Getting Data In

Community Activity

Can we use the usual Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure? When you deploy Splunk Insights for Infrastructure you use the specific script to install a forwarder. Can we use Spl... by skulk Explorer in Getting Data In 12-12-2018 0 6	0	6
Why am I getting an error when backing up my heavy forwarder? I want to back up my HF so that I can upgrade to the new 7.2 version but I get these invalid errors: Checking conf f... by kdelvillar Engager in Getting Data In 12-12-2018 0 1	0	1
Can you delay a Universal Forwarder from ingesting files ? I have a minor issue whereby my Linux UF (an NFS server) is generating TailReader warnings in splunkd.log due to insu... by icorsbie Engager in Getting Data In 12-12-2018 1 5	1	5
Getting this Unable to distribute to peer named xxxx at uri https://xxxxxx.com:8089 because replication was unsuccessful. replicationStatus Failed failure info: failed_because_REMOTE_CHKSUM_UNMATCHED: Remote checksum does not match: Hi Team, I'm seeing a weird issue in splunk– I am getting the below error on my search head, Splunk Environment de... by Hemnaath Motivator in Getting Data In 12-12-2018 0 3	0	3
How can I subtract two timestamp fields in a transaction to get duration? Helllo, I've been trying to subtract two timestamp fields from each other within a transaction. A timestamp as such: ... by ykoolhout Explorer in Getting Data In 12-12-2018 0 13	0	13
Clearpass app not displaying important field in dashboards The Clearpass app is displaying data, however, it is missing populating major fields. when I look at the Search I al... by Iwdavies Path Finder in Getting Data In 12-11-2018 0 6	0	6
Splunk Powershell Script output data is not getting parsed on Indexers I have a Powershell script on windows UF servers. We have created a powershell input and pointed to the script. The... by ankithreddy777 Contributor in Getting Data In 12-11-2018 0 0	0	0
Does it affect Splunk to monitor encrypted archive data? I know that Splunk doesn't support monitoring of encrypted data. But I want to know what happens when Splunk tries t... by yutaka1005 Builder in Getting Data In 12-11-2018 0 1	0	1
Is Splunk Universal Forwarder able to run Powershell inputs? In Inputs.conf, it says that we can run powershell scripts using the below stanza. Does the universal forwarder have ... by ankithreddy777 Contributor in Getting Data In 12-10-2018 0 1	0	1
How come my regexes aren't working in props source matching? Splunk Enterprise 6.5.4, with dedicated indexer and search head clusters, using config such as this: transforms.conf... by krisreeves Path Finder in Getting Data In 12-10-2018 1 5	1	5
What do I do if the Splunk DB Connect database connection is invalid due to the server time zone value being unrecognized? Splunk DB connect database connection is invalid due to the server time zone value being unrecognized. What do I do? by rsantoso_splunk Splunk Employee in Getting Data In 12-10-2018 0 1	0	1
What do we need to write in TIME_FORMAT in props.conft to extract a timestamp? How do you extract a timestamp in an event like this "2018-12-05T00:31:03.711Z"? Like, what do we need to write in T... by vishaltaneja070 Motivator in Getting Data In 12-10-2018 0 6	0	6
Can I run the btool command on a universal forwarder without running shell or powershell script? I would like to run a scheduled Splunk btool command using scripted input to index configs every few hours. I cannot ... by ankithreddy777 Contributor in Getting Data In 12-10-2018 0 14	0	14
Can you help me set up our heavy forwarder for the following event filtering necessities? Hello, Can someone please direct me to the Splunk docs tutorial, or any video, that would show me how to use the hea... by farooqm New Member in Getting Data In 12-10-2018 0 1	0	1
Why can't I blacklist Windows Security EventCode 5152 in inputs.conf? Hello, I am trying to blacklist EventCode 5152 in inputs.conf. I have tried putting it in a different order in the ... by bwaldren Explorer in Getting Data In 12-10-2018 1 15	1	15
How do you filter results after using the tostring "duration"? I used the answer from this thread to create my query, but I can't figure out how to narrow them down. https://answer... by pmhelfrich Explorer in Getting Data In 12-10-2018 0 2	0	2
Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers? I'm trying to use a regex in a transforms.conf file on the Indexer to prevent indexing of informational and debug mes... by teedilo Path Finder in Getting Data In 12-10-2018 0 14	0	14
How can I split my data to show the average based on column values? I am using the following query to split my data to show the average, min, and max based on the fields. But, I seem to... by angersleek Path Finder in Getting Data In 12-10-2018 0 2	0	2
How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home? The other day I came across universal forwarder based deployment client which was not receiving deployment server app... by dstaulcu Builder in Getting Data In 12-10-2018 0 2	0	2
File can't be indexed Hi Team, I have on file (is the picture) that are unable to catch and index i have this configuration in my input... by serviceinfrastr Explorer in Getting Data In 12-10-2018 0 11	0	11
How do I make my heavy forwarder, which is already configured, into a deployment server? I have a Splunk Cloud instance and a heavy forwarder that sends in all my data into my cloud instance. I will now be ... by kdelvillar Engager in Getting Data In 12-10-2018 0 3	0	3
custom fields are not returned in search/jobs end point Hi, The custom fields set in search/jobs POST are not returned in search/jobs GET. In earlier versions of splunk the... by strive Influencer in Getting Data In 12-10-2018 0 1	0	1
Can you help me get multiple fields from a single field in JSON? The text field in my event contains A LOT of data. json snipped : {"Date":"2018-12-05T12:04:04.71","ID":"00000000-0... by danw25 Engager in Getting Data In 12-10-2018 0 3	0	3
Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?" Hi Team, I am using Splunk 7.1.1 and i have been getting this error constantly LineBreakingProcessor - Truncating ... by swaroopbr Engager in Getting Data In 12-09-2018 0 3	0	3
override source field to a common source using transform.conf and props.conf Hi I want to have a common source field for all my syslog. I have centralized syslog server where I am running splun... by meet_vadaria Engager in Getting Data In 12-07-2018 0 5	0	5

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Getting Data In

Can we use the usual Splunk Universal Forwarder to collect and send metrics to Splunk Insights for Infrastructure?

Why am I getting an error when backing up my heavy forwarder?

Can you delay a Universal Forwarder from ingesting files ?

Getting this Unable to distribute to peer named xxxx at uri https://xxxxxx.com:8089 because replication was unsuccessful. replicationStatus Failed failure info: failed_because_REMOTE_CHKSUM_UNMATCHED: Remote checksum does not match:

How can I subtract two timestamp fields in a transaction to get duration?

Clearpass app not displaying important field in dashboards

Splunk Powershell Script output data is not getting parsed on Indexers

Does it affect Splunk to monitor encrypted archive data?

Is Splunk Universal Forwarder able to run Powershell inputs?

How come my regexes aren't working in props source matching?

What do I do if the Splunk DB Connect database connection is invalid due to the server time zone value being unrecognized?

What do we need to write in TIME_FORMAT in props.conft to extract a timestamp?

Can I run the btool command on a universal forwarder without running shell or powershell script?

Can you help me set up our heavy forwarder for the following event filtering necessities?

Why can't I blacklist Windows Security EventCode 5152 in inputs.conf?

How do you filter results after using the tostring "duration"?

Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers?

How can I split my data to show the average based on column values?

How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home?

File can't be indexed

How do I make my heavy forwarder, which is already configured, into a deployment server?

custom fields are not returned in search/jobs end point

Can you help me get multiple fields from a single field in JSON?

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

override source field to a common source using transform.conf and props.conf

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation