Getting Data In

Ask a Question

Discussions

Thread Info

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

Hi all, I've just stumbled across this issue. I have a linux host running rsyslogd. When I forward my events to th...

by Explorer in

How to expand the values as separate events in my JSON data?

{ "results": [ { "statement_id": 0, "series": [ { ...

by Path Finder in

Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade

Hello Team, We are planning to upgrade Splunk Enterprise v6.5.1 to v7.1.2. I understand that we need to upgrade or...

by Contributor in

How do I line break after a particular word?

Hello Below is a sample one sample event which starts with ####### and ends with * All done!. How do I break the even...

by Builder in

Duplicate values but one key

Hi, I am running into an issue where I have keys and values which will show up once; upon expansion however it sho...

by Path Finder in

Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX

I have built a props.conf but when I upload the log file manually it works fine but when the app writes the log the l...

by Explorer in

Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not capture any data to the index?

i have setup a database input to connect to MS SQL server in Splunk DB connect 3.1.1. My database connection is worki...

by Loves-to-Learn Lots in

Can you collect data From DirecTV Receiver/Bridge with Splunk?

Hello Splunkers! I'm getting into the nitty-gritty of Splunk and trying to apply my own data. I came up with the i...

by Path Finder in

How to find what is causing us to go over our daily license quota with so few events indexed?

We recently obtained a Splunk Enterprise license with a 6GB/day limit. We installed approximately 20 Windows Forwa...

by Engager in

How do I Email results from Python script to users through REST API?

Hello Experts, I have created a machine learning model and am fetching data from Splunk to generate real-time pred...

by Engager in

customizing the indexes.conf to keep no cold data

Our requirement is that there is no cold data. Once the data comes in it will be keep warm for 90 days and then it wi...

by Communicator in

splunk detects _time right, but displays it wrong

Hi, I have an issue with the _time field in Splunk. An event like this gets into Splunk. While the date_hou...

by Motivator in

Do I have a possible KV extraction issue on the universal forwarder?

I have some json events that are fairly long (10K-20K characters). Most events come through fine, except for the fact...

by Path Finder in

How to see Events coming into the Indexer?

I am forwarding events from windows events from Graylog to a load balance point in front of a UF using a TCP input th...

by Path Finder in

How to extract the .csv file as key value pairs in splunk ?

I am receiving a .csv file data from the forwarder to splunk. The .csv will be rolled and will be created a new csv f...

by Explorer in

Df Output: How can I check disc usage across different apps?

In one of indexers, the /apps usage is 100 per.How can I know what is the root cause which app is using more CPU. I w...

by Builder in

How do you configure remote KV store on Universal Forwarder?

I have an application which uses the KV store to store the application's state. When installing it on a universal for...

by Engager in

Could not use srptime to parse timestamp

Have been getting "Could not use srptime to parse timestamp from Token TOKEN = DD215569A74FB06F5BC0C966CF60AD86:2018-...

by Explorer in

Navigation Bar/header: can you convert XML file to HTMl view for edit?

Is it possible to convert the XML file of the Navigation Bar to HTML view so I can edit it my own way? For exampl...

by Path Finder in

Why am I having sourcetype override problems when trying to monitor a log directory for a custom application?

I have the universal forwarder installed on a Windows 2012 server. I am trying to monitor a log directory for a custo...

by Path Finder in

REST API Modular input - creating class in responsehandler.py

Hello, I'm trying to get data in Splunk using REST API (data are in json format). I understand I have to create my...

by Path Finder in

forward events to multiple indexers

hi everyone, I have web server events. I want to forward specific events that contain digits 404 to index1 and rem...

by Communicator in

Why does Splunk Custom Visualization API result in a build error on a Windows Machine?

I was trying to use Custom Visualization API to build my own custom visualization using tutorial from Splunk Docs (si...

by Legend in

forward specified events to reciever

i need only recieve events with action=blocked from farwrders, my logs are : Aug 18 12:56:13 192.168.X.X date=2018...

by Explorer in

Why does the file without line feeds and carriage does not run?

Hi at all, I have a file without CR al LF to divide events. I usually parsed these files without problems (e.g. SAP l...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

How to expand the values as separate events in my JSON data?

Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade

How do I line break after a particular word?

Duplicate values but one key

Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX

Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not capture any data to the index?

Can you collect data From DirecTV Receiver/Bridge with Splunk?

How to find what is causing us to go over our daily license quota with so few events indexed?

How do I Email results from Python script to users through REST API?

customizing the indexes.conf to keep no cold data

splunk detects _time right, but displays it wrong

Do I have a possible KV extraction issue on the universal forwarder?

How to see Events coming into the Indexer?

How to extract the .csv file as key value pairs in splunk ?

Df Output: How can I check disc usage across different apps?

How do you configure remote KV store on Universal Forwarder?

Could not use srptime to parse timestamp

Navigation Bar/header: can you convert XML file to HTMl view for edit?

Why am I having sourcetype override problems when trying to monitor a log directory for a custom application?

REST API Modular input - creating class in responsehandler.py

forward events to multiple indexers

Why does Splunk Custom Visualization API result in a build error on a Windows Machine?

forward specified events to reciever

Why does the file without line feeds and carriage does not run?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions