Getting Data In

Ask a Question

Discussions

Thread Info

Why am I getting error "Universal Forwarder Setup Wizard ended prematurely" trying to install Splunk universal forwarder 6.2 on Windows Server 2012R2?

Hello, I am trying to deploy the Splunk universal forward to Win 2012 R2 servers. Using version : 6.2.0-237341-x64...

by Path Finder in

How to put results of custom search command into index

Hello all, I have add-on with written a custom search command. This command call my python package. my_searchcommand...

by New Member in

How to access splunk data from Postgres without moving data?

I need to access splunk data from postgres. Used DB Connect to implement this. But DB Connect export data from SPl...

by New Member in

Indexer receives forwarded Splunk internal logs but does not receive non-Splunk os events

Hi, I set up a Linux forwarder to forward os logs to a Windows indexer as a test. The Windows indexer is running S...

by Motivator in

How to collect Windows service status

I'm trying to collect the status of two windows services but I don't need the status of the rest of the services on t...

by Path Finder in

Universal Forwarder inputs.conf perfmon stanza : Why counters with "-" in their name are not selectable?

Initial case (working) : In an UF add to an inputs.conf (depending of if your using an app, creating local conf or...

by Explorer in

How do I configure my sourcetype to deal with a log that creates events with fixed field lengths?

Hello all, I have a structured log that doesn't contain a headers but contains fields with a fixed lengths. Here i...

by Motivator in

Why is Splunk forwarding all logs but ignoring props.conf filter?

Greetings! Sorry, I am a newbie and might be a simple question but I couldn't find any answer works for me. I'm...

by New Member in

Getting error related Fishbucket in _internal logs.

Receiving following error on searchead for forwarder: checkpoint failed: removal of dir /opt/splunkforwarder/var/l...

by Engager in

Windows Event Log Format and JSON

Hi, I have developers who are trying to create a framework for Windows Event Error handling that can be used for a...

by Path Finder in

How do you disable the REST API endpoint services/server/info?

Here's the deal. When you do a curl for the endpoint services/server/info on a search head, it includes information l...

by New Member in

Recommended ports & best practices for intermediate forwarding?

We have requirement to add a Heavy Forwarder tier between Universal Forwarder and Indexers. Is there a recommended...

by Builder in

How can I monitor SCCM 2012 logs with Splunk?

We have Splunk as our log and event management solution and are getting ready to roll out Microsoft System Center Con...

by New Member in

ADD-ON uses

why should i install the add-ons in splunk? collecting data would work the same without it? Compared to qradar SIEM ...

by Explorer in

Save configuration in dedicated input.conf in version 8.0

Hi, I've installed Splunk 8.0 to check my Python modular inputs with Python 3.7 and, with this version, the config...

by New Member in

Why ResultsReaderJson taking more time to parse a simple stream returned by oneshotsearch?

I am having an issue with consuming results using splunk API. I am using a oneshotsearch where the result is retu...

by New Member in

Splunk docker container 7.3.2

After starting up a container running the splunk/splunk:7.3 image and logging into the splunk UI. I noticed file inte...

by Engager in

Need help to compare a CSV file with an index

Hi, I need to compare the field host of my CSV file with the field host of my index. I used the search below but I ha...

by Motivator in

How to get Splunk ports to open from universal side to heavy forwarder side

I want to monitor zip files using universal forwarder and send it to the heavy forwarder for parsing so want to know ...

by Builder in

Help with choice of forwarder

3 questions: Can I use directly syslog for everything enabling it to each machine, without getting use of universa...

by Explorer in

Best practice for sourcetype category: Application vs Custom?

I am developing an app in Splunk 7.3. My app uses a proprietary sourcetype. In case it's significant for this ques...

by Builder in

Configured vs automatic extraction for timestamps in ISO 8601 extended format?

Background to this question I am using Splunk 7.3.0 to ingest JSON Lines where the event timestamp is in ISO 8601 ...

by Builder in

perfmon not reading data

I have configured my inputs.conf as mentioned below. [perfmon://Host Memory Swap] _TCP_ROUTING = my_indexer counte...

by Path Finder in

Index buckets configuration using time

Hello, dear ninjas! I need to configure my indexes to store data in bucket using time periods. For example: Index - T...

by Communicator in

Exclude CIDR range from search results

Hi Splunk Answers, I want to exclude IP addresses from certain networks in search results. The range is 10.52.0.0/...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I getting error "Universal Forwarder Setup Wizard ended prematurely" trying to install Splunk universal forwarder 6.2 on Windows Server 2012R2?

How to put results of custom search command into index

How to access splunk data from Postgres without moving data?

Indexer receives forwarded Splunk internal logs but does not receive non-Splunk os events

How to collect Windows service status

Universal Forwarder inputs.conf perfmon stanza : Why counters with "-" in their name are not selectable?

How do I configure my sourcetype to deal with a log that creates events with fixed field lengths?

Why is Splunk forwarding all logs but ignoring props.conf filter?

Getting error related Fishbucket in _internal logs.

Windows Event Log Format and JSON

How do you disable the REST API endpoint services/server/info?

Recommended ports & best practices for intermediate forwarding?

How can I monitor SCCM 2012 logs with Splunk?

ADD-ON uses

Save configuration in dedicated input.conf in version 8.0

Why ResultsReaderJson taking more time to parse a simple stream returned by oneshotsearch?

Splunk docker container 7.3.2

Need help to compare a CSV file with an index

How to get Splunk ports to open from universal side to heavy forwarder side

Help with choice of forwarder

Best practice for sourcetype category: Application vs Custom?

Configured vs automatic extraction for timestamps in ISO 8601 extended format?

perfmon not reading data

Index buckets configuration using time

Exclude CIDR range from search results

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions