Getting Data In

Discussions

Thread Info

How to do a match of fields between a CSV file and my SPLUNK search?

Hello I want to do a match between a CSV file and my SPLUNK search In the CSV file, I want that the field "host" whic...

by Motivator in

Single Value fields Ingested as Multi Value

I never ran into this problem before, but I hope someone has.. I have a python script which calls a REST API and p...

by Path Finder in

How to import old log files to splunk

I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and...

by Path Finder in

Send JSON file/txt file using HEC - stuck on curl command

Hello Trying to send a JSON file/text file through HEC to splunk. Getting stuck while adding "-d @data.json" in...

by New Member in

Is there a way to index data from NFS without mounting?

Hello, I'm relatively new to Splunk, so please bear with me. I wanted to know whether there was any way to point to m...

by New Member in

How to index data with multiple forwarders on the same host?

Hello, I googled around for similar questions but could not find anything, so I'm sorry if this question has alre...

by New Member in

Is there a way to define the colon to be a name value pair separator?

We have cases such as the ldap audit log file - dn: dc=<domain name>,dc=com changetype: modify replace: ds-sync-st...

by Ultra Champion in

How to Blacklist on a Universal Forwarder with a TCP input?

I have a UF running on a linux device, with a TCP input. The input is coming from a Graylog forwarder and all the win...

by Path Finder in

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Maste...

by Path Finder in

Getting 404 using axios call to rest api

I am trying to connect to splunk's rest api. In the command line when I curl -k https://localhost:8089/services/auth/...

by New Member in

Upload File vs. Index-once Monitor File

Would like to get some enlightenment on what's the difference between the two. TIA

by Builder in

When any new data is uploaded to Splunk to review before index, why does the preview page comes up blank and no sample of data is generated?

When I upload any new data to Splunk to review before the index, the preview page is blank and no sample of data is g...

by Explorer in

How to get volume by indexer?

all, Is there a better way to get data by indexer than this search from the search head without access to the int...

by Builder in

How am I able send data to the main index but not able to send data to any newly created index?

Hi Team, I have below machines on AWS running currently in non-cluster mode. I am able to send data to the main in...

by Explorer in

Installing UF on AIX HACMP cluster.

Hi, We are installing universal forwarder on the AIX HACMP cluster which has two nodes. We wanted to understand w...

by Explorer in

How to get distinct count of a field only for the latest events?

I'm constantly feeding my splunk with a .csv source, all of them with a pattern ïn their name: "Data1.csv", "Data2.cs...

by New Member in

How to integrate Splunk and HP's Performance Center

How can I achieve integration of Splunk with HP's Performance Center in order to do the analysis and other operations...

by New Member in

How can I have multiple apps hosts and inputs consolidated into single serverclass.conf & inputs.conf.dist?

Hi Team, We have a cluster which has multiple apps under it. I am working on boarding the apps logs onto splunk. ...

by Communicator in

Where to edit props.config for breaking log into multiple events?

I am using universal forwarders to move log data from remote servers to a centralized Splunk Light server. Where do I...

by New Member in

eDirectory events

Hi everyone, Has anyone successfully captured audit events from the Novell Audit agent for eDirectory or IDM produ...

by New Member in

How many pipelines should I use on a forwarder?

I'm trying to figure out how many pipelines to set on my forwarders to maximize the following: ThroughputData dist...

by Contributor in

How do you parse JSON from a specific field?

I tried search in the community support section for something similar to my issue. I am trying to parse a specific...

by Loves-to-Learn Lots in

Cloudtrail JSON logs do not ingest into splunk in a usable manner. How to parse correctly?

The cloudtrail event exports are in JSON with fields, which is great. However, each event has a top level empty piece...

by Builder in

How to forward the entire contents of a CSV file even if its unchanged daily?

Hello, I'm attempting to forward a set of .csv files for administrator group auditing. However it only forwards, or a...

by New Member in

What does the view Settings -> Sourcetypes (Under Data Section) tells us?

Hi, I am working on troubleshooting one issue where data from a particular sourcetype is not getting parsed correc...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to do a match of fields between a CSV file and my SPLUNK search?

Single Value fields Ingested as Multi Value

How to import old log files to splunk

Send JSON file/txt file using HEC - stuck on curl command

Is there a way to index data from NFS without mounting?

How to index data with multiple forwarders on the same host?

Is there a way to define the colon to be a name value pair separator?

How to Blacklist on a Universal Forwarder with a TCP input?

Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?

Getting 404 using axios call to rest api

Upload File vs. Index-once Monitor File

When any new data is uploaded to Splunk to review before index, why does the preview page comes up blank and no sample of data is generated?

How to get volume by indexer?

How am I able send data to the main index but not able to send data to any newly created index?

Installing UF on AIX HACMP cluster.

How to get distinct count of a field only for the latest events?

How to integrate Splunk and HP's Performance Center

How can I have multiple apps hosts and inputs consolidated into single serverclass.conf & inputs.conf.dist?

Where to edit props.config for breaking log into multiple events?

eDirectory events

How many pipelines should I use on a forwarder?

How do you parse JSON from a specific field?

Cloudtrail JSON logs do not ingest into splunk in a usable manner. How to parse correctly?

How to forward the entire contents of a CSV file even if its unchanged daily?

What does the view Settings -> Sourcetypes (Under Data Section) tells us?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Can we install Botsv3 on splunk 10.0.0 in windows...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!