogs

How to dynamically route logs uto multiple indexes and sourcetypes based on file path and filename

On Windows, Forwarder crash - splunk_wmi.exe

404 Client Error with Microsoft Office 365 Reporting Add-On for Splunk

Can UF send data to multiple indexes

Can Splunk Ingest This?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions