Getting Data In

Discussions

Thread Info

How do I index only critical events?

I'm trying to use advanced whitefilter, but I'm coming up short. Basically, I want to index all Windows event logs th...

by Builder in

Why does data stop getting indexed after a log rotation?

Hi, I noticed that, right after a log rotation, the data is not being indexed anymore. Data is still going throug...

by Explorer in

ThruputProcessor - Current data throughput (266 kb/s) has reached maxKBps. As a result, data forwarding may be throttled. Consider increasing the value of maxKBps in limits.conf.?

What does the message in the forwarder server "ThruputProcessor - Current data throughput (266 kb/s) has reached maxK...

by Builder in

What is the best Windows system for Splunk ?

Hello, I want to deploy Splunk for my system but i don`t know what version of Windows is the best running together...

by Contributor in

SSL between forwarders and indexers

Is it possible to have index cluster tier which can support both non-ssl and ssl forwarders without running multiple ...

by Path Finder in

json split out nested key/values to separate events

Hello, I have a giant JSON blob that has some similar key names for nested events w/ different values. I'd like 1 ite...

by Path Finder in

Whats the best way to get Azure Security center logs to Splunk?

Hello, Are there any other options to on-board azure security center alerts to Splunk other than eventhub?

by Path Finder in

Is it possible to transfer data from a heavy forwarder to two different cloud (cloud 1 and cloud 2) indexers?

I have one heavy forwarder and two different cloud indexers. heavy forwarder (HF)indx1(placed in cloud 1)indx2(pla...

by Explorer in

How do you run a Python script on a universal forwarder before taking input?

I want to take input from a forwarder, but before that, I want to filter the data with the help of a Python script. ...

by New Member in

Universal Forwarder listening on port 8089

I am running across a number vulnerability assessment findings regarding sslv2 being accepted on my SPLUNK Universal ...

by Path Finder in

Can I use a python script on a Windows universal forwarder?

os: windows 7-64bit / splunk 6.2.0 / universal forwarder 6.2.0 current my python inputs.conf [script://.\bin\te...

by Explorer in

How do you delete an index from a Splunk deployment with a non-clustered Indexer setup?

Hi, I would like to remove an index using the Splunk remove index command. My environment has a non-clustered I...

by Path Finder in

i am trying to collect event metrics from application logs from splunk for prometheus. Can anyone please guide me how to do ?

For eg via below code i get the logs but how to get metrics from them and how i can use them in prometheus ? impor...

by Observer in

How to input for s3 buckets compressed file without .gz extension?

How to ingest files in S3 buckets that are compressed but do not have .gz extension: ie: s3://Blah-main/2018/04/20/16...

by Explorer in

Sysmon Ingest Volume

For those of you who are ingesting Sysmon data from workstations -- what's the ingest volume look like for you per da...

by Contributor in

"ThruputProcessor - Current data throughput (259 kb/s) has reached maxKBps." messages despite limits.conf file.

Hi everyone. I am receiving these messages on my forwarders: 10-16-2013 18:38:59.118 +0000 INFO ThruputProcessor ...

by Builder in

I'm a new customer — can you help me with an Index best practices question for Splunk Cloud?

We are a new customer to Splunk and are about to start ingesting data into our Splunk Cloud instance. I’m curious wha...

by New Member in

Can you help me get blacklist WinEventLog Security to work?

Hi, I tried to blacklist Windows event logs for EventCode and Message field content. I can't figure out what's ...

by Influencer in

Can you help me correlate to an event in a different source type without a correlation field?

Hi, I am trying to correlate two different source types (haproxy and apache). I would like to find the access o...

by New Member in

How do you run a subquery for each row of a CSV file by passing the field in a search string?

I want to run a Splunk query for all the values in the CSV file and replace the value with the field in the CSV file....

by Engager in

How do you collect Windows performance data using a custom app?

Hello all, I am new to Splunk and am trying to collect Windows performance data using a custom App rather than the...

by Path Finder in

Can't see my NAS data in my Splunk using SNMP input modular

Hello, I'm using the snmp modular input app to collect my NAS data to Splunk. 1. I configure the snmp using the poll ...

by Explorer in

Monitoring same logs for two different sourcetype

Hello, we are monitoring GC logs and logs could be in two different format.(Conventional GC and G1) Requirement is...

by Builder in

log unsafe as it does not exist anymore, scheduling a oneshot timeout instead.

Running syslog-ng with a HF. Logrotate runs hourly. 16 or so different web proxies are sending logs to the syslog-ng ...

by Path Finder in

Can someone help me create a query that fetches forwarder details?

Can anyone please let me know the query for fetching the details of forwarders, as well as the deployment server, fro...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I index only critical events?

Why does data stop getting indexed after a log rotation?

ThruputProcessor - Current data throughput (266 kb/s) has reached maxKBps. As a result, data forwarding may be throttled. Consider increasing the value of maxKBps in limits.conf.?

What is the best Windows system for Splunk ?

SSL between forwarders and indexers

json split out nested key/values to separate events

Whats the best way to get Azure Security center logs to Splunk?

Is it possible to transfer data from a heavy forwarder to two different cloud (cloud 1 and cloud 2) indexers?

How do you run a Python script on a universal forwarder before taking input?

Universal Forwarder listening on port 8089

Can I use a python script on a Windows universal forwarder?

How do you delete an index from a Splunk deployment with a non-clustered Indexer setup?

i am trying to collect event metrics from application logs from splunk for prometheus. Can anyone please guide me how to do ?

How to input for s3 buckets compressed file without .gz extension?

Sysmon Ingest Volume

"ThruputProcessor - Current data throughput (259 kb/s) has reached maxKBps." messages despite limits.conf file.

I'm a new customer — can you help me with an Index best practices question for Splunk Cloud?

Can you help me get blacklist WinEventLog Security to work?

Can you help me correlate to an event in a different source type without a correlation field?

How do you run a subquery for each row of a CSV file by passing the field in a search string?

How do you collect Windows performance data using a custom app?

Can't see my NAS data in my Splunk using SNMP input modular

Monitoring same logs for two different sourcetype

log unsafe as it does not exist anymore, scheduling a oneshot timeout instead.

Can someone help me create a query that fetches forwarder details?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions