Getting Data In

Ask a Question

Discussions

Thread Info

Limitation of using Forwarder license

Hi I have read splunk docs https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/TypesofSplunklicenses I want to ...

by Builder in

Event breaking not working properly with the regex ([\r\n]+)

Event breaking not working properly with the below regex... props.conf LINE_BREAKER=([\r\n]+) My Log data : ...

by Path Finder in

Is Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk Deployment Server (Splunk Enterprise) 7.0?

Hi All, Just want to ask if Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk ...

by Communicator in

How to create Alert for monitoring splunk forwarder that events is not fetched within the last 5 minutes

Hello, I have multiple scripts in each host which send availability,memory,space details of servers to splunk in ever...

by Explorer in

What does the number of files in the data inputs, files and directories page indicate?

Hi Everyone, I was wondering what the number of files in the data inputs, files and directories page indicate? I h...

by Path Finder in

Question on indexes and retention policy

I have 5 indexers in a cluster environment with replication factor 3 . We have a license of 350 GB and our daily aver...

by Builder in

Ingest XML files, fields not being created

Hi, i am trying to ingest XML files and split the elements in fields, my log files are; <?xml version="1.0" enc...

by Communicator in

splunkclouduf.spl failed login

Receiving this error below... C:\Program Files\SplunkUniversalForwarder\bin>splunk install app splunkclouduf.spl ...

by New Member in

Time/Date Stamp errors

Hello I have empty log files that get monitored and I keep getting the following warnings: Failed to parse tim...

by Contributor in

filtering logs before indexing

I have json type of data and below is the sample events .I want to filter out the events which have the field called ...

by Builder in

Timezone change TZ not working.

Hi, We are getting logs in UTC format, I tried using TZ=UTC on Heavy forwarder, but its not working for all events...

by Path Finder in

Monitoring multiple servers/paths with a single inputs.conf app

Trying to setup an "intelligent" inputs.conf that uses the system name of the forwarder then uses the correct path fo...

by Communicator in

Need a help on Line Breaking and Time Prefix, Time_Format on props.conf ?

Hi All, Need a help on Line Break Regex and TIME_FORMAT on props.conf, I am ingesting sonarqube logs in to splunk for...

by Motivator in

Splunk filter search to show only multi-value fields

I'm working on a splunk search head that was set up my someone else at work and I'm not very familiar with the datase...

by Path Finder in

What is the admin account for on a Universal Forwarder?

I have UFs on some "sensitive" servers and the owners - that did the install are questioning the purpose of the Admin...

by Builder in

Coverting raw IIS logs timestamp from GMT to EST

Hello All, I'm working in a windows environment ingesting IIS logs from windows servers. The logs are written in G...

by Builder in

How to configure Splunk Heavy Forwarder and Splunk Searchhead on the same machine?

Hi @gcusello (tagging u because i have seen many of your answers in this context  ) , Is it possible to configure Sp...

by Communicator in

how to use source stanza in props.conf with spefic regex?

i'm trying yo use below source stanza in props.conf file to break the events. my source pattern will be ""xxx/mess...

by Path Finder in

Timestamp issue

I have below sample events in log file- 2019-07-19|23:02:24.213|TEST|XYZ|Test1 2019-07-19|23:02:24.213|TEST|XYZ|Te...

by Builder in

Is it possible to provide upload option in dashboard?

Hi, I have a requirement of where i need to provide the uploading button in dashboard and user will upload the log...

by New Member in

What is aggregation in Splunk?

The instruction of my project is: All local event logs must be duplicated to Splunk for events aggregation. In additi...

by Engager in

Monitoring file on unix and alerting based on some condition on the same file

I have set file monitoring, file is placed on the Unix . I am able to see the events being indexed in the Splunk howe...

by Explorer in

Sending Post to HEC (Splunk Cloud) not working

Hi, I've created my Data Input, enabled what needs to be enabled. The PUT works, and I get a Success response. How...

by New Member in

logview vs Logevent API method

Case1: Whenever we are loading a page/screen we use Splunk API method called “logview(“Splash Screen”)” Case 2:...

by New Member in

Match 2 Windows Events around the same time

I am trying to write a simple rule that correlates 2 events that would occur at the same time. For example an account...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Limitation of using Forwarder license

Event breaking not working properly with the regex ([\r\n]+)

Is Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk Deployment Server (Splunk Enterprise) 7.0?

How to create Alert for monitoring splunk forwarder that events is not fetched within the last 5 minutes

What does the number of files in the data inputs, files and directories page indicate?

Question on indexes and retention policy

Ingest XML files, fields not being created

splunkclouduf.spl failed login

Time/Date Stamp errors

filtering logs before indexing

Timezone change TZ not working.

Monitoring multiple servers/paths with a single inputs.conf app

Need a help on Line Breaking and Time Prefix, Time_Format on props.conf ?

Splunk filter search to show only multi-value fields

What is the admin account for on a Universal Forwarder?

Coverting raw IIS logs timestamp from GMT to EST

How to configure Splunk Heavy Forwarder and Splunk Searchhead on the same machine?

how to use source stanza in props.conf with spefic regex?

Timestamp issue

Is it possible to provide upload option in dashboard?

What is aggregation in Splunk?

Monitoring file on unix and alerting based on some condition on the same file

Sending Post to HEC (Splunk Cloud) not working

logview vs Logevent API method

Match 2 Windows Events around the same time

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions