Getting Data In

Ask a Question

Discussions

Thread Info

Why is splunk-launch.conf not in system/local?

by Motivator in

Split array into multiple lines

I have event that looks like this: field1: field1_value field2: field2_value messages: [ { inner_field1: ...

by New Member in

Where do I start with troubleshooting Parsing Queue issues on a UF?

All, I have SplunkAdmins app installed and received alerts showing me that my Universal Forwarder on a series of ...

by Builder in

Timestamp to Date Conversion

I'm having an issue with a dashboard which is reporting UPC counts by day. If I use the following query, it gives the...

by Loves-to-Learn Lots in

Splunk Parsing - How to do it

I have below json that is printed in logs, { "timestamp": "2019-08-15T07:30:10,472Z", "level": "INFO", "thr...

by Explorer in

What is the minimum network bandwidth required for Splunk forwarding?

I plan to setup Splunk Forwarders to push Windows Events and also some linux events to my central Splunk indexer. Nee...

by Splunk Employee in

no_appending_timestamp and syslog-ng clarification

Just need to clarify - if I'm using syslog-ng to receive udp syslog I do not need the no_appending_timestamp = true i...

by Communicator in

Splunk_Server is showing different server than the one in outputs.conf

Hello, We currently in the process of moving to indexer clustering with 3 new servers. The 3 old servers are stand...

by Path Finder in

Why am I getting error "SSL certificate generation failed" while starting the splunkd process on the universal forwarder?

Hi All, I'm unable to start the splunkd process on the universal forwarder and it's giving an error that SSL certi...

by Path Finder in

Sending multi-line Events as a single line to archive and unchanged to indexer

Hi there, I'm struggling with the following: On a heavy forwarder I get two types of data: windows events and firewal...

by Explorer in

Add monitor file with new index not working

Hello, I have problem with Splunk Forwarder. Currently, i monitor a dir (/var/log/httpd/*) but it automatic del...

by Engager in

How to prevent duplicates in batch mode?

I have a number of small files, each of which maps to a single event. Since these files aren't actively added to (one...

by Explorer in

Splunk Enterprise install windows

I use the basic install on my domain controller and then install forwarder on other machines in the domain. and put m...

by New Member in

How to list defined sourcetypes through API

I am looking for a way to list all defined sourcetypes on a Splunk server, using the REST API. From what little i...

by Explorer in

Multiline Event being split into multiple events

I have a multiline event that's being split into multiple events. I've tried LINE_BREAKER, BREAK_ONLY_BEFORE, and BRE...

by Path Finder in

Splunk Cloud | Splunk Universal Forwarder | No scripts found under the selected path

Hello, I'm trying to pull some data from an API and push it to Splunk using the Universal Forwarder. I installed t...

by Explorer in

timestsamp when data was ingested

When we have ingested wrong timestamps, is there a way to find the timestamp of WHEN the data was ingested, not the _...

by Path Finder in

Remove ::ffff: from logs

I am looking to remove the ::ffff: from Windows event logs: Network Information: Client Address: ::ffff:XX.XX.XX.X...

by Path Finder in

Indexes.conf question

Hey All, I have a question surrounding the best way to deploy the indexes.conf in our environment. We currently ha...

by Builder in

inputs.conf monitor stanza for Windows Universal Forwarder with wildcards not working

I'm facing a problem with writing a stanza that would collect log files from a directory tree. The tree is (example):...

by Explorer in

Indexers props.conf

From Splunk it's said it's best to do your custom Field extractions at search time. So the only extractions you do on...

by Builder in

help with mstats needed

Hello, I have a metric index reflecting the OS kpis (unix nmon tool). In order to process the data with ML algorit...

by Builder in

Eventtypes have gone missing

I have had Splunk Stream up and running for a while, but after upgrading to 7.3.1 some of my Eventtypes that drive th...

by Communicator in

Backing-up a Splunk app being developed inside a Docker container?

I'm using the Splunk-developed splunk/splunk:7.3.0 Docker image as the base ( from) image for my own custom Docker im...

by Builder in

Failed to set up Universal forwarder with docker compose

I want to setup a universal forwarder that receive logs from a syslog server (share a volume) and send logs to a rece...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is splunk-launch.conf not in system/local?

Split array into multiple lines

Where do I start with troubleshooting Parsing Queue issues on a UF?

Timestamp to Date Conversion

Splunk Parsing - How to do it

What is the minimum network bandwidth required for Splunk forwarding?

no_appending_timestamp and syslog-ng clarification

Splunk_Server is showing different server than the one in outputs.conf

Why am I getting error "SSL certificate generation failed" while starting the splunkd process on the universal forwarder?

Sending multi-line Events as a single line to archive and unchanged to indexer

Add monitor file with new index not working

How to prevent duplicates in batch mode?

Splunk Enterprise install windows

How to list defined sourcetypes through API

Multiline Event being split into multiple events

Splunk Cloud | Splunk Universal Forwarder | No scripts found under the selected path

timestsamp when data was ingested

Remove ::ffff: from logs

Indexes.conf question

inputs.conf monitor stanza for Windows Universal Forwarder with wildcards not working

Indexers props.conf

help with mstats needed

Eventtypes have gone missing

Backing-up a Splunk app being developed inside a Docker container?

Failed to set up Universal forwarder with docker compose

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Akamai SIEM add-on configuration IDs in batch

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Getting Data In

Are you a member of the Splunk Community?

Discussions