Getting Data In

Thread Info

Can Splunk index Windows Event Log(evt,evtx) files?

Windows Server 2003, Windows XP and 2000 generate evt files, where Windows Vista, 2008 Server, Windows 7 generate evt...

by Splunk Employee in

WMI connect error

I configured a splunk heavy repeater to use WMI to collect the security logs, application logs, and system logs of re...

by New Member in

WMI connect error

I configured a splunk heavy repeater to use WMI to collect the security logs, application logs, and system logs of re...

by New Member in

How to calculate the time between events based on a field change grouped by another field?

I'm attempting to generate a table which shows the time between two consecutive login events for a user when the IP a...

by Contributor in

single indexer operation

Hi, It may be a very simple question but i want to know how the indexing actually works when the indexer is down f...

by Communicator in

Splunk UFW - Indexing Headers as Events

Apologies as I know this has been asked a few times, but none of the answers I have found seem to work. I have som...

by New Member in

Query joining 3 sourcetypes

I am trying to create a query that combines results from 3 sources, one of which is a lookup table. Any help would be...

by Path Finder in

How to use a portion of the hostname in your inputs.conf monitor path?

Got a bunch of logs to pickup from different machines. Evidently each machine has a share to the other machines, so I...

by Communicator in

sourcetype reporting interval?

Anybody have a query to show sourcetype reporting intervals (how often a ST sends data). I cant download or install a...

by Path Finder in

How to speed Up Windows Event Log Processing?

I indexed about one GB of Windows Event Logs using the add data feature by monitoring the folder where the event log ...

by New Member in

Splunk UF Backlog

Hey everyone, quick UF question here... If a UF stops for whatever reason then comes back on later on, will the UF se...

by Explorer in

UF and Platform version level compatibility with new timestamp issue

Just got the notification about the timestamp issue coming in Jan 2020. Timestamp Issue I am currently running ...

by Path Finder in

What will be LINE_BREAKER for these events?

2019-11-06 16:13:21,886 [9] DEBUG B005_01_01BusinessLogic - 2019-11-06 16:13:21,886 [9] DEBUG B005_01_01BusinessLogi...

by Path Finder in

Single Search Head/Single Indexer (distributed search)

Hi, Is it possible to create a single search head instance ? And or a single indexer instane? - Or are the insta...

by Explorer in

conditional index and sourcetype name inputs.conf by file-naming-convention

So my goal is to be able to pass a file to a splunk-monitored directory.. and have splunk apply it to the appropriate...

by Contributor in

How to monitor and alert when the Splunk universal forwarder service has been stopped or modified?

On my Universal Forwarders, I want to have the ability to monitor and alert off when the Splunk Universal forwarder s...

by Explorer in

What is the difference between installing an add-on at the search head and the indexer?

Hi all, I was going to install the Linux Secure Technology Add-On and the installation says that it needs to be in...

by New Member in

Can we configure the smartstore caching capability of the indexers?

Are there any configurations associated with the smartstore caching capability of the indexers?

by Motivator in

Reimporting Event Data / Fixing Data Holes

Because of network problems between my HFs and my indexing tier I have some "holes" in my data. With holes I mean mis...

by Path Finder in

Why do we see a discrepancy between VSphere and perfmon when reporting on cpu?

For a certain Windows Server 2016 Standard, VSphere reports around 50% cpu utilization while perfmon reports around 3...

by Motivator in

Windows Host Status (Red, Amber, Green)

Has anyone been able to create a single panel (Red, Amber, Green status) for a windows host to show if the host has c...

by Communicator in

Can anyone help me identify auto-finalized or truncated searches/alerts?

I am having trouble crafting a search to identify auto-finalized or truncated searches. This is the search I am us...

by Explorer in

Can 1 sourcetype have 2 CHARSET?

I have a sourcetype named "abc" It is configured to CHARSET=UTF_8 When I see the events, some events split because...

by Path Finder in

Teradata Events to Splunk

I need to take teradata Events to splunk. Currectly Teradata Event viewer is one which I am using to monitor the tera...

by New Member in

When sending data with http event collector is there any throttling by default?

Hello, When sending data with HEC to Splunk Enterprise/Cloud, is there any throttling by default? Or is there an o...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can Splunk index Windows Event Log(evt,evtx) files?

WMI connect error

WMI connect error

How to calculate the time between events based on a field change grouped by another field?

single indexer operation

Splunk UFW - Indexing Headers as Events

Query joining 3 sourcetypes

How to use a portion of the hostname in your inputs.conf monitor path?

sourcetype reporting interval?

How to speed Up Windows Event Log Processing?

Splunk UF Backlog

UF and Platform version level compatibility with new timestamp issue

What will be LINE_BREAKER for these events?

Single Search Head/Single Indexer (distributed search)

conditional index and sourcetype name inputs.conf by file-naming-convention

How to monitor and alert when the Splunk universal forwarder service has been stopped or modified?

What is the difference between installing an add-on at the search head and the indexer?

Can we configure the smartstore caching capability of the indexers?

Reimporting Event Data / Fixing Data Holes

Why do we see a discrepancy between VSphere and perfmon when reporting on cpu?

Windows Host Status (Red, Amber, Green)

Can anyone help me identify auto-finalized or truncated searches/alerts?

Can 1 sourcetype have 2 CHARSET?

Teradata Events to Splunk

When sending data with http event collector is there any throttling by default?

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

Why You Should Register for Splunk University at .conf25

Building Splunk proficiency is a marathon, not a sprint

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions