Getting Data In

Thread Info

How much data should be sent to one forwarder?

Hello, I am setting up a log collector with a Universal Forwarder attached for collecting network logs (syslog-ng) an...

by Engager in

Help with docker Splunk logging driver URL change

We are in the process of changing our Splunk web DNS name and securing it with https. We are using Splunk logging dr...

by Engager in

Forward data to third-party systems from splunk

Hi, Splunk Version: 7.1.1 we are planning to send splunk existing data to third-party system called Champ. thou...

by New Member in

I already have a source of gauged metrics accessible by http. How can Splunk PULL those?

I already have a source of gauged metrics accessible by http. How can Splunk PULL those? I cannot PUSH those metri...

by New Member in

Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "Edit Source" to fix

Windows Overview Dashboard error. Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "...

by New Member in

What is the best practice to send logging from mobile devices to Splunk?

Hi everyone, currently i'm investigating what the best practice is to send logging from mobile devices (Android) t...

by Engager in

feed Splunk App for Windows Infrastructure without forwarders?

I have a situation where management wants to see server status of some remote deployed servers, but due mostly to pol...

by Contributor in

mask anonymize data by role

Is there a way to mask or anonymize data in splunk by role such that one role (such as Admin) can see all the data on...

by Explorer in

Can you help me split a JSON event with regex in props.conf?

Hi guru's: i have JSON data that looks like the below. { "BOMxmlDlTime": 0.6584670543670654, "TODAY-P...

by Path Finder in

Does Splunk Universal Forwarder forward audit events

Does Splunk Universal Forwarder forward audit event logs to Splunk _audit index? I can see Splunk HF's are forwarding...

by Contributor in

Active Directory not send logs for Splunk

Hello, I am using splunk enterprise on linux server. I want to monitor active directory logs. I installed the univ...

by New Member in

I want to take input from forwarder but before that I want to run python script

I want to take input from forwarder but before that I want to run python script, just like in enterprise we can add d...

by New Member in

Change hostname

Hello All, I have several devices on our network that has one interface/IP address in our DMZ and a management IP ...

by Contributor in

Running into errors while disabling the legacy ciphers in splunk 7.2

I am trying to follow the document to disable the legacy ciphers in the Splunk 7.2, and I notice that the cluster mas...

by Splunk Employee in

Xml logs event separation

Hi. I have 10000 xml log output. like : {LOG DATE.../DATE TIME.../TIME CC.../CC AMOUNT.../AMOUNT /LOG} I need to bre...

by New Member in

LDAP pre-cache

If we have multiple users in our organization and do these users expire from the LDAP pre-cache?

by Splunk Employee in

How to configure a sourcetype for JSON data to parse each line as a distinct event?

I have an application that logs out single line JSON statements. For some reason when I load this into Splunk, most o...

by Path Finder in

How to populate Meaningful form of data

Hi Guys, Can you please help me, in framing a query. Like i have this kind of data structure: clk_ctrl: { [-] ...

by New Member in

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input file from forwarder instead of the scheduling with given fixed time ?

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input ...

by Path Finder in

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

distributed system. splunk 7.1.2 one SH + one indexer In the SH splunkd log: DistributedPeerManager - Distribu...

by Path Finder in

What should the indexer queues be?

After filling the tiny queues on the indexers, we would like to move to bigger queues. We are thinking about the ...

by Motivator in

How do I see all Hosts?

It's only showing "Top 10 Values" for some reason.

by Path Finder in

How to debug why a universal forwarder is parsing files from paths but no data is ingested?

Hi Everyone, I am trying to monitor xml files from a directory in a certain server. But for some unknown reason/s ...

by Path Finder in

Multiple Splunk indexer with same $SPLUNK_DB location

Hi, I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk versi...

by Explorer in

Splunkd Warning: "C:\program files\...\local.meta already exists but with different casing: C:\Program Files\...\local.meta"

Hello fellow Splunkers, We've been tracking down and resolving our Splunkd errors and warnings. This one has us pe...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How much data should be sent to one forwarder?

Help with docker Splunk logging driver URL change

Forward data to third-party systems from splunk

I already have a source of gauged metrics accessible by http. How can Splunk PULL those?

Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "Edit Source" to fix

What is the best practice to send logging from mobile devices to Splunk?

feed Splunk App for Windows Infrastructure without forwarders?

mask anonymize data by role

Can you help me split a JSON event with regex in props.conf?

Does Splunk Universal Forwarder forward audit events

Active Directory not send logs for Splunk

I want to take input from forwarder but before that I want to run python script

Change hostname

Running into errors while disabling the legacy ciphers in splunk 7.2

Xml logs event separation

LDAP pre-cache

How to configure a sourcetype for JSON data to parse each line as a distinct event?

How to populate Meaningful form of data

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input file from forwarder instead of the scheduling with given fixed time ?

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

What should the indexer queues be?

How do I see all Hosts?

How to debug why a universal forwarder is parsing files from paths but no data is ingested?

Multiple Splunk indexer with same $SPLUNK_DB location

Splunkd Warning: "C:\program files\...\local.meta already exists but with different casing: C:\Program Files\...\local.meta"

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions