Getting Data In

Discussions

Thread Info

Sending data with HEC vs modular inputs vs raw port

I'm trying to figure out the pros and cons of using each of these methods to send data to Splunk. Let's assume I have...

by New Member in

Can Splunk Forward raw logs directly to AWS S3 Yes/No?

Can a splunk forwarder send logs directly to an S3 bucket without any other intervention as well as send to the splun...

by Loves-to-Learn in

NFS share for frozen data

we have soft link for Fronzen data which link to NFS share. Now storage team just want to change to other IP/hostname...

by Communicator in

How do I use the columns in a CSV file to create a bar graph on a dashboard?

Hi, I'm new to Splunk and I'm trying to create some visualizations on a Splunk dashboard using some CSV data. My data...

by Path Finder in

Data not coming from Kafka to Splunk

Hi Splunker, We are trying to pull data from Kafka queues using Splunk Connect for Kafka at one of our customers. ...

by Champion in

How to filter data coming through Splunk Rest modular input

Hi All, I have created REST modular inputs to collect data from REST API. I am using delimiters,"impact=1" ,Pollin...

by New Member in

Filter data

Hello , I need to filter data in a heavy forwarder , by discarding some of event : i have the field "id" in my data ...

by Path Finder in

How to get a specific result with stats latest when two events have the same timestamp?

Hi, please consider this example.csv: device result _time apollo1 passed 2019-06-28 apollo1 failed 2019-0...

by Communicator in

Scripted input permission denied

Hello. I have a HF and I want it to download a .csv file from another internal server. Right now, I can download it a...

by Builder in

How to redirect some data coming into an indexer (HEC) to another indexer?

I have Http Event Collector inputs defined on an indexer cluster. I need to send one of the tokens' data to a differe...

by Influencer in

How do I create visualizations using JSON data?

I have some log files which I'm serializing into a JSON object and sending it to a Splunk App dashboard (through HTTP...

by Path Finder in

How much data is ingested by a single sourcetype from defined host/clientname

How much data in MB/GB is ingested by a single sourcetype from defined host/clientname

by Path Finder in

Splunk UF Not reading logs.

Hi , I am in a situation now , My splunk Universal forwarder is sometimes sending the logs and sometimes its not s...

by Communicator in

Change source and sourcetype

I have several thousand events that I want to change the source and sourcetype. I started putting them in the index w...

by Motivator in

How can we normalize our syslog host names?

Our syslog data looks like - # 2019 Jun 25 17:54:30 xxx-yyy-zzz-8 daemon info DataCollector. In transforms.conf we...

by Ultra Champion in

How to trim base domain from url

I have several pieces of data that look like this: subdomain1.domain.com subdomain2.domain.com Question is how...

by Explorer in

Not able to send csv data to splunk index via rest call - HEC

curl -k "http://host:8088/services/collector/?sourcetype=csv& index=csv_data" \ -H "Authorization: Splunk < token key...

by New Member in

How to change splunk search hed deafult hostname with some DNS?

I have hostname tb1239905 and port 18000 ,I want to access my with test.splunk.in. When ever splunk send mail link ,I...

by Path Finder in

What does the 'groupby_rank: "0" ' property in 'fields' member of job result response mean ?

Hello, If I hit the url : services/search/jobs/[job id]/results in the API, I get a response like : { "previe...

by Explorer in

Using DATETIME_CONFIG=NONE with a DATETIME_CONFIG fails to extract dates

I'm having trouble parsing a log file that has a format similar to this format: 2019-07-08 14:03:59.335 INFO [File...

by Path Finder in

Can Splunk be used for Video Conferencing Infrastructure data?

Can Splunk used for Video Conferencing Infrastructure i.e., Cisco or Polycom's Multiconference Control Unit(MCU), Vid...

by New Member in

Uneven distribution of Logs in Multisite Cluster

Strange thing happened in my environment, we have got multisite cluster where all logs were distributed near perfectl...

by Communicator in

Advice on personal experience of data count of data sources per host

Hey all. So my company has recently acquired 200GB added on top of our current licence. We are interested in 3 differ...

by New Member in

is it possible to view indexed data from one index in an another indexer?

Hello Splunkers, I have two splunk instances, due to some operational and security reasons, I need to see some spe...

by New Member in

xml-challenge: create and fill INDEPENENT Splunk-fields for repeating nested -Structures

Hi, I am trying to find a solution to an easy sounding problem: I am having an xml input file, which contains bill...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Sending data with HEC vs modular inputs vs raw port

Can Splunk Forward raw logs directly to AWS S3 Yes/No?

NFS share for frozen data

How do I use the columns in a CSV file to create a bar graph on a dashboard?

Data not coming from Kafka to Splunk

How to filter data coming through Splunk Rest modular input

Filter data

How to get a specific result with stats latest when two events have the same timestamp?

Scripted input permission denied

How to redirect some data coming into an indexer (HEC) to another indexer?

How do I create visualizations using JSON data?

How much data is ingested by a single sourcetype from defined host/clientname

Splunk UF Not reading logs.

Change source and sourcetype

How can we normalize our syslog host names?

How to trim base domain from url

Not able to send csv data to splunk index via rest call - HEC

How to change splunk search hed deafult hostname with some DNS?

What does the 'groupby_rank: "0" ' property in 'fields' member of job result response mean ?

Using DATETIME_CONFIG=NONE with a DATETIME_CONFIG fails to extract dates

Can Splunk be used for Video Conferencing Infrastructure data?

Uneven distribution of Logs in Multisite Cluster

Advice on personal experience of data count of data sources per host

is it possible to view indexed data from one index in an another indexer?

xml-challenge: create and fill INDEPENENT Splunk-fields for repeating nested -Structures

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!