Getting Data In

Discussions

Thread Info

How to populate a new field with the differences of multiple CSVs against a single CSV?

The SPL below returns a count from one field in multiple CSVs. At the end, a delta is calculated, comparing each coun...

by Communicator in

How do you Index a JSON file that was exported from another Splunk instance?

Greetings all, I have several JSON files that were exported from a Splunk instance (using the front end GUI I bel...

by Path Finder in

How do you build a chart from two date fields?

On my current data I have two date fields: CommencementDate and CompletitionDate. I would like to build a chart where...

by New Member in

Why is DNS lookup failing during indexing for 2 hosts?

I just moved my Splunk indexer from one server to another. A few bumps in the road, but everything seems to be workin...

by Path Finder in

How do I split JSON array, twitter hashtags?

i'm having a brain fart at the moment and trying to figure out how to get JUST the hashtags from all the posts. I kno...

by Path Finder in

In inputs.conf whitelist, how do I create a regex expression for whitelisting files which contain a certain string?

I need to whitelist files that contain a string in any case and in any place in the filename. And, they can either be...

by Path Finder in

time latency (Indextime and timestamp)?

Hello, I'm trying to measure the time that data got ingested and the time it showed up on my search. I read that ...

by Explorer in

Can you suggest a format for a source type event break that doesn't truncate the following JSON logs?

I have a JSON log that is getting truncated because of the event break pattern in the source type. I cloned the sourc...

by Explorer in

Splunk 7.0.0: How to get metrics in from collectd

Hi, How to add a tag(region) to a collectd based metric from a host? For example if we have 2 regions (us-east,us-...

by Explorer in

When building a modular input, how to index JSON data?

Hi, I am building a modular input using Add-on Building and python. When I am trying to index JSON data I get this...

by Explorer in

How do I test connectivity over a specific port in Windows?

My forwarder is unable to establish a connection over port 9997 to my indexer. I am running Windows, and I do not ...

by Splunk Employee in

Splunk stopped indexing local log after SSL setup

Hi Guys, I run standalone Splunk Version: 7.2.0 deployment for a college project on Ubuntu 14.04 (amd64). I have s...

by Engager in

Why has Splunk stopped indexing all log files?

I've recently started using Splunk and it was working fine but at some point seems to have stopped indexing any logs....

by Explorer in

Extract Json and Build a plot

I am looking to extract values from the Json to build out data to see what was the quote number that threw error. I a...

by New Member in

How can I query and find records which have an empty array?

My JSON looks like this, { "id":"studentNumber", "courses" : [ { "course" : "Analysis of Alg" }, { "course": "game...

by New Member in

How to apply an arbitrary offset to the timestamp at index time?

I have an input that writes timestamps as the number of milliseconds passed since January 1st 1601 that sadly cannot ...

by SplunkTrust in

How do you extract fields from JSON logs?

Hello, I have the following JSON log event: { [-] line: I 1019 15:40:22.873 UTC THREAD1: **linkerd 1....

by Path Finder in

How does a LOOKUP and Report command work in a PROPS.CONF ?

We have to use Graylog to forward Windows events to our SPLUNK. However we are trying to use CIM model and we have as...

by Path Finder in

Can you suggest a best approach for Splunk Data On boarding and data segregation?

Let us say we are getting data from 2 different sources called A and B. The data is coming under the index called "Ex...

by Path Finder in

Splunk Reading MQ Messages with MQMD Header

Hi Would like to get recommendations on using Splunk as a Data Backup repository for MQ Messages. We are tryin...

by Engager in

How do I add the right time stamp and correct server name to the following syslog messages?

Hi guys, Please pardon my ignorance here as i am new to Splunk. I am using Splunk 7.1 on a Windows server and forw...

by New Member in

How to specify source type for virtual indexes.?

Hi, I have data in HDFS and I am creating Virtual Indexes to access the data. However, I need to make get the whol...

by Explorer in

Has anyone attempted to use Mango for data transfer into Splunk Cloud?

I am wondering if anyone had figured out a good solution for pulling in data from various modbus components, and send...

by New Member in

How can I compare the time on our server against the actual current time?

Hi Is there a way to find the current time on the Windows (UF installed) and compare it with the current time? I n...

by Builder in

curl command as .bat file in windows gives blank result

Hi I have created curl command to reload input . i have saved it in .bat file under splunk>bin>scripts path and my O...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to populate a new field with the differences of multiple CSVs against a single CSV?

How do you Index a JSON file that was exported from another Splunk instance?

How do you build a chart from two date fields?

Why is DNS lookup failing during indexing for 2 hosts?

How do I split JSON array, twitter hashtags?

In inputs.conf whitelist, how do I create a regex expression for whitelisting files which contain a certain string?

time latency (Indextime and timestamp)?

Can you suggest a format for a source type event break that doesn't truncate the following JSON logs?

Splunk 7.0.0: How to get metrics in from collectd

When building a modular input, how to index JSON data?

How do I test connectivity over a specific port in Windows?

Splunk stopped indexing local log after SSL setup

Why has Splunk stopped indexing all log files?

Extract Json and Build a plot

How can I query and find records which have an empty array?

How to apply an arbitrary offset to the timestamp at index time?

How do you extract fields from JSON logs?

How does a LOOKUP and Report command work in a PROPS.CONF ?

Can you suggest a best approach for Splunk Data On boarding and data segregation?

Splunk Reading MQ Messages with MQMD Header

How do I add the right time stamp and correct server name to the following syslog messages?

How to specify source type for virtual indexes.?

Has anyone attempted to use Mango for data transfer into Splunk Cloud?

How can I compare the time on our server against the actual current time?

curl command as .bat file in windows gives blank result

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions