Getting Data In

Thread Info

Splunk forwarder not working

Hi Splunkers, One of my Universal forwarder was down for a month. So when i noticed I restarted the services back ...

by Explorer in

Scripted Input - Multi-line Event Issue

I have a scripted input that checks disk space used by directories (--max-depth=1 though!). So example output look...

by Path Finder in

csv couldn't be opened for reading

My csv is placed on desktop So I am using | inputcsv "C:/Users/JM/Desktop/rap.csv" Splunk is not able to read. It sa...

by Contributor in

How can I take csv from the client (Windows 10)

Already install the splunk server at Linux. Linux: Red Hat 7 Splunk: 6.6.0 Splunk Free I want take csv file fro...

by New Member in

How can I increase the speed of parsing on my Heavy Forwarder?

Good day, sirs! What system resource do I need to increase to increase the speed of parsing of my Heavy Forwarder?...

by Communicator in

How to rename the savedsearches using REST API

Hi Splunkers, Any idea how can we rename the saved searches using REST API. I have tried by referring https://w...

by Engager in

splunk forwarder OS version

Hi, i am able to get spunk forwarder deaials using below query but i need information like windows 2012,2016, linu...

by Explorer in

Splunk not working across Vagrant Synced folder

I have an interesting problem--I'm on a Mac, and due to an entirely different issue, I can't reliably run Splunk in O...

by New Member in

LINE_BREAKER doesn't seem to work for new add-on

Hi, I've been trying to create a new add-on to ingest some data into a new sourcetype within splunk via a REST API...

by Path Finder in

KV store gap and backfilling?

There are a few days in our licensing_epd KV store (from SA-AuditAndDataProtection app). Is there a way I can backfil...

by Engager in

Using Heavy Forwarded to Send Subset of Data to 3rd Party and Not Index

Having issues with routing data to a 3rd party and then dropping the events from being indexed. The Windows event is ...

by New Member in

If I have no transforms.conf or props.conf, when are fieldnames + fieldvalues extracted?

So if I had incoming data and it goes to an indexer, would the fieldnames/fieldvalues be extracted at that point as t...

by Engager in

Splunk Intermitten Indexer Cluster issues after upgrade to 7.2.1

05-17-2019 00:35:38.768 -0700 WARN CMSlave - Failed to register with cluster master reason: failed method=POST path=/...

by Communicator in

Why is the ResultsReaderJson giving me the following error?: "The import com.google cannot be resolved and JsonReader cannot be resolved to a type"

Hi, I have the events as JSON in my index Search, which i am trying to read in Java, but i am getting the followi...

by Path Finder in

How to filter results between lookup and the results of the query?

Hello, I have a lookup file which contains field and it’s values as follow. Country location India Andhra Prade...

by Path Finder in

Ingest failed events from Kinesis Backsplash bucket

I have just setup a Kinesis Firehose stream to push data into Splunk. While doing this I have setup a backsplash buck...

by Path Finder in

Forwarder Install via RPM: Failed Dependencies

I'm currently trying to install a Splunk Forwarder onto a 64-bit CentOS box via RPM. I'm logged into the machine as a...

by Communicator in

Values repeated in each field

I am getting repeated values in Splunk fields. This can be seen only in Table view. For list view/raw there is no rep...

by Path Finder in

How to view Docker host and container details?

Hi team, This is regarding the issues I am facing w.r.t to Docker I have installed the monitoring docker appli...

by Explorer in

Restore frozen data

Hi currently i am restoring the data from frozen bucket to thawed bucket , i am copying the data from frozen to thawe...

by Communicator in

To filter data from cloudwatch logs to splunk

Hi, I am getting cloudwatch logs data into Splunk. Right now, i am getting all the log data but i want only specif...

by Explorer in

Need input stanza for a shared drive

Hi Team, I have a following path which is located in a shared drive so how should i need to write the inputs.conf ...

by Path Finder in

How to filter results in timechart statistics table?

EventID = “ok” | timechart span=1h count(EventID) by Login Every hour I need to display only those values, where c...

by Explorer in

Route to index based on source IP/Dest IP in log (Not source host)

I cannot seem to get this to work so I assume I am doing something wrong. We are about to start a POC for splunk but ...

by Explorer in

How to convert JSON array of Name/Value pairs to field/value for event

I am working with JSON data... which looks like this: {"DN" : "CN=Test Group, OU=Test OU, O=\"Corp.com\"", "source...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk forwarder not working

Scripted Input - Multi-line Event Issue

csv couldn't be opened for reading

How can I take csv from the client (Windows 10)

How can I increase the speed of parsing on my Heavy Forwarder?

How to rename the savedsearches using REST API

splunk forwarder OS version

Splunk not working across Vagrant Synced folder

LINE_BREAKER doesn't seem to work for new add-on

KV store gap and backfilling?

Using Heavy Forwarded to Send Subset of Data to 3rd Party and Not Index

If I have no transforms.conf or props.conf, when are fieldnames + fieldvalues extracted?

Splunk Intermitten Indexer Cluster issues after upgrade to 7.2.1

Why is the ResultsReaderJson giving me the following error?: "The import com.google cannot be resolved and JsonReader cannot be resolved to a type"

How to filter results between lookup and the results of the query?

Ingest failed events from Kinesis Backsplash bucket

Forwarder Install via RPM: Failed Dependencies

Values repeated in each field

How to view Docker host and container details?

Restore frozen data

To filter data from cloudwatch logs to splunk

Need input stanza for a shared drive

How to filter results in timechart statistics table?

Route to index based on source IP/Dest IP in log (Not source host)

How to convert JSON array of Name/Value pairs to field/value for event

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions