Getting Data In

Thread Info

Collecting server logs without installing Splunk UF?

Hi , How to collect server logs without installing the Splunk Universal forwarder. Because the server owned team is...

by Builder in

trial

by Path Finder in

Event count is showing Zero

I am new to splunk and observing the event count and current size showing a 0, even though we can search on the inde...

by Observer in

Display time in UTC

We are trying to run a report that groups data by the UTC date of events occur. Our Heavy forwarders collect the data...

by Explorer in

Field Extraction from Nested Json during Index time

Hi All, TagData [ [-] { [-] Key: Application Value: Test_App } { [-] Key: Email Value: test@abc.com } ]...

by Path Finder in

Inner Join

Let say I have 2 lookup files , lookup1 has 50 values and other have 150 valuesso when I inner join lookup1 to look...

by Contributor in

Bitlocker Windows Events Inputs.conf

I'm trying to get bitlocker events into Splunk. Below is what I have in the inputs.conf and it appears to not be work...

by New Member in

It does not search for Snort json alerts

I installed Snort 3 JSON Alerts add-on. I made changes in inputs.conf (/opt/splunk/etc/apps/TA_Snort3_json/local) lik...

by Explorer in

Splunk Add-on for Sysmon - Could not load lookup=LOOKUP-eventcode

Hi, Following the official instructions https://apps.splunk.com/apps/id/Splunk_TA_microsoft_sysmon , Splunk Add-...

by Contributor in

HF can't reach splunk cloud

I've created the HF, and set up the ip allow list. From the Azure Connection troubleshoot, the testing is successful,...

by Loves-to-Learn in

saved searches

i want to get list of scheduled saved searches with the name and the searches itself. can anybody help?

by Contributor in

Bro log ingestion and indexing

Hey all super new to splunk administration - I'm having issues with the bro logs being indexed properlyI have 2 days ...

by New Member in

Diagrams of how Search Head works in the Splunk platform

The purpose of this query is to create legacy diagrams of how the search head works in Splunk. I want to know the int...

by Engager in

Logs compression in Splunk HEC spring boot

Hi Team, Can we compress the logs using Splunk HEC HttpEventCollectorLogbackAppender? Please guide here, how to com...

by New Member in

VIP Setup on Heavy Forwarder

There are two heavy forwarders at our site. The current setup is that there is a VIP defined for client server acces...

by New Member in

Missed Data From Nessus Scan

We had a Nessus scan but Nessus configuration was not completed on tenable add-on on the splunk side. Hence we missed...

by Contributor in

SSL error with new version of nozomi addon

Hi, I'm not able to integrate SPlunk with Nozomi, with the available app (Nozomi Networks Universal Add-on), on the o...

by Loves-to-Learn in

splunk forwarder : Remote login has been disabled for 'admin' with the default password. How to login or reset password?

Upgraded universal splunk universal forwarder from 9.0.2 to 9.1.0. ./splunk list monitor gives me the following er...

by Explorer in

How do I set up a login to Splunk forwarder?

Apparently the Splunk forwarder (splunkforwarder) has a web interface listening on port 8089. When I try to login wit...

by Path Finder in

Index.conf error

Hey, I am setting up a Splunk Dev env. I have one indexer, one SH, and one forwarder. I have uninstalled and reinstal...

by Communicator in

Line breaker is not working

Hi team, Upload the CSV file into Splunk, In CSV file form 47th row to 7th row into single event, written configura...

by Loves-to-Learn Everything in

Why has the index process paused data flow? How to handle too many tsidx files?

This issue happens when incoming thruput for hotbuckets is faster than splunk optimize can merge tsidx files and ke...

by Splunk Employee in

Does a heavy forwarder require a license?

I am looking to place a heavy forwarder in Azure have it forward events/data to the main indexer with one method usin...

by Path Finder in

ERROR JsonLineBreaker had parsing error:Unexpected character while parsing backslash escape: '|'

Hi, I am getting below JSOnParser exception in one of my data source [json sourcetype]. Don't think there is any ...

by New Member in

Impact of indexer going down for sometime.

Hello All, We have a server on which indexer and search head deployed. furthermore we are getting logs from UF and ...

by Loves-to-Learn in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Collecting server logs without installing Splunk UF?

trial

Event count is showing Zero

Display time in UTC

Field Extraction from Nested Json during Index time

Inner Join

Bitlocker Windows Events Inputs.conf

It does not search for Snort json alerts

Splunk Add-on for Sysmon - Could not load lookup=LOOKUP-eventcode

HF can't reach splunk cloud

saved searches

Bro log ingestion and indexing

Diagrams of how Search Head works in the Splunk platform

Logs compression in Splunk HEC spring boot

VIP Setup on Heavy Forwarder

Missed Data From Nessus Scan

SSL error with new version of nozomi addon

splunk forwarder : Remote login has been disabled for 'admin' with the default password. How to login or reset password?

How do I set up a login to Splunk forwarder?

Index.conf error

Line breaker is not working

Why has the index process paused data flow? How to handle too many tsidx files?

Does a heavy forwarder require a license?

ERROR JsonLineBreaker had parsing error:Unexpected character while parsing backslash escape: '|'

Impact of indexer going down for sometime.

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions