Getting Data In

Thread Info

How to edit ps.sh to limit process getting in ingest for Splunk Add-on for Unix and Linux

Hello, I'm trying to only get a certain server processes to ingest to splunk index using Splunk Add-on for Unix and ...

by Engager in

What is the best practise for monitoring a file directly on the indexer machine(s)?

I need to monitor a file directly on the indexer. I know I can just define an inputs.conf on the indexer itself and r...

by Builder in

Splunk alert and shutting down a physical port on a switch

Have anyone used Splunk to act upon an alert and shut down a physical port on the switch? This would require running ...

by New Member in

How to filter the event by different date than mapped in the sourcetype?

We have Date1 mapped in the sourcetype for the index. So if I select last 7 days in the date filter data is filtered ...

by Path Finder in

Combine data across multiple sources and then split answer to separate rows when exported to csv

Good afternoon, I am trying to take data from multiple sourcestypes, combine it by a common field and then output ...

by New Member in

HEC Sourcetype

Hello everyone! I just have a brief question regarding the HEC input. Our primary data input is the HEC. For new appl...

by Communicator in

Palo Alto stopped logging traffic to Splunk

I am having the same issue as: https://answers.splunk.com/answers/507167/why-are-my-palo-alto-firewall-logs-not-forwa...

by Path Finder in

Why are logs not getting sent to Splunk with our current inputs.conf monitor stanza for a Windows file?

Hello All, I know this has been covered and there are many answers, but from what I can tell, my inputs.conf is co...

by Contributor in

How to do a match of fields between a CSV file and my SPLUNK search?

Hello I want to do a match between a CSV file and my SPLUNK search In the CSV file, I want that the field "host" whic...

by Motivator in

Single Value fields Ingested as Multi Value

I never ran into this problem before, but I hope someone has.. I have a python script which calls a REST API and p...

by Path Finder in

How to import old log files to splunk

I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and...

by Path Finder in

Send JSON file/txt file using HEC - stuck on curl command

Hello Trying to send a JSON file/text file through HEC to splunk. Getting stuck while adding "-d @data.json" in...

by New Member in

Is there a way to index data from NFS without mounting?

Hello, I'm relatively new to Splunk, so please bear with me. I wanted to know whether there was any way to point to m...

by New Member in

How to index data with multiple forwarders on the same host?

Hello, I googled around for similar questions but could not find anything, so I'm sorry if this question has alre...

by New Member in

Is there a way to define the colon to be a name value pair separator?

We have cases such as the ldap audit log file - dn: dc=<domain name>,dc=com changetype: modify replace: ds-sync-st...

by Ultra Champion in

How to Blacklist on a Universal Forwarder with a TCP input?

I have a UF running on a linux device, with a TCP input. The input is coming from a Graylog forwarder and all the win...

by Path Finder in

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Maste...

by Path Finder in

Getting 404 using axios call to rest api

I am trying to connect to splunk's rest api. In the command line when I curl -k https://localhost:8089/services/auth/...

by New Member in

Upload File vs. Index-once Monitor File

Would like to get some enlightenment on what's the difference between the two. TIA

by Builder in

When any new data is uploaded to Splunk to review before index, why does the preview page comes up blank and no sample of data is generated?

When I upload any new data to Splunk to review before the index, the preview page is blank and no sample of data is g...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to edit ps.sh to limit process getting in ingest for Splunk Add-on for Unix and Linux

What is the best practise for monitoring a file directly on the indexer machine(s)?

Splunk alert and shutting down a physical port on a switch

How to filter the event by different date than mapped in the sourcetype?

Combine data across multiple sources and then split answer to separate rows when exported to csv

HEC Sourcetype

Palo Alto stopped logging traffic to Splunk

Why are logs not getting sent to Splunk with our current inputs.conf monitor stanza for a Windows file?

How to do a match of fields between a CSV file and my SPLUNK search?

Single Value fields Ingested as Multi Value

How to import old log files to splunk

Send JSON file/txt file using HEC - stuck on curl command

Is there a way to index data from NFS without mounting?

How to index data with multiple forwarders on the same host?

Is there a way to define the colon to be a name value pair separator?

How to Blacklist on a Universal Forwarder with a TCP input?

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?

Getting 404 using axios call to rest api

Upload File vs. Index-once Monitor File

When any new data is uploaded to Splunk to review before index, why does the preview page comes up blank and no sample of data is generated?

How to get volume by indexer?

How am I able send data to the main index but not able to send data to any newly created index?

Installing UF on AIX HACMP cluster.

How to get distinct count of a field only for the latest events?

How to integrate Splunk and HP's Performance Center

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions