Getting Data In

Discussions

Thread Info

Adding a Unix indexer to support apps

Again, new to Splunk. I currently have a single instance of Splunkenterprise installed on a Win12 R2 server. We would...

by New Member in

splunk-kinesis-stream-processor Lambda timeouts

Hello, We're trying to use the Splunk provided Lambda application splunk-kinesis-stream-processor (from Serverless...

by New Member in

How do you filter out an event based on an account name?

Hello, I am trying to exclude specific event logs from a Windows system being forwarded and indexed to Splunk. ...

by New Member in

Splunk DB connect: How does it work when storing/indexing data?

Hello community, First of all, thank you for reading this question. I am being asked to monitor a new data source ...

by Explorer in

Why aren't my apps props.conf not being exported when using export = system?

My props.conf values are not being picked up by the Splunk search app. I currently have the following stanza set in ...

by New Member in

HF logs is missing from _internal index

I have this Heavy Forwarder apparently not sending its own _internal logs $SPLUNK_HOME/var/log/splunk/*.log to the in...

by Explorer in

Filter events for specific keywords

Hi, I have some set of events that has keywords like "inbound message" and "outbound message". the events looks so...

by Explorer in

moving from indexed time _json to search time

We are using a lot of indexed time _json sourcetypes on our heavy forwarder for file inputs and HTTP event collector....

by Path Finder in

Splunk occasionally not capturing all logs

Hey all, I'm running into some odd behavior. I currently have splunkforwarder set up on a container and it should be ...

by New Member in

how can i ignore the last line from the csv file while indexing from the universal forwarder ??

how to tell my universal forwarder to ignore the last line from the CSV during parsing

by Path Finder in

What happens if you deploy an inputs.conf from a DS if an inputs.conf already exists?

Hi, Its just as the title suggests. If a have a deployment client with an inputs.conf thats already configured as ...

by Communicator in

how we RUN Script which convert binary index data into csv and again save it into same index?

Hi please help me ,I have Universal forwarder install on another machine ,which send binary data to splunk insatnce ....

by Explorer in

Scripted Input - Python Module Error

I have a python script that pulls data from an SFTP source and writes the data to a file (myScript.py). The script im...

by Explorer in

How do I find out long the a field is greater than variable X?

Hi, We are monitoring Windows performance logs. We would like to know when the CPU usage started to go over 90% an...

by Engager in

Why is my HTTP event collector Indexing slowly?

Fellow Splunksters, I have been able to send data to Splunk via TCP sockets for a while and never had any issues. ...

by New Member in

Heavyforwarder transforms.conf split data into multiple indexes

Hello experts, Need help. My requirement is to extract 1st set of lines into 1st index and 2nd set into 2nd index....

by Builder in

Is it possible to use Splunk to Alert on too many users per license or expiring licenses for Office365?

Well the title says it all, I want to create an Alert for licenses that are approaching the max amount of users or ar...

by Path Finder in

Show Failed Login by user, IP Address

Experts, We are a financial institution using Splunk to capture Failed login count by username and IP address. We ...

by New Member in

How to configure Smartstore for both warm and frozen buckets

I've read through the posts and cannot find an answer to this, forgive me if i missed a relevant post. I'm specifi...

by Explorer in

SEDCMD regex json in props.conf doesn't work but works in regex01 and sed command line

Hello, i got a json which looks like this: https://pastebin.com/xHebS2x3 i need to get rid of the field 'sql...

by Path Finder in

ARM treasuredata integration with Splunk

hello experts, I am in the process of integrating ARM treasuredata with splunkis there any standard way of integratio...

by Explorer in

Connection issues: when I created a new indexer, our data is not showing up.

There are a couple of indexes in inputs.conf. I just added a new index with a new port. All other indexes are work...

by Path Finder in

Successfull brute force loggings

I am looking for successfull brute force logins basically I am looking for 5 failed logings followed by 1 successfull...

by Explorer in

Load difference Indexed real-time search versus real-time search

Has anyone real world experience on the difference in the load on a search head if a real time search is executed as ...

by Contributor in

eval output is incorrect when comparing two fields with numeric values

I have a query that has an eval statement that assigns 1 to field 'isTrue' if field 'value1' is greater than field 'v...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Adding a Unix indexer to support apps

splunk-kinesis-stream-processor Lambda timeouts

How do you filter out an event based on an account name?

Splunk DB connect: How does it work when storing/indexing data?

Why aren't my apps props.conf not being exported when using export = system?

HF logs is missing from _internal index

Filter events for specific keywords

moving from indexed time _json to search time

Splunk occasionally not capturing all logs

how can i ignore the last line from the csv file while indexing from the universal forwarder ??

What happens if you deploy an inputs.conf from a DS if an inputs.conf already exists?

how we RUN Script which convert binary index data into csv and again save it into same index?

Scripted Input - Python Module Error

How do I find out long the a field is greater than variable X?

Why is my HTTP event collector Indexing slowly?

Heavyforwarder transforms.conf split data into multiple indexes

Is it possible to use Splunk to Alert on too many users per license or expiring licenses for Office365?

Show Failed Login by user, IP Address

How to configure Smartstore for both warm and frozen buckets

SEDCMD regex json in props.conf doesn't work but works in regex01 and sed command line

ARM treasuredata integration with Splunk

Connection issues: when I created a new indexer, our data is not showing up.

Successfull brute force loggings

Load difference Indexed real-time search versus real-time search

eval output is incorrect when comparing two fields with numeric values

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures