Getting Data In

Thread Info

How to move data from one peer node to another peer in an indexer clustering environment?

I have 3 indexers in cluster master. (Indexer 1, indexer2 and indexer3) I need to stop indexer2 and indexer3 permanen...

by Explorer in

My logs are going into the wrong Index

It was reported to me that data from one of our devices is showing up in the wrong index. Is there an easy way to fix...

by Explorer in

dropping events at index time works from one forwarder but not from the other

My scenario is: 1 Indexer (SPLUNK Enterprise 7.1.3) 1 Heavy Forwarder (SPLUNK Enterprise 7.1.2 1 Universal Forwarder ...

by Path Finder in

Is there a way to filter only a certain type of log from websphere to get logged to splunk?

I'm trying to add debug and error logs from websphere to splunk, but it consuming a lot of space. My aim is to reduce...

by New Member in

How do you ingest events of a particular time period from a file in Splunk?

I have a log file of about 400 MB in size. I don't want to ingest it completely. I just want a few events from a part...

by Explorer in

SA-Modularinput-powershell (V3): scheduler fails scheduling with more than one stanza

Hi. We are running Splunk Enterprise version 7.2.0. On this version and also on 6.6, we find that when we have more t...

by New Member in

How to whitelist combination of fields using lookup table?

Hello Experts, We've got an alert which gets triggered if service is installed on the windows host. index=winev...

by Explorer in

Why do my forwarders have inconsistent connectivity to the indexers?

We have this case for multiple servers where we see constant errors such as - 10-04-2018 13:25:55.480 -0500 INFO ...

by Ultra Champion in

Can Splunk connect with Automation Anywhere tool?

Splunk is an Automated Process. Can Splunk be useful for Automation Anywhere tool ?

by New Member in

How do you get logs from Mcafee IPS into Splunk?

I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk? Currently, I...

by Communicator in

With a heavy forwarder, how do I redirect a data set to separate indexes with different indexes?

All, I have a data set that I need in indexclusterA as index=distil. HOW EVER I need that same data in indexclust...

by Builder in

How do I troubleshoot "ERROR TailingProcessor - Ran out of data while looking for end of header"

Can anybody please tell me what I need to do for the error ERROR TailingProcessor - Ran out of data while looking...

by New Member in

'WinHostMon://Service' without valid type

Hi, I am configuring the input.conf on my windows hosts to get the status of some services but I get an error for ...

by New Member in

I am trying to create an alert specific to domain admins being added or removed from the Admin group

As the question stated I am trying to create an alert that lets me know when Domain admins were added or removed from...

by Explorer in

How do I collect fake data automatically in Splunk?

hello, I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automat...

by Explorer in

モニターコンソールの取り込みについて

現在、以下の症状が発生しており対応に困っています。このため、皆様のお力をお借りできたらと投稿致しました。お手数となりますが、対応に伴う知見がありましたらご提示願います。また、不足の情報がございました際は、その旨コメントをください...

by New Member in

Why copytruncate logrotate does not play well with splunk monitoring

I am using logrotate to rotate my files, with the option copytruncate. http://linuxcommand.org/man_pages/logrotate8.h...

by Splunk Employee in

How do we change indexes.conf's cold path in a clustered Splunk environment?

Hi Team, Here is our scenario: Our current directory in our coldPath parameter in master-apps/org_all_indexes/l...

by Communicator in

Why am I getting the following Http Event Collector (HEC) errors?: {"text":"Invalid token","code":4}

I created 100s of HEC tokens and put them in an app, which has been pushed down to several Heavy Forwarders. Most of ...

by Splunk Employee in

Can you help me with my search results visualization column chart issue?

The original data is json format Search Language is as follows: I successfully extracted the data and disp...

by Path Finder in

In a Splunk cluster on Cloud, what are some best practices when Increasing indexer disk space?

Hello, I'm running my Splunk cluster on cloud, and I'm running out of disk space. I'm planning on increasing the a...

by Path Finder in

How to calculate total Business hours in between weekend days?

Example: if Friday by 02-FEB-2018 23:00 a ticket got recorded and resolved on monday 05-FEB-2018 20: 00. So I want to...

by Explorer in

How to configure default values for parameters on Modular Inputs

I am using C# SDK 2.0 and Visual Studio 2013 Extension for creating Modular Inputs. I am trying to understand the bes...

by New Member in

How do I reload CSS and JS files despite the browser cache?

Hello, I source CSS and JS files in my view, as below: <form stylesheet="style.css" script="script.js"> But...

by Explorer in

I want to set data from my code base(java) for modular input and it should see on the page....Please help me on this.

I want to set value from for modular input from code. and read same data in code.

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to move data from one peer node to another peer in an indexer clustering environment?

My logs are going into the wrong Index

dropping events at index time works from one forwarder but not from the other

Is there a way to filter only a certain type of log from websphere to get logged to splunk?

How do you ingest events of a particular time period from a file in Splunk?

SA-Modularinput-powershell (V3): scheduler fails scheduling with more than one stanza

How to whitelist combination of fields using lookup table?

Why do my forwarders have inconsistent connectivity to the indexers?

Can Splunk connect with Automation Anywhere tool?

How do you get logs from Mcafee IPS into Splunk?

With a heavy forwarder, how do I redirect a data set to separate indexes with different indexes?

How do I troubleshoot "ERROR TailingProcessor - Ran out of data while looking for end of header"

'WinHostMon://Service' without valid type

I am trying to create an alert specific to domain admins being added or removed from the Admin group

How do I collect fake data automatically in Splunk?

モニターコンソールの取り込みについて

Why copytruncate logrotate does not play well with splunk monitoring

How do we change indexes.conf's cold path in a clustered Splunk environment?

Why am I getting the following Http Event Collector (HEC) errors?: {"text":"Invalid token","code":4}

Can you help me with my search results visualization column chart issue?

In a Splunk cluster on Cloud, what are some best practices when Increasing indexer disk space?

How to calculate total Business hours in between weekend days?

How to configure default values for parameters on Modular Inputs

How do I reload CSS and JS files despite the browser cache?

I want to set data from my code base(java) for modular input and it should see on the page....Please help me on this.

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

ESXi and vSphere logs

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions