Getting Data In

Discussions

Thread Info

How to figure out what an instance is considered if I am on the deployment server, client, search head, forwarder, or indexer?

Hi there, I'm fairly new to Splunk and I am still a bit confused as to how I can tell what an instance is considered....

by New Member in

Windows Universal forwarder shows 2 host names for the same server

Hello, We have a single instance splunk deployment. I have installed Universal Forwarder on an Win 2012 R2 Active Dir...

by Path Finder in

Can the "exception" log record that looks different from the regular log records and is spanned across a bunch of lines be indexed as one Splunk event? The whole log goes to the same sourcetype.

Can the "exception" log record that looks different from the regular log records and is spanned across a bunch of lin...

by Explorer in

Modifying modular input's local inputs.conf via the REST API

Hi all, I'm trying to change specific values of a modular input's inputs.conf from within the modular input itself. A...

by New Member in

What is Splunk data life cycle?

Can someone explain to me splunk data life cycle? input, parsing, indexing, and search?

by Explorer in

Why is my file not being indexed?

I'm trying to on-board a new application and having issues from the get go. Application is IBM IIB and outputs log...

by Path Finder in

Things you can not do with forwarder license

Hi, I applied a forwarder license with Enterprize installer and built a forwarder. I want to know the list of things ...

by New Member in

Renaming index for data coming from universal forwarder

We have data coming from lots of universal forwarders and it has various sources and sourcetypes and sending data onl...

by Builder in

Does Splunk use alphabetical order for datetime.xml parsing?

Is there a sequence Splunk uses (like alphabetical order) for datetime.xml ? As an example, time pattern "use_this-la...

by Communicator in

Can you simply delete the 6.4.3 forwarder and installing the 7.2.1 forwarder?

Hi. We are running Splunk Enterprise 6.4.3, and our Universal Forwarders are running the same version. We'll be upgra...

by Builder in

How to mask SSN into our logs going into Splunk?

Our code leaked SSNs into our logs and they went into Splunk, so i'm trying to mask it. I tried it two ways (BTW, the...

by Explorer in

When does splunk roll data from warm to cold?

On my test environement I configured and index like this: [prove_di_cold] homePath = /root/splunk_hot/prove_di_col...

by Path Finder in

How to split single field value into two different values?

Hello, I'm trying to split a single value of a result which is 5231562. I want to be able to split this number int...

by Engager in

Defining time column in .csv uploaded

Good afternoon. This question might be already answered. But so far I searched I had no luck in understanding how ...

by Engager in

how to Count warm buckets per indexer per index

I've been trying to evaluate and control the space being used in our hot/warm vol. I am trying to run searches that w...

by Path Finder in

How to troubleshoot why my universal forwarder is not phoning home?

I installed my universal forwarder on an Ubuntu server. I have successfully established a connection to my Splunk Ent...

by Path Finder in

What are the different types of data ingestion?

Hi i just would like to know the different types of data ingestion and an overview about it Thanks in advance!

by Explorer in

How to extract fields without a name from a JSON event?

Hi all, I'm using virtual index to access log files stored in Hadoop and then trying to extract certain values from J...

by Communicator in

How to get the top 1 data per host?

I have a log where the mount usage of every host gets logged. So there can be multiple mounts per host. The data can ...

by Explorer in

Why am I not seeing custom logs using the universal forwarder?

I am using the UF to try and collect logs from a custom windows application. Below is my inputs.conf stanza. How I am...

by Path Finder in

Will I still be able to forward data into the instance and create searches after the Enterprise trial ends?

I currently have an Enterprise trial license and was wondering what would happen after the trial ends. Will I still b...

by New Member in

Why is the batch input not indexing certain files?

I have created a sub folder on a windows splunk indexer in which each night a sub directory named for today's date wi...

by Path Finder in

Can I have different versions of Splunk Enterprise in a distributed environment?

Can I have different versions of Splunk Enterprise within the same Splunk distributed environment? i.e. could I have ...

by Engager in

How to get json portion of log entry to display as formatted JSON?

Hey gang - hopefully this isn't to bad of a question and I'm missing something simple. I have an application that ...

by Path Finder in

How to trouble shoot Security Logs with Low Event Count logs are not parsing at realtime?

Hi All, We have been notified by the security team as they are seeing low security events counts and the logs are ...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to figure out what an instance is considered if I am on the deployment server, client, search head, forwarder, or indexer?

Windows Universal forwarder shows 2 host names for the same server

Can the "exception" log record that looks different from the regular log records and is spanned across a bunch of lines be indexed as one Splunk event? The whole log goes to the same sourcetype.

Modifying modular input's local inputs.conf via the REST API

What is Splunk data life cycle?

Why is my file not being indexed?

Things you can not do with forwarder license

Renaming index for data coming from universal forwarder

Does Splunk use alphabetical order for datetime.xml parsing?

Can you simply delete the 6.4.3 forwarder and installing the 7.2.1 forwarder?

How to mask SSN into our logs going into Splunk?

When does splunk roll data from warm to cold?

How to split single field value into two different values?

Defining time column in .csv uploaded

how to Count warm buckets per indexer per index

How to troubleshoot why my universal forwarder is not phoning home?

What are the different types of data ingestion?

How to extract fields without a name from a JSON event?

How to get the top 1 data per host?

Why am I not seeing custom logs using the universal forwarder?

Will I still be able to forward data into the instance and create searches after the Enterprise trial ends?

Why is the batch input not indexing certain files?

Can I have different versions of Splunk Enterprise in a distributed environment?

How to get json portion of log entry to display as formatted JSON?

How to trouble shoot Security Logs with Low Event Count logs are not parsing at realtime?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures