Getting Data In

Ask a Question

Discussions

Thread Info

How to add a data input in Server GUI that modifies the inputs.conf file in the Universal Forwarders?

Hi: I'm using Splunk in a Mac OS X system. I've installed Universal Forwarders in several Windows Machines. I 've ...

by New Member in

I can't assign `can_delete` to default user `admin`.

I am facing a problem similar to the following Answers! https://answers.splunk.com/answers/549958/admin-like-accou...

by Builder in

Force UF(6.4.5) and Deployment Server(6.2.3) to use TLS 1.2

https://answers.splunk.com/answers/468642/deployment-server-flooded-with-ssl-handshake-error-1.html By seeing answ...

by Builder in

How to Delete Duplicate Events

We have a search that captures the count per host every 10 minutes and puts the results into a summary index. For som...

by Communicator in

maxVolumeDataSizeMB not enforced. Splunk is indexing more than this limit

All, I have the following configuration on my indexes.conf [volume:_splunk_summaries] path = /usr/ssn/splunkDB/...

by Path Finder in

Does Splunk REST API support installing a license that resides on a remote server?

We are using REST API to manage our Splunk app and install Splunk licenses. When a license resides locally there is n...

by Engager in

Error when trying to integrate ServiceNow with Splunk

I'm receiving an error when trying to integrate a ServiceNow instance with Splunk in an environment with no internet ...

by Engager in

How to break event consisting json data properly

Hi everyone, I have a log file of the below pattern: 2018-05-24 [POST] 8.8.8.8 GET /api { json: data } And it is not ...

by Explorer in

_TCP _ROUTING - windows event – will this work?

Hi I was wondering how you go about extracting and forwarding certain field values to a third party system and whethe...

by New Member in

Index name entry in inputs.conf

Hello splunkers , I have seen in system/local/inputs.conf of many servers that it contains one entry provided belo...

by Communicator in

Breaking of events on the basis of date

Can any one suggest me ,how can i break the events in the below format. I want to break it on the basis of date forma...

by New Member in

How to monitor duration of very long events?

Hi all! How would you go on monitoring the duration that a service is in state "Connected"? Let's say I have 10 Insta...

by Explorer in

OR in Pivot command

Hi Team, How do we do "OR" in pivot command? I wanted to have a result with either product ="IOS" OR product ="WL...

by Communicator in

output lookup field from a boolean between multiple input fields

Hello, I'm trying to make an automatic lookup for action=success / failure / read / deleted / modified / etc. the ...

by Communicator in

Why does the search query does not show host, source, and sourcetype below each event?

Hi, I am taking Splunk Fundamentals course and during one of the lab exercises related to performing a search operati...

by Path Finder in

Adding line number to line breaked events

I'n trying to index complete Cisco switch configuration files. A snipped of such an output look like this: version...

by Path Finder in

How do I exclude WinEventsLog:Application files from being forwarded?

Whenever I check the files that have been forwarded to my Splunk index, I see a bunch of files having their source = ...

by Path Finder in

Delete index and recreate using python sdk

Hi, I am trying to delete all data from an index for automated testing using the python sdk. The splunk.client.index...

by New Member in

syslog redundancy

Hello, I'd like to setup active-failover redundancy instead of time based load balancing on heavy forwarder routin...

by Explorer in

Can you let me know if the below log files description can be on boarded on Splunk?

Can you let me know if the below log files description can be on boarded on Splunk? As per the Splunk team, they tel...

by Communicator in

Is it possible to send logs from splunk to elasticsearch without logstash at the middle?

We have client with splunk enterprise instance and we need to send some logs from this instance directly to elasticse...

by New Member in

Why is Splunk crashing every 5 seconds on a single host with error "WARN Thread - HTTPDispatch: about to throw a ThreadException: pthread_create: Resource temporarily unavailable"?

So, I pushed Splunk out to our entire non-production AIX farm. It is working on 50 hosts just fine, but, fails on a s...

by Explorer in

How to upgrade Splunk forwarders from a deployment server installed on a separate VM?

Hi, I have set up a deployment server with a test app directory under etc/deployment-app along with a default inp...

by New Member in

Data Lab SQL Input - Temp Table Alternatives

Hello, I have taken on a project at work to migrate all of our old MSSQL reports into Splunk. The SQL in these rep...

by Communicator in

How to install Splunk eventgen in a Windows environment?

Hello, Could you please let me know how to install eventgen in window environment. Regards, Anjan

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to add a data input in Server GUI that modifies the inputs.conf file in the Universal Forwarders?

I can't assign `can_delete` to default user `admin`.

Force UF(6.4.5) and Deployment Server(6.2.3) to use TLS 1.2

How to Delete Duplicate Events

maxVolumeDataSizeMB not enforced. Splunk is indexing more than this limit

Does Splunk REST API support installing a license that resides on a remote server?

Error when trying to integrate ServiceNow with Splunk

How to break event consisting json data properly

_TCP _ROUTING - windows event – will this work?

Index name entry in inputs.conf

Breaking of events on the basis of date

How to monitor duration of very long events?

OR in Pivot command

output lookup field from a boolean between multiple input fields

Why does the search query does not show host, source, and sourcetype below each event?

Adding line number to line breaked events

How do I exclude WinEventsLog:Application files from being forwarded?

Delete index and recreate using python sdk

syslog redundancy

Can you let me know if the below log files description can be on boarded on Splunk?

Is it possible to send logs from splunk to elasticsearch without logstash at the middle?

Why is Splunk crashing every 5 seconds on a single host with error "WARN Thread - HTTPDispatch: about to throw a ThreadException: pthread_create: Resource temporarily unavailable"?

How to upgrade Splunk forwarders from a deployment server installed on a separate VM?

Data Lab SQL Input - Temp Table Alternatives

How to install Splunk eventgen in a Windows environment?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures