Getting Data In

Discussions

Thread Info

Why is our Splunk Universal Forwarder not able to read the modification on a file under the path "C:\Program Files (x86)"?

My Splunk Universal Forwarder is not able to read the modification on a file under the path "C:\Program Files (x86)" ...

by Explorer in

Why are the indexers trying to execute these command if they are defined as 'local = true'?

We've had some custom commands defined on our indexers for years. Here is /opt/splunk/etc/apps/whirlpool_netbotz/defa...

by Contributor in

How can I get data in to splunk enterprise?

Dear all, I'm a beginer. I just built up splunk enterprise. could you please help me to get data from windows server...

by New Member in

Why does the custom search command display only 1000 events?

The following custom search command (which should return 100,000 displays) returns only 1000 events in Splunk. The re...

by Path Finder in

How do I index only my application data from windows event logs?

Hi, I have an application ABC. From application ABC , I'm writing my logs to Windows Application Event logs. I wan...

by New Member in

In the search head, why am I not able to see which heavy forwarder the logs are coming from?

I have 3 heavy forwarders and sending firewall logs to all heavy forwarders and then forwarder to indexer. But, when ...

by Observer in

Can you help me output field name, value from stats table to CSV?

Hello, I'm trying to get a very specific output format that can be fed into our ticketing system. I have the fo...

by Engager in

How do I get the logs from the servers into Splunk?

Dear All, I am new to Splunk. Just installed Splunk on my servers. Kindly let me know how I can start receiving th...

by New Member in

Why is source type override based on host not working?

Hi All, I have some switch logs which are configured to Splunk from 3 Universal Forwarders into one index. Based o...

by Path Finder in

Is there a way to return a search.log for a recent search job using the REST api?

I'd like to monitor for certain text in a search.log for recent jobs. Is there a way to return a search.log for a...

by Path Finder in

Added data not showing up in respective source types

I added some dummy data yesterday after creating an index and respective source type But today morning i found there ...

by Engager in

How to get repeated event for the same host and instance over the period?

I have some events on my server. I want to get events which are occurring repeatedly for same host and same instance ...

by Communicator in

In Splunk Free, could you help me with snmp_ta handling SNMP tables?

Hello Splunkers, I'm testing "snmp_ta" with Splunk Free and have a handle on capturing single OID and graphing, b...

by New Member in

How to resolve "Invalid username or password. Your license is Expired" error?

I've been contracted to install and setup Splunk Enterprise on Windows Server 2008R2 for a customer. I originally did...

by Explorer in

How to prevent splunk from merging few JSON strings into single event?

Example raw data: {"field1": "value1", "field2": "value2", ..., "string": "1" } {"field1": "value1", "field2": "...

by Explorer in

How to only see duplicates?

I have two profile settings. They both shouldn't be on at the same time. I am trying to see which devices have both o...

by Contributor in

How to get data from two indexes?

Good day everyone, i am dealing with an issue that i haven't been able to find an answer for so far. here is the prob...

by Path Finder in

Please help me identify why Splunk is omitting extracting milliseconds from my JSON

Hi folks, running into a strange issue here. Taking the following json: { [-] @timestamp: 2018-08-30T0...

by Builder in

REST in Splunk 7.0.1: Only 'nobody' allowed to access kvstores?

Hi, I am writing a script to push relevant data from our apps into a kvstore for use as a lookup. When querying...

by Engager in

Reading Data from ElasticSearch to Splunk

My goal is to forward all ES indexes data to splunk using logstash. I have installed logstash on ES node and crea...

by New Member in

Can you help me filter out wineventlog eventcode 4656 account names in transforms.conf?

I am trying to figure out how to filter out account names that end in $ for the 4656 event codes. i am currently usin...

by Path Finder in

How to parse and index fields from my unstructured data?

Hi, I'm trying to successfully parse out some fields from unstructured log file. Below is a snippet: Tue Ju...

by Explorer in

Can you help me change the timezone offset for events that appear to be from the same host?

How do I change the timezone offset for events that appear to be from the same host (but the real host and timezone i...

by New Member in

How can one determine on system level if a Splunk install is a Heavy Forwarder or an Indexer?

Hi team, I'm looking to find a way to identify if a Splunk server is a heavy forwarder or an Indexer in an automat...

by New Member in

Can you help me use a webhook to send alerts to HP Operation Manager?

Am trying to send webhook to HP Operation Manager using JSON payload. But I am getting authentication error. Where sh...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is our Splunk Universal Forwarder not able to read the modification on a file under the path "C:\Program Files (x86)"?

Why are the indexers trying to execute these command if they are defined as 'local = true'?

How can I get data in to splunk enterprise?

Why does the custom search command display only 1000 events?

How do I index only my application data from windows event logs?

In the search head, why am I not able to see which heavy forwarder the logs are coming from?

Can you help me output field name, value from stats table to CSV?

How do I get the logs from the servers into Splunk?

Why is source type override based on host not working?

Is there a way to return a search.log for a recent search job using the REST api?

Added data not showing up in respective source types

How to get repeated event for the same host and instance over the period?

In Splunk Free, could you help me with snmp_ta handling SNMP tables?

How to resolve "Invalid username or password. Your license is Expired" error?

How to prevent splunk from merging few JSON strings into single event?

How to only see duplicates?

How to get data from two indexes?

Please help me identify why Splunk is omitting extracting milliseconds from my JSON

REST in Splunk 7.0.1: Only 'nobody' allowed to access kvstores?

Reading Data from ElasticSearch to Splunk

Can you help me filter out wineventlog eventcode 4656 account names in transforms.conf?

How to parse and index fields from my unstructured data?

Can you help me change the timezone offset for events that appear to be from the same host?

How can one determine on system level if a Splunk install is a Heavy Forwarder or an Indexer?

Can you help me use a webhook to send alerts to HP Operation Manager?

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

JSON Data extraction issues with Comma