Getting Data In

Thread Info

How to input for s3 buckets compressed file without .gz extension?

How to ingest files in S3 buckets that are compressed but do not have .gz extension: ie: s3://Blah-main/2018/04/20/16...

by Explorer in

Sysmon Ingest Volume

For those of you who are ingesting Sysmon data from workstations -- what's the ingest volume look like for you per da...

by Contributor in

"ThruputProcessor - Current data throughput (259 kb/s) has reached maxKBps." messages despite limits.conf file.

Hi everyone. I am receiving these messages on my forwarders: 10-16-2013 18:38:59.118 +0000 INFO ThruputProcessor ...

by Builder in

I'm a new customer — can you help me with an Index best practices question for Splunk Cloud?

We are a new customer to Splunk and are about to start ingesting data into our Splunk Cloud instance. I’m curious wha...

by New Member in

Can you help me get blacklist WinEventLog Security to work?

Hi, I tried to blacklist Windows event logs for EventCode and Message field content. I can't figure out what's ...

by Influencer in

Can you help me correlate to an event in a different source type without a correlation field?

Hi, I am trying to correlate two different source types (haproxy and apache). I would like to find the access o...

by New Member in

How do you run a subquery for each row of a CSV file by passing the field in a search string?

I want to run a Splunk query for all the values in the CSV file and replace the value with the field in the CSV file....

by Engager in

How do you collect Windows performance data using a custom app?

Hello all, I am new to Splunk and am trying to collect Windows performance data using a custom App rather than the...

by Path Finder in

Can't see my NAS data in my Splunk using SNMP input modular

Hello, I'm using the snmp modular input app to collect my NAS data to Splunk. 1. I configure the snmp using the poll ...

by Explorer in

Monitoring same logs for two different sourcetype

Hello, we are monitoring GC logs and logs could be in two different format.(Conventional GC and G1) Requirement is...

by Builder in

log unsafe as it does not exist anymore, scheduling a oneshot timeout instead.

Running syslog-ng with a HF. Logrotate runs hourly. 16 or so different web proxies are sending logs to the syslog-ng ...

by Path Finder in

Can someone help me create a query that fetches forwarder details?

Can anyone please let me know the query for fetching the details of forwarders, as well as the deployment server, fro...

by New Member in

How do you filter custom events in Windows Security log using regular expression in blacklist?

Hello, We have Splunk Enterprise 7.2 with Deployment Server role and Splunk Universal forwarder on a Windows SQL s...

by New Member in

Apply spath automatically to a sourcetype with nested JSON

Hi all, I have JSON events with complex properties, aka nested JSON objects. I know how to apply spath and create mac...

by Path Finder in

Educational Resouces for log quality

All, Our developers need a lot of training just on producing solid log quality. Wondering if anyone has any forma...

by Builder in

Why is TCP data not being indexed?

Hi, I have a feed of events coming into my Splunk Heavy Forwarder, but they aren't being indexed, and I'm baffled....

by Champion in

Can you help me avoid data loss from my universal forwarder?

Hi Splunker! i am using a universal forwarder to monitor and forward data (log file) to my Splunk. i have observed...

by Path Finder in

Value misinterpreted as time

We found the following message in the data and Splunk recognizes it as a timestamp. How can I prevent this interpreta...

by Communicator in

How come our CSV scheduled export for a savedsearch can't have more than 50.000 rows?

Hi, We need to have a copy of a big SQL table in a CSV file to speed up some lookups... We do retrieve the dat...

by New Member in

How do I add fields to incoming data?

Hi, I'm trying to load a CSV file using the universal forwarder, and there are no headers in the CSV file. How ca...

by Explorer in

Universal fowarder and WMI

I want to configure the universal fowarder to poll WMI data and forward it to my indexer. I understand that I need a ...

by Path Finder in

How do you parse and chart fields in a JSON array?

Hi, I have a log event where part of the log entry contains some JSON data similar to the following format: ...

by Explorer in

Parsing very long JSON lines

I am working with log lines of pure JSON (so no need to rex the lines - Splunk is correctly parsing and extracting al...

by Explorer in

What do I look at in splunkd.log to troubleshoot deployment client issues?

Hi Splunkers, I have a list of servers that have the Splunk UF running on them. These servers are not showing up i...

by Path Finder in

JSON Double Extraction

I've got an odd problem with JSON extracting twice. I've read the other posts on this and believe what I have should ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to input for s3 buckets compressed file without .gz extension?

Sysmon Ingest Volume

"ThruputProcessor - Current data throughput (259 kb/s) has reached maxKBps." messages despite limits.conf file.

I'm a new customer — can you help me with an Index best practices question for Splunk Cloud?

Can you help me get blacklist WinEventLog Security to work?

Can you help me correlate to an event in a different source type without a correlation field?

How do you run a subquery for each row of a CSV file by passing the field in a search string?

How do you collect Windows performance data using a custom app?

Can't see my NAS data in my Splunk using SNMP input modular

Monitoring same logs for two different sourcetype

log unsafe as it does not exist anymore, scheduling a oneshot timeout instead.

Can someone help me create a query that fetches forwarder details?

How do you filter custom events in Windows Security log using regular expression in blacklist?

Apply spath automatically to a sourcetype with nested JSON

Educational Resouces for log quality

Why is TCP data not being indexed?

Can you help me avoid data loss from my universal forwarder?

Value misinterpreted as time

How come our CSV scheduled export for a savedsearch can't have more than 50.000 rows?

How do I add fields to incoming data?

Universal fowarder and WMI

How do you parse and chart fields in a JSON array?

Parsing very long JSON lines

What do I look at in splunkd.log to troubleshoot deployment client issues?

JSON Double Extraction

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Splunk Ingest Actions

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions