Getting Data In

Thread Info

Customer wants to manage forwarders with deployment server but we need to insist the batch ingest directory is locked

I've read (https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles) that the prece...

by New Member in

How do you verify that multiple indexes are time synced?

We have upwards of 50 different security technologies reporting into Splunk. I'm being tasked with verifying that all...

by Path Finder in

Parsing time_format with random words between date and time

Hi, I'm attempting to extract data and time from a custom text file where date and time are split across two lines...

by Explorer in

Splunk session key usage

HI Team, I am having a hard time getting a response from splunk enterprise server. Here is my use case- I have a r...

by Explorer in

Issue with syslog data getting behind when read from our syslog server with a universal forwarder

We are running Splunk 6.6.3 and have universal forwarders on our syslog servers. We are finding that some of the data...

by Path Finder in

Couldnt able to login web url of splunk

After splunk indexer server restart we are getting 500 inetrnal server error , though the splunk service is up and ru...

by Splunk Employee in

Logs files missed to get index in Indexer from UF

I don't see 3-4 log files missing while searching on Searchhead. Is there any command to check if Splunk has already ...

by Splunk Employee in

How come I can't override _time with props?

Using an HTTP event collector on a heavy forwarder, I receive JSON that comes in as follows: { "env": "prod",...

by Explorer in

I need to be able to detect packets dropped by Juniper SSG firewalls due to the firewalls' anti-spoofing

How can I use SPLUNK to detect packets dropped by the Juniper ScreenOS because of anti-spoofing configuration on the ...

by Engager in

|rest /servicesNS/-/-/search/distributed/peers Get all indexers - capabilities - user role

Hi I am in a bit of urgent issue and cannot figure out solution. I use that rest call to get list of all indexers:...

by Path Finder in

How to set Timestamp that is in the first line of the file

by Path Finder in

How to extract changing headers from multiline event?

Hi all, I am sending a multiline event to Splunk Enterprise. The first row contains metadata, the second row the f...

by Path Finder in

How do you refresh programmatically created Input configurations?

Hi, Im creating new configurations for ModularInput using C# SDK. This is how I do it: service.Configurations.G...

by Explorer in

Are there practical limits to queue sizing on indexers?

We had an issue with parsing queue filling recently. Our oversized event profile is to blame. To address, I increased...

by Influencer in

How do you select a key value based on key name?

I have a log that looks similar to this: `{ "name": "Joe", "variables":[ { "variableName":"age", "variableValue":"...

by New Member in

Splunk - stop auto indexing JSON

Hi, I have a log that looks like the below, 2019-02-27 09:40:23,312 | INFO | [myapp-metrics-publisher] | [myap...

by Path Finder in

index time and event log time is mismatching

We are getting events from one of our application ,But the indexed time and event logged time is different ,Please le...

by New Member in

How do you set the props.conf file to read gz files in Splunk?

Hello, I have gz files on a Windows server that I am monitoring using a universal forwarder and sending it to heav...

by Builder in

Moving files and folders inputs to heavy forwarder

Hi Splunkers, we use approach to collect logs on syslog and than point Splunk on logs with Files & Directories inp...

by Contributor in

Break up multi line event

I'm trying to query for which ports are open on IP ranges, although the data has multiline information. Below is an e...

by Explorer in

Why is props.conf in my deployment-app not getting picked up?

I have a standalone Splunk environment - I have universal forwarders and an indexer/Deployment server which acts as t...

by Path Finder in

How do I monitor the same path in one app but with different sourcetypes?

Hi, This is my very first question here. I was digging through this site, but did not find an answer to my issue. ...

by Explorer in

Cannot get custom sourcetype to do line breaks correctly

We have Splunk Enterprise with SH, Clustered IX (2), HF and many UFs. I have created an app in the deployment apps fo...

by New Member in

Is there a way to monitor the size of the files uploaded in Splunk?

Hi all, Is there a way to monitor the size of log files that i upload on Splunk ?

by Path Finder in

How come I'm unable to extract multiline events with the multikv command?

Hi, I am trying to extract events from multiline event using multikv. Could someone please help me in configuring ...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Customer wants to manage forwarders with deployment server but we need to insist the batch ingest directory is locked

How do you verify that multiple indexes are time synced?

Parsing time_format with random words between date and time

Splunk session key usage

Issue with syslog data getting behind when read from our syslog server with a universal forwarder

Couldnt able to login web url of splunk

Logs files missed to get index in Indexer from UF

How come I can't override _time with props?

I need to be able to detect packets dropped by Juniper SSG firewalls due to the firewalls' anti-spoofing

|rest /servicesNS/-/-/search/distributed/peers Get all indexers - capabilities - user role

How to set Timestamp that is in the first line of the file

How to extract changing headers from multiline event?

How do you refresh programmatically created Input configurations?

Are there practical limits to queue sizing on indexers?

How do you select a key value based on key name?

Splunk - stop auto indexing JSON

index time and event log time is mismatching

How do you set the props.conf file to read gz files in Splunk?

Moving files and folders inputs to heavy forwarder

Break up multi line event

Why is props.conf in my deployment-app not getting picked up?

How do I monitor the same path in one app but with different sourcetypes?

Cannot get custom sourcetype to do line breaks correctly

Is there a way to monitor the size of the files uploaded in Splunk?

How come I'm unable to extract multiline events with the multikv command?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions