Getting Data In

Thread Info

Can you use a modular Input with an HEC ?

I managed to developed a modular input in JavaScript to index information related to Pull requests in Bitbucket. I co...

by Explorer in

How to parse and extract JSON log files in Splunk?

I need to parse Tableau 8.2 JSON log files. Sample two rows of the log files is as below: {"ts":"2014-07-30T07:14:...

by Engager in

Why am I unable to parse logs that are bigger than 10 KB in size?

Hi All , We are using Splunk 6.6.6 version. Whenever we run a query with the log size of each event more than 10 K...

by New Member in

Universal forwarder Windows installation (x86 and x64) fails when being pushed by GPO; missing next button?

Testing this out on two separate machines in our environment as we need to get Splunk up and running on all server by...

by New Member in

Parsing NetIQ DRA data from Windows Application Event Log

I have some entries in WinEventLog://Application coming from NetIQ DRA. I couldn't find any add-ons for DRA on Splunk...

by Engager in

How do you get the latest time entry from a datetime field value?

I have one field value as a datetime field, and I want the data of only the latest time. How can I write this query? ...

by New Member in

Single Instance Splunk - How is CPU allocation prioritised between searches and indexing?

Quick question as I am struggling to find answers in the Splunk documentation. How does Splunk prioritise CPU allo...

by Engager in

JdbcUrl for firebird parsed wrong?

Hi, It seems that I can connect to a firebird database, but run into issue JDBC-446 http://tracker.firebirdsql.org...

by Path Finder in

Issue setting up Microsoft OMS Modular Inputs TA

I'm trying to setup the TA, and have filled out all of the required fields (information taken from an azure subscript...

by Explorer in

Why is Splunk not respecting the TIME_FORMAT in props.conf?

I have a log message which starts with a time stamp. Splunk is automatically extracting this and indexing the message...

by New Member in

Help with props.conf

all, I was able to get the results I wanted in my search but I need to convert this into a props.conf config file...

by Builder in

Is it really required to stop indexer services while adding another indexer?

I have one machine which is acting as an indexer as well as a search head. So, i want to add another indexer. So what...

by Explorer in

Why can't Splunk index some files in a directory?

Hi I am trying to index a file from different subdirectory but Splunk is not indexing some of those files for some...

by Builder in

Splunkcloud - Specify a different sourcetype for Generic S3 input ?

Hello, We have iis log being stored in a S3 bucket in CSV format. My understanding is sourcetype for CSV will help...

by New Member in

How do you configure the inputs.conf with file size?

Hi all, Is there any way that we can write an inputs.conf stanza with file size. I wanted to archive the files whi...

by Path Finder in

REST API twitter returns messages 420: Enhance your calm

Hi all, We have RET API for a long time in our Splunk enviroment, but since last month of May, we are experiencing...

by New Member in

Create new dimensions from collectd

Hello I am trying to get metrics data into Splunk using collectd and metrics seems to be coming in fine. Want to a...

by Motivator in

API call to return graph (visualization)

Can someone help and point me to some documentation on how to use the REST API to run a search and stream graph (visu...

by New Member in

Powershell modular input, Get-Process, some processes do not forward to splunk, possibly large values

I'm monitoring a number of processes on a dozen or so Windows hosts. I've not written a script, the input is simp...

by Engager in

Extract a non-strp timstamp across multiple pipe delimiters

Hi everyone, Given an event like the following, is there a way to get this to successfully parse as _time at index...

by Path Finder in

Split json array of objects into multiple events

We have data structured in the following format: [ { "container_id": "1", "executor_id": "1", "frame...

by Path Finder in

Why isn't the receiver receiving files from universal forwarder?

I have 2 Linux machines. I installed the universal forwarder on one of them and configured the inputs.conf and ou...

by Path Finder in

Drilldown on text input

i put in some data in a text input and press enter, can i link it to another dashboard upon pressing enter key ? basi...

by Builder in

Can i use outputs.conf to send some data to one splunk environment and other data to another splunk environment?

I work for a managed service provider. We use Splunk to monitor servers for our clients. One of our clients has built...

by Path Finder in

In order customize my Docker image, how should I download and install Splunk Forwarder on *nix systems?

I am trying to customize my Docker image (a Cassandra image) so it also has Splunk Forwarder with Cassandra add-on. C...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can you use a modular Input with an HEC ?

How to parse and extract JSON log files in Splunk?

Why am I unable to parse logs that are bigger than 10 KB in size?

Universal forwarder Windows installation (x86 and x64) fails when being pushed by GPO; missing next button?

Parsing NetIQ DRA data from Windows Application Event Log

How do you get the latest time entry from a datetime field value?

Single Instance Splunk - How is CPU allocation prioritised between searches and indexing?

JdbcUrl for firebird parsed wrong?

Issue setting up Microsoft OMS Modular Inputs TA

Why is Splunk not respecting the TIME_FORMAT in props.conf?

Help with props.conf

Is it really required to stop indexer services while adding another indexer?

Why can't Splunk index some files in a directory?

Splunkcloud - Specify a different sourcetype for Generic S3 input ?

How do you configure the inputs.conf with file size?

REST API twitter returns messages 420: Enhance your calm

Create new dimensions from collectd

API call to return graph (visualization)

Powershell modular input, Get-Process, some processes do not forward to splunk, possibly large values

Extract a non-strp timstamp across multiple pipe delimiters

Split json array of objects into multiple events

Why isn't the receiver receiving files from universal forwarder?

Drilldown on text input

Can i use outputs.conf to send some data to one splunk environment and other data to another splunk environment?

In order customize my Docker image, how should I download and install Splunk Forwarder on *nix systems?

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions