Getting Data In

Thread Info

Extract value from json in props.conf

Hi All,I want to extract email from json event in splunk.Query I am using is : index=*sec sourcetype=t...

by Path Finder in

Using only 1 event out of many duplicate events

Greetings to you !! I have a file in which I have a following content : My city is very good your city is also ...

by Loves-to-Learn in

How to fix CSV ingestion random cutoffs?

I notice that CSV ingestion (from Splunk Web file upload) sometimes cuts off an event, possibly because one field is ...

by SplunkTrust in

Migrating Heavy Forwarder to a new server

Hi All, I have inherited a HF running on a Linux server collecting data from several cloud sources using the inputs...

by Path Finder in

Need assist in setting json sourcetype

I have been trying to get the following sourcetype into Splunk for PI. This whole stanza should go in as 1 event, bu...

by Communicator in

how to rex comma with no data

I hve few events where data is not available. Instead I see commas where head6 and head7 data is not availble. Need r...

by Explorer in

Compression on Intermediate forwarder

We have multiple forwarders sending data to an Intermediary forwarder and that IF is sending data to IDXs. IF is not ...

by Communicator in

splunkfwd user access to root owned logs

Can anyone tell me the best practice for splunkfwd user to access others and root own dir/logs ? Not intereste...

by Explorer in

Best Practice for Getting Data from Splunk Instances Into Indexer Cluster

I have the following setup with Indexer Discovery + Indexer Cluster + Search Head Cluster: - Deployment Server - ...

by Engager in

Azure Kubernetes Service (AKS) - log ingestion with Splunk

Hi, I am trying to understand the best/cost effective approach to ingest logs from Azure AKS in Splunk Enterprise w...

by Builder in

Enable boot start of Splunk forwarder on oracle Linux 6.x

Hi Team, Please help me whit the steps to enable boot start of Splunk forwarder on oracle Linux 6.x. Splunk forwa...

by New Member in

How to copy data from an index to another machine

HiI have a use case that involves copying historical data from a 3-indexer cluster (6 months old) to another machine....

by Communicator in

Cannot Ingest Prometheus Data: inputs.conf - recieving errors: btool does not list the stanza [prometheusrw])

Hello Splunk Community, I'm encountering an issue with ingesting data from a Prometheus remote_write_agent into Sp...

by Loves-to-Learn Lots in

How to forward DVWA logs into my splunk enterprise using spunk universal forwarder?

I am practicing my attacks on the DVWA webserver and I would want to monitor the traffic logs from the DVWA into my s...

by Loves-to-Learn in

Converting Date to first day of the week

I am analyzing some .csvs which have a "date" field present. The .csvs are indexed, but the index time is pretty irre...

by Path Finder in

Output to multiple destinations with one of them using discovery and different certificate authorities?

Assume for the moment that these work individually: Outputs1[tcpout]defaultGroup = primary_indexersforceTimebasedAu...

by Loves-to-Learn in

Troubleshooting Blacklists - Blocking subsets of EventCode 4688

I'm a bit new to Splunk; apologies if I miss anything obvious. I'm looking to selectively block events meeting a ce...

by Engager in

Logs Retention

Hello,Is it possible to define the retention duration of logs (hot, warm and cold) If yes, how can this be done ? Or...

by Communicator in

Copying over data to another index for longer retention

Hi all, We are indexing different topics from our kafka cluster to an index say, index1. But we now have a requirem...

by Path Finder in

Getting isHttpOutConfigured=NOT_CONFIGURED in Splunkd logs

I had defined the complete path in inputs.conf and restarted the Splunkforwarder but got error in Splunkd logs. Kin...

by Explorer in

Trouble with df.sh after upgrade to 9.2.1

since moving to 9.2.1, now my df.sh events are now a single event when searching. also notice the format is bad when ...

by Explorer in

Path of props.conf and transforms.conf

I'd like to monitor log files and ingest specific lines from these files. My props.conf and transforms.conf has no er...

by Loves-to-Learn in

Collecting server logs without installing Splunk UF?

Hi , How to collect server logs without installing the Splunk Universal forwarder. Because the server owned team is...

by Builder in

trial

by Path Finder in

Why is User is not allowed to modify the job error?

Hi all. One of our users cannot upload files to splunk with the error "User is not allowed to modify the job". Th...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Extract value from json in props.conf

Using only 1 event out of many duplicate events

How to fix CSV ingestion random cutoffs?

Migrating Heavy Forwarder to a new server

Need assist in setting json sourcetype

how to rex comma with no data

Compression on Intermediate forwarder

splunkfwd user access to root owned logs

Best Practice for Getting Data from Splunk Instances Into Indexer Cluster

Azure Kubernetes Service (AKS) - log ingestion with Splunk

Enable boot start of Splunk forwarder on oracle Linux 6.x

How to copy data from an index to another machine

Cannot Ingest Prometheus Data: inputs.conf - recieving errors: btool does not list the stanza [prometheusrw])

How to forward DVWA logs into my splunk enterprise using spunk universal forwarder?

Converting Date to first day of the week

Output to multiple destinations with one of them using discovery and different certificate authorities?

Troubleshooting Blacklists - Blocking subsets of EventCode 4688

Logs Retention

Copying over data to another index for longer retention

Getting isHttpOutConfigured=NOT_CONFIGURED in Splunkd logs

Trouble with df.sh after upgrade to 9.2.1

Path of props.conf and transforms.conf

Collecting server logs without installing Splunk UF?

trial

Why is User is not allowed to modify the job error?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions