Getting Data In

Discussions

Thread Info

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input file from forwarder instead of the scheduling with given fixed time ?

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input ...

by Path Finder in

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

distributed system. splunk 7.1.2 one SH + one indexer In the SH splunkd log: DistributedPeerManager - Distribu...

by Path Finder in

What should the indexer queues be?

After filling the tiny queues on the indexers, we would like to move to bigger queues. We are thinking about the ...

by Motivator in

How do I see all Hosts?

It's only showing "Top 10 Values" for some reason.

by Path Finder in

How to debug why a universal forwarder is parsing files from paths but no data is ingested?

Hi Everyone, I am trying to monitor xml files from a directory in a certain server. But for some unknown reason/s ...

by Path Finder in

Multiple Splunk indexer with same $SPLUNK_DB location

Hi, I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk versi...

by Explorer in

Splunkd Warning: "C:\program files\...\local.meta already exists but with different casing: C:\Program Files\...\local.meta"

Hello fellow Splunkers, We've been tracking down and resolving our Splunkd errors and warnings. This one has us pe...

by Motivator in

How to find the Active Directory and ingest data from it?

Trying to get data from the AD data from the forwarder to Domain Controller. Could not see any settings within Splun...

by New Member in

Splunk is pulling the wrong custom .conf file

I have two apps that are both utilizing the same exact type of custom .conf file. The data in the .conf files are sup...

by New Member in

JSON Split at Index Time

Hi all, I have a JSON file output from a RESTful API service and the log looks something like this: { "Provider...

by Explorer in

Allow only a specified SSL cipher in the splunk forwarder?

Hello, our Nessus scanner show a issue with the 56 bit SSL ciphers which are allowed by the splunk forwarder: ...

by Path Finder in

Limitation of using Forwarder license

Hi I have read splunk docs https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/TypesofSplunklicenses I want to ...

by Builder in

Event breaking not working properly with the regex ([\r\n]+)

Event breaking not working properly with the below regex... props.conf LINE_BREAKER=([\r\n]+) My Log data : ...

by Path Finder in

Is Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk Deployment Server (Splunk Enterprise) 7.0?

Hi All, Just want to ask if Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk ...

by Communicator in

How to create Alert for monitoring splunk forwarder that events is not fetched within the last 5 minutes

Hello, I have multiple scripts in each host which send availability,memory,space details of servers to splunk in ever...

by Explorer in

What does the number of files in the data inputs, files and directories page indicate?

Hi Everyone, I was wondering what the number of files in the data inputs, files and directories page indicate? I h...

by Path Finder in

Question on indexes and retention policy

I have 5 indexers in a cluster environment with replication factor 3 . We have a license of 350 GB and our daily aver...

by Builder in

Ingest XML files, fields not being created

Hi, i am trying to ingest XML files and split the elements in fields, my log files are; <?xml version="1.0" enc...

by Communicator in

splunkclouduf.spl failed login

Receiving this error below... C:\Program Files\SplunkUniversalForwarder\bin>splunk install app splunkclouduf.spl ...

by New Member in

Time/Date Stamp errors

Hello I have empty log files that get monitored and I keep getting the following warnings: Failed to parse tim...

by Contributor in

filtering logs before indexing

I have json type of data and below is the sample events .I want to filter out the events which have the field called ...

by Builder in

Timezone change TZ not working.

Hi, We are getting logs in UTC format, I tried using TZ=UTC on Heavy forwarder, but its not working for all events...

by Path Finder in

Monitoring multiple servers/paths with a single inputs.conf app

Trying to setup an "intelligent" inputs.conf that uses the system name of the forwarder then uses the correct path fo...

by Communicator in

Need a help on Line Breaking and Time Prefix, Time_Format on props.conf ?

Hi All, Need a help on Line Break Regex and TIME_FORMAT on props.conf, I am ingesting sonarqube logs in to splunk for...

by Motivator in

Splunk filter search to show only multi-value fields

I'm working on a splunk search head that was set up my someone else at work and I'm not very familiar with the datase...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input file from forwarder instead of the scheduling with given fixed time ?

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

What should the indexer queues be?

How do I see all Hosts?

How to debug why a universal forwarder is parsing files from paths but no data is ingested?

Multiple Splunk indexer with same $SPLUNK_DB location

Splunkd Warning: "C:\program files\...\local.meta already exists but with different casing: C:\Program Files\...\local.meta"

How to find the Active Directory and ingest data from it?

Splunk is pulling the wrong custom .conf file

JSON Split at Index Time

Allow only a specified SSL cipher in the splunk forwarder?

Limitation of using Forwarder license

Event breaking not working properly with the regex ([\r\n]+)

Is Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk Deployment Server (Splunk Enterprise) 7.0?

How to create Alert for monitoring splunk forwarder that events is not fetched within the last 5 minutes

What does the number of files in the data inputs, files and directories page indicate?

Question on indexes and retention policy

Ingest XML files, fields not being created

splunkclouduf.spl failed login

Time/Date Stamp errors

filtering logs before indexing

Timezone change TZ not working.

Monitoring multiple servers/paths with a single inputs.conf app

Need a help on Line Breaking and Time Prefix, Time_Format on props.conf ?

Splunk filter search to show only multi-value fields

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions