Getting Data In

Thread Info

Is it safe to delete .bundle files from /opt/splunk/var/run/search peers ?

Hi All, Currently we have an disk space issue in two of the splunk indexer instances and we have separate volume c...

by Motivator in

Possible to use setup.xml in an app to create a new data input?

So I created an app that defines a new data input type in default/inputs.conf. It uses a modular input and some custo...

by Explorer in

Index time mapping in inputs.conf

I have two fileds TIME and Last execution TIME. In input.conf i have mapped TIME field to use a index time(_time) ...

by Builder in

Splunk unable to read files

Hi, Splunk UF is setup to read files from particular directory. It reads files normally for few minutes, but suddenly...

by Contributor in

CSV data vs key-value data. Which is faster for performance?

hi, We have an incoming custom dataset which consumes approx 700GB a day and is currently used for CIM. Currently it ...

by Super Champion in

Logs have been FIFO'd but i still need. How do i get them back in?

Working in Windows I have a directory of sharepoint logs that i have been pulling for years. I've recently started to...

by Builder in

Why does clustering always appear as a repeat phenomenon without a reason?

hello, I have a strange question, This question is described as a bit rough. I have a single site cluster that contai...

by Communicator in

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded - data_source=

we are getting the below errors from splunkd.log. the issue is we weren't able to search the logs from splunk console...

by New Member in

Why is JSON from scripted input raw events in random orders?

have no idea what is going on here. I can make the same api call that the script is and receive the json back in the ...

by Builder in

passing of events field with spaces

Hi, I wanted to display Message in message field value. I wanted to do the set up in prof.conf. Can anyone please hel...

by New Member in

Modify JSON Objects at indexing time

Hello there, I have the issue that there are more events in one JSON-Object. Heres an example: { category: Net...

by Path Finder in

Pull syslog data from EC2 instance into Splunk

We're running an on-prem instance of Splunk Enterprise behind a firewall which (currently) does not permit ingress on...

by New Member in

To monitor which Windows server are not sending logs to Splunk

I want to check which server are not sending logs to Splunk as our monthly maintenance. Can you guys help me what is ...

by New Member in

Does Splunk support LEEF formatted events?

Does it support LEEF, Log Event Enhanced Format?

by Champion in

Windows IIS Log and Splunk

On a Windows 2012 Server the daily IIS log is held open and sits at "0" bytes in size throughout the day. It appears ...

by New Member in

How to send data from IBM AS400 to Splunk via syslog?

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn...

by Communicator in

Host rewrite not working...

I'm trying to rewrite the host field based upon values in my data. Here is a sample event: {"href":"/orgs/1/audit_...

by Builder in

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queir...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is it safe to delete .bundle files from /opt/splunk/var/run/search peers ?

Possible to use setup.xml in an app to create a new data input?

Index time mapping in inputs.conf

Splunk unable to read files

CSV data vs key-value data. Which is faster for performance?

Logs have been FIFO'd but i still need. How do i get them back in?

Why does clustering always appear as a repeat phenomenon without a reason?

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded - data_source=

Why is JSON from scripted input raw events in random orders?

passing of events field with spaces

Modify JSON Objects at indexing time

Pull syslog data from EC2 instance into Splunk

To monitor which Windows server are not sending logs to Splunk

Does Splunk support LEEF formatted events?

Windows IIS Log and Splunk

How to send data from IBM AS400 to Splunk via syslog?

Host rewrite not working...

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

Forward messages to different indexes based on the value of its field

JSON is being cut off at "created" key

How do I ingest the details tab in Windows Forwarded Events?

Custom fields for CSV Input

Simple search using cURL returns empty results

Why are my Palo Alto firewall logs not forwarding to Splunk anymore?

After the Upgrade to 7.0.3 the inputlookup command not working properly

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions