Getting Data In

Thread Info

Why did Splunk stop collecting syslog logs?

I installed Splunk last week, and I'm only collecting data (syslog) from one source. Data stopped being collected ...

by Explorer in

"Splunk could not get the description..." after Windows 2016 Cumulative Update 2018-09

Probably an update to a core DLL and we'll have to wait for a new version of the Splunk UF. As of this moment, UF ver...

by New Member in

Can you help me with an inputs.conf wildcard issue?

Hi, I have a forwarder setup with this inputs.conf: [monitor:///home/mqm/mqstatistics/splunk/*_QM_Q_*] disabled...

by Path Finder in

Can you help me with props.conf in line breakage?

link textI want to break the events where you see the bolded timestamps below, like 12:17:50.267,12:17:50.268 etc ...

by Builder in

Remotely pull ./splunk diag via REST?

Is it possible to pull a diag output from the REST interface? It's slightly cumbersome, especially when I need to run...

by Communicator in

How do I blacklist sub-directories in the input.conf file?

I want to capture all the files in a particular folder but I do not want to capture the files inside the sub-director...

by New Member in

What is the endpoint I can use for the saved search using API ?

I have a saved search in Splunk. What is the exact URL I need to give to the other team so they can access the saved ...

by Explorer in

Can you help me with Log Event Queueing on a Splunk Forwarder?

Hi Splunkies, is there a way to set up log event event queuing and the chunking of queued events on the forwarder ...

by Engager in

Can we specify files in archive to be collected?

I couldn't find a clear guideline of doing this. Simply, can we specify monitor path deep inside archive? e.g. [mo...

by Explorer in

Sybase IQ log timestamp catching

Hello, I have a very special log to index into Splunk. This is a Sybase IQ log with a special timestamp format. E...

by New Member in

Discrepancy in the transfer of WinEventLog://Security logs through Universal Forwarder

We have 5 indexers and a standalone search head with no cluster configuration. Recently, we have observed that the Wi...

by Splunk Employee in

Unable to pass the value from CSV into kvlookup and return results

Hi All, i need help and would understand can Splunk forward a value from CSV and compare the value in a lookup and re...

by Explorer in

Why is my PowerShell scripted input failing intermittently?

I have a PowerShell scripted input which is set to run at the start of the service. Since the servers reboot daily, t...

by Explorer in

How do I find what is causing my typing queue blockage?

How do I find sources/source types/hosts/indexes causing typing queue blockage?

by Splunk Employee in

Will someone tell me the command Splunk is using to read Windows security event logs?

Can someone tell me the command Splunk is using to read the Windows security event log. I have one server that will s...

by Explorer in

Environment variable in scripted input relative to App directory

I provide an App that uses an executable on Windows systems to generate some data. This program is located in the bin...

by Contributor in

SplunkForwarder garble events with \x00

I observe a strange behavior with one of out UniversalForwarders. First I've added a new logfile on the forwarder ...

by Engager in

Why is Splunk is not ingesting my Websense data?

So, I have a Websense server which I've configured to send logs to Splunk but nothing is being fed in. I'm runnin...

by Path Finder in

Why is my indexer dropping scheduled jobs (too much free memory)?

I have 4 indexers that always have the same memory load (monitored through Zabbix). They are usually consistent at ar...

by Path Finder in

During import CSV, how do I use a host_segment attribute to extract a host name?

Hi, I import a CSV file like this one : date;host;type 18/09/18 10:23:50;SERV1;file 18/09/18 10:23:52;SERV2;ser...

by New Member in

Can you help me dump an inventory with a large number of searches, queries and reports to a .CSV file?

I need to inventory a large number of searches, queries and reports and dump the details (name), scheduled time, sear...

by New Member in

Can you help me forward Windows events to a 3rd party system?

Hi, I am trying to forward the Windows events from Splunk to a 3rd party syslog system. I checked the docs and als...

by Communicator in

Why am I getting a "File in use" error when trying to upgrade our forwarder to version 6.6.6?

I'm trying to upgrade our forwarder version to splunkforwarder-6.6.6-ff5e72edc7c4-x64-release.msi, but it is failing ...

by Explorer in

Can we download a bundle using REST API and manipulate a bundle using REST call?

Friends, I'm playing with the Splunk REST API. I have a Splunk deployment server and one client(running a universal f...

by New Member in

How do I import a Powershell script that inputs CSV data?

I currently have multiple Powershell scripts that take data from local log files and transform them in a certain way ...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why did Splunk stop collecting syslog logs?

"Splunk could not get the description..." after Windows 2016 Cumulative Update 2018-09

Can you help me with an inputs.conf wildcard issue?

Can you help me with props.conf in line breakage?

Remotely pull ./splunk diag via REST?

How do I blacklist sub-directories in the input.conf file?

What is the endpoint I can use for the saved search using API ?

Can you help me with Log Event Queueing on a Splunk Forwarder?

Can we specify files in archive to be collected?

Sybase IQ log timestamp catching

Discrepancy in the transfer of WinEventLog://Security logs through Universal Forwarder

Unable to pass the value from CSV into kvlookup and return results

Why is my PowerShell scripted input failing intermittently?

How do I find what is causing my typing queue blockage?

Will someone tell me the command Splunk is using to read Windows security event logs?

Environment variable in scripted input relative to App directory

SplunkForwarder garble events with \x00

Why is Splunk is not ingesting my Websense data?

Why is my indexer dropping scheduled jobs (too much free memory)?

During import CSV, how do I use a host_segment attribute to extract a host name?

Can you help me dump an inventory with a large number of searches, queries and reports to a .CSV file?

Can you help me forward Windows events to a 3rd party system?

Why am I getting a "File in use" error when trying to upgrade our forwarder to version 6.6.6?

Can we download a bundle using REST API and manipulate a bundle using REST call?

How do I import a Powershell script that inputs CSV data?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions