Getting Data In

Thread Info

How do you filter out dates from being segmented in segmenters.conf?

Hi all, Splunk offers the possibility to customize the way we want data to be segmented in the index files with a...

by New Member in

Average/Mean time differences by device

I have data from several devices in the same index and sourcetype. I'd like to get the average/mean diffs for each sp...

by New Member in

What is the correct parameter in props.conf for csv file ?

Hi all, i'm pretty new here. I need to assign a name to the fields of a .csv imported file, but it doesn't work. I...

by New Member in

how we can ingest data from url ?

How we can get the data into splunk through URL how to pull data from sharepoint site into Splunk

by Engager in

How to monitor a windows service, send an alert and restart the service?

How can we to monitor various windows services and send alerts when they are down and optionally attempt to restart t...

by Engager in

Unable to fix Bucket corruption : rawdata was truncated

Hiya Bucketheads after running rebuild on a index, quite a lot of buckets were not fixed with below reason. ...

by Contributor in

Can you use Splunk to ingest Red Hat Satellite logs?

Can you use Splunk to ingest Red Hat Satellite logs? There is a Red Hat Storage App and a Splunk app for RedHat Cloud...

by Splunk Employee in

Universal forwarder issue in AWS

Hi , i have created 2 instances of windows in AWS and using one of the instance using universal forwarder to forward ...

by New Member in

How can I set up up Snmp and is it possible for this service to translate the OIDs before saving to file?

We have a SAP platform sending SNMP traps to a Splunk host. We have configured the net-snmp service to capture those ...

by Communicator in

Scripted Input Multiline Event wanted

Hey, I got a script which is executing a vmstat command on a host. Since yesterday I received the output in a sing...

by Path Finder in

Logging lagging behind

During the day one specific type of logging seems to lag behind quite a lot. From 10 minutes behind at the start of t...

by Path Finder in

After log rotation, UF does not forward logs.

My environment: Splunk Ver 7.2.3 UF Ver 7.2.3 UF monitors var/log/messages, and forward it to Splunk. But afte...

by Builder in

PCI Compliance App data source logs sizing

We need to propose PCI Compliance app on Splunk for one of our customer. I would like to ask you how to do logs sizin...

by New Member in

Linebreaker for ESXi Logs

I am having problems getting the line breaking to work. The below events are showing as one event with the below set ...

by Path Finder in

unable to get XML to parse correctly

Got an XML file that for the life of me I can not get parse correctly. I have tried to use LINE_BREAKER on the 1st li...

by Contributor in

About version difference between UF and SH.

I saw it. https://docs.splunk.com/Documentation/Forwarder/7.2.4/Forwarder/Compatibilitybetweenforwardersandindexers ...

by Communicator in

Optimising CPU + RAM usage on Universal Forwarder

Hello guys, I've been looking around in the questions and most of them are about forwarders causing High CPU becau...

by Super Champion in

Can you help me understand the forwarder to indexers data flow?

Hello, I know that forwarders have the path /opt/splunk/etc/system/local where you can find files like inputs.conf...

by Explorer in

Missing Continuously Monitor and Index Once setting option in Add Data>Files & Directories

Missing Continuously Monitor and Index Once setting option in Add Data>Files & Directories.Due to this i am unable to...

by New Member in

Two Indexers - Blacklist Data to Specific Indexer

Good morning all- I'm working on a design in my lab where we have two indexers. I have data for one of the indexes...

by Communicator in

How do you use a source stanza under props.conf on a universal forwarder?

I'm currently looking at deploying some changes to ease management of input files in our environment. I've confirmed ...

by New Member in

Can I use both the whitelist AND blacklist for the same monitoring stanza in the inputs.conf?

Hello, Can I use both whitelist AND blacklist for the same monitoring stanza in the inputs.conf? Like below: [m...

by Builder in

Whitespace before closing bracket: An Issue?

My Fowarder App is 1.) Deployed 2.) Reloaded 3.) Phoned-in...but still no logs coming in. Here's the inputs.conf just...

by Builder in

Implement selective parsing of events in splunk based on timestamp

Hi, We are trying to use selective parsing in splunk to parse only those events that have timestamp as a part of e...

by New Member in

How do I get a Splunk universal forwarder to send explicit Event ID Events Only?

Hello, I'm interested in installing universal forwarders (UF) on machines to ingest local security event logs into...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How do you filter out dates from being segmented in segmenters.conf?

Average/Mean time differences by device

What is the correct parameter in props.conf for csv file ?

how we can ingest data from url ?

How to monitor a windows service, send an alert and restart the service?

Unable to fix Bucket corruption : rawdata was truncated

Can you use Splunk to ingest Red Hat Satellite logs?

Universal forwarder issue in AWS

How can I set up up Snmp and is it possible for this service to translate the OIDs before saving to file?

Scripted Input Multiline Event wanted

Logging lagging behind

After log rotation, UF does not forward logs.

PCI Compliance App data source logs sizing

Linebreaker for ESXi Logs

unable to get XML to parse correctly

About version difference between UF and SH.

Optimising CPU + RAM usage on Universal Forwarder

Can you help me understand the forwarder to indexers data flow?

Missing Continuously Monitor and Index Once setting option in Add Data>Files & Directories

Two Indexers - Blacklist Data to Specific Indexer

How do you use a source stanza under props.conf on a universal forwarder?

Can I use both the whitelist AND blacklist for the same monitoring stanza in the inputs.conf?

Whitespace before closing bracket: An Issue?

Implement selective parsing of events in splunk based on timestamp

How do I get a Splunk universal forwarder to send explicit Event ID Events Only?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions