Getting Data In

Thread Info

Old log files are not getting ingested into Splunk Cloud

Hi Team, We got an requirement to ingest the xyz.log from a client machine. So i have created an app in the dep...

by Path Finder in

How to event break on multiple dashes?

With multi-line logs, I am trying to linebreak on an obvious linebreaker of dashes (---------------------------------...

by New Member in

Is it possible to throttle events sent by the forwarder?

Hi, Is there a way to configure a throttle rule so the splunk forwarder don't send repeated events? Let's say i want ...

by New Member in

"Failed to parse Timestamp. Defaulting to file modtime"- Error message

Hi, It will be so helpful for me, if anybody could give a solution to the following question When i am trying ...

by Engager in

Can I skip specific lines while indexing data?

Hello, I am trying to index a csv log file that looks like this: Description,NumJobWaitEvents,ReturnCode,RunEnd...

by Motivator in

Help me write my props.con for this log?

All, I have a log that looks like this? UTC time. What would my props.conf for this look like for that EPOCH time...

by Builder in

Windows perfmon when configured with Splunk Web where are settings stored?

I would like to see examples of perfmon inputs.conf settings. I tried setting up Windows perf mon using the Splunk we...

by Contributor in

Splunk data are cut of randomly

I am having problem with UF data ingestion. There are 36 servers (18 server are prod and 18 are test-prod) I have de...

by Builder in

3GPP TS 32.435 XML format parsing

Hi, Has anyone been able to parse XML files in 3GPP 32.435 format? It's an XML formatted file with performance measur...

by New Member in

Blacklist a file in my inputs.conf stanza?

All, I am getting an alert "Saved Search [ForwarderLevel - File Too Small to checkCRC occurring multiple times]: ...

by Builder in

db connect error

Hello , Can someone help me to solve this error in the DB connect Application ? <?xml version="1.0" encoding="UT...

by Path Finder in

Getting Rest endpoint errors when pushing the Splunk_TA_ontap app to all the indexers through Master.

When pushing the Splunk_TA_ontap app of "Splunk app for NetApp Data ONTAP" to all the indexers in the cluster through...

by Explorer in

Deploying and updating Splunkbase apps using a deployment server?

I'm running Splunk for Enterprise 7.3.0 on Ubuntu 18.04 doing a demo deployment with a sales trial license. It's a si...

by Explorer in

Ingesting logs into Splunk Cloud

Hi Team, We got an requirement from Operations team to ingest a particular log file (/abc/xyz.log) which is presen...

by Path Finder in

Can multiple Splunk Universal Forwarders use same NAT IP for sending data to Heavy Forwarder ?

We have around 100 Universal Forwarders in a specific Office location A and another 50 Universal Forwarders in Office...

by Path Finder in

How can I get Ansible script to automate installation of splunk universal forwarder on multiple windows hosts?

Does anybody have an ansible script which can be used to install the Splunk universal forwarder on multiple Windows h...

by Engager in

How to specify field type value in search query?

Hi, I have a field type "Source" and I want to filter the events by source="Ebiz.Order20" etc. . I tried AND sourc...

by Engager in

ignoreolderthan in inputs.conf vs number of files in "splunk list monitor" performance

Hi All, I'm trying to see if we can improve the performance of a Splunk instance and trying to optimize it - e.g. ...

by Path Finder in

Display/Resolve DNS and/or ASN info for an IP address in Search Results

I would like to have a way in Splunk to display the DNS information for Private IP addresses and DNS/ASN information ...

by Engager in

unable to send data to indexer.

Hello, this is my forwarder inputs.conf looks like but I am unable to see any data in the second index cisco_asa. ...

by Explorer in

Heavy Forwarder fills queues (but not always) when forwarding to external Syslog

We're trying to do: UF (Win Event Logs) --> HF (v7.2.5 on Linux) --> Indexers (Linux) -AND- external Syslog destinat...

by Path Finder in

udp data packets lost at Heavy Forwarder

I am observing packet loss on Heavy forwarder due to which I am missing the important messages which we are being sen...

by New Member in

Disk space issue on Indexer

Hi All, We have Replication factor as 2 and search factor as 2 in 2 different sites in clustered environment. For...

by Path Finder in

metrics - if field not present in raw data how to add it with default value?

In the data source I am ingesting it can happen that one of the fields is not present from time to time. The issue is...

by Contributor in

Different xml files have not been indexed: directory monitoring.

Hi. I created directory monitor in Splunk. This monitor monitors a directory, which is situated on the SplunkServer. ...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Old log files are not getting ingested into Splunk Cloud

How to event break on multiple dashes?

Is it possible to throttle events sent by the forwarder?

"Failed to parse Timestamp. Defaulting to file modtime"- Error message

Can I skip specific lines while indexing data?

Help me write my props.con for this log?

Windows perfmon when configured with Splunk Web where are settings stored?

Splunk data are cut of randomly

3GPP TS 32.435 XML format parsing

Blacklist a file in my inputs.conf stanza?

db connect error

Getting Rest endpoint errors when pushing the Splunk_TA_ontap app to all the indexers through Master.

Deploying and updating Splunkbase apps using a deployment server?

Ingesting logs into Splunk Cloud

Can multiple Splunk Universal Forwarders use same NAT IP for sending data to Heavy Forwarder ?

How can I get Ansible script to automate installation of splunk universal forwarder on multiple windows hosts?

How to specify field type value in search query?

ignoreolderthan in inputs.conf vs number of files in "splunk list monitor" performance

Display/Resolve DNS and/or ASN info for an IP address in Search Results

unable to send data to indexer.

Heavy Forwarder fills queues (but not always) when forwarding to external Syslog

udp data packets lost at Heavy Forwarder

Disk space issue on Indexer

metrics - if field not present in raw data how to add it with default value?

Different xml files have not been indexed: directory monitoring.

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

How to handle multiline events from k8s via opente...

Power Platform audit logs

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Getting Data In

Are you a member of the Splunk Community?

Discussions