Getting Data In

Thread Info

Why are wildcards not working when configuring the source path in inputs.conf?

I am facing issues with using wildcards in my input.conf file. I am monitoring the same directory where 2 differen...

by Communicator in

Question about sending data between SSL Forwarder to Forwarder

We will be deploying forwarders outside of our network and using SSL. These forwarders will be forwarding the raw dat...

by Contributor in

After updating my indexer to 2TB, which index volume should I increase?

i have upgraded my indexer to 2TB from 450GB to increase my data retention. Below is my current indexer volume co...

by Contributor in

How do I find unique errors from cronjobs sent to syslog?

I am trying to find all unique messages sent to syslog from specific machines Splunk 6.6.8 Using the following bas...

by Explorer in

Is there a limit to the number of TCP listeners we can configure on a Heavy Forwarder (HF)?

Hi , We have configured a couple of Bluecoats on TCP custom ports on a HF. i see the data flowing in but the Bluec...

by Path Finder in

What is the difference between the dbinspect command and "_bkt"?

Hello guys, Could you let me know the difference in terms of buckets between : | dbinspect *search* and *search...

by Motivator in

What is a good way to Splunk log lines like the following with JSON?

Lets say I have a log line that contains of a JSON field with this content: { "breakdown": { "a": [ ...

by Explorer in

How do you sum all values of a field that has JSON data?

I have some JSON data , in that i want to sum all values of a key in a Splunk query. Below is the sample data : da...

by Path Finder in

How can we avoid the line truncating warning?

On the forwarder's splunkd.log, we keep getting the following warning - 09-29-2017 02:11:46.400 -0500 WARN LineB...

by Ultra Champion in

Can you help me send data to cloud as well on-premise servers?

We have a requirement to send data from our HF server to Splunk cloud indexers as well as on-premise indexer. So, ...

by Explorer in

can we use rsyslog instead of syslog-ng for palo alto app in splunk?

hi Can we use rsyslog instead of syslog-ng for palo alto app in splunk .when i read the palo alto guideliness for ...

by New Member in

How do I find and remove strings in logs from the Forwarder?

Hello, I'm trying to send some antivirus logs from the forwarder into Splunk. The logs I'm sending have a tende...

by New Member in

How to extract the one time header on top of the real header.

Hi, I'm new to splunk and would like some help with tackling my task at hand, - NO INDEX DATE STIME ETIME REP ACTI...

by Engager in

How can I watch a CSV file?

All, I have a CSV being laid to a file system by a database. A basic monitor stanza brought the file in perfe...

by Builder in

app.conf does not honor environment variables

i'd like to embed an env variable in my app label, so i add this to my app.conf: [ui] label = My App $SPLUNK_HOME ...

by Path Finder in

Why is my forwarder not forwarding data other than _internal?

I have forwarder not forwarding any input data other than _internal. Checks performed: splunk version - 6.4.2 For...

by Explorer in

Is it possible to edit a sourcetype after its creation?

Hello Splunkers, Is it possible to edit a sourcetype after its creation? Thank you in advance! Afroditi

by Engager in

Why do I see duplicate fields in sourcetype configuration?

Hello Splunkers, I am trying to configure a sourcetype in Advanced section. For example, I create a field alias by...

by Engager in

Why is my JSON format log getting truncated?

I have a log which has a JSON format line in the middle. Splunk is extracting the log but is truncating the JSON part...

by Explorer in

Is there a cloud service that can act as a syslog server and forward logs into Splunk?

I have a number of small remote offices that do not have network connectivity back to our datacenters. We are trying ...

by New Member in

How to integrate facebook python script to splunk?

Greetings, I'm new to splunk and I'm trying to get data from facebook: posts, likes, reactions... I have a python scr...

by Explorer in

EventCode 5156

Hi Guys, We are using Splunk version 4.3.1, build 119532 on both the Indexer and the Universal Forwarder. Over...

by Explorer in

The Http Event Collector (HEC) accepts but doesn't index _json event with accented characters — is this a bug?

Hi, I've tracked down an issue we've been having where some events being sent through our HEC haven't been indexed...

by Engager in

Is INDEXED_EXTRACTIONS = json expensive on the indexer?

In What are the requirements for a perfect Splunk JSON document? We spoke about - INDEXED_EXTRACTIONS = json ca...

by Ultra Champion in

,In Splunk Cloud with managed forwarders is it possible to set the initCrcLength for a monitored directory input?

Is there a way to pass the initCrcLength when creating a data input with managed forwarders? The default doesn't pull...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why are wildcards not working when configuring the source path in inputs.conf?

Question about sending data between SSL Forwarder to Forwarder

After updating my indexer to 2TB, which index volume should I increase?

How do I find unique errors from cronjobs sent to syslog?

Is there a limit to the number of TCP listeners we can configure on a Heavy Forwarder (HF)?

What is the difference between the dbinspect command and "_bkt"?

What is a good way to Splunk log lines like the following with JSON?

How do you sum all values of a field that has JSON data?

How can we avoid the line truncating warning?

Can you help me send data to cloud as well on-premise servers?

can we use rsyslog instead of syslog-ng for palo alto app in splunk?

How do I find and remove strings in logs from the Forwarder?

How to extract the one time header on top of the real header.

How can I watch a CSV file?

app.conf does not honor environment variables

Why is my forwarder not forwarding data other than _internal?

Is it possible to edit a sourcetype after its creation?

Why do I see duplicate fields in sourcetype configuration?

Why is my JSON format log getting truncated?

Is there a cloud service that can act as a syslog server and forward logs into Splunk?

How to integrate facebook python script to splunk?

EventCode 5156

The Http Event Collector (HEC) accepts but doesn't index _json event with accented characters — is this a bug?

Is INDEXED_EXTRACTIONS = json expensive on the indexer?

,In Splunk Cloud with managed forwarders is it possible to set the initCrcLength for a monitored directory input?

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions