Getting Data In

Discussions

Thread Info

What is the difference between kv_mode=json and kv_mode=none?

What will be the end result if we have kv_mode=json versus kv_mode=none in the props.conf? Iff you can explain with a...

by Explorer in

Why is the collectd interval not working?

I'm working on a solution to send metrics from a number of Linux servers running RHEL 7.5. I've got collectd insta...

by New Member in

How do you aggregate two types of data?

Does aggregate mean using (sum, average, count etc) or does it mean something else? Please give an example on how to ...

by Explorer in

How do you migrate historic data from on-prem Splunk Enterprise to Splunk Cloud?

Hey there, Has anyone taken the challenge of migrating historic indexed data from on-premise Splunk Enterprise to ...

by Influencer in

How do I extract fields from a JSON map while keeping the relationship?

Hi, My stakeholders would like view events in the following JSON map log format, together in one record parsed ou...

by New Member in

How do I extract a value of a key from multi-format data?

Hi, I'm new in Splunk. I need help with extraction data, and I have a multi-format file. Example: 08-Oct-2018 1...

by New Member in

What is the best practice to deal with equal stanzas in input.conf due to wildcards?

Hey everybody, we have some problems with our inputs.conf for directory inputs in the following stanzas: [monitor:...

by New Member in

How do I find when was the last time a particular source type was updated?

I basically want to know how to figure out if Splunk isn't sending data and if my source/sourcetype has stale data. ...

by Contributor in

Why aren't my command line flags working when installing a Universal Forwarder (UF) via Power Shell on Windows?

Hi, I'm testing an install of a Splunk UF on a Windows server using the Power Shell command line. The server is su...

by Builder in

How to determine the average size of my indexed events?

It can sometimes be interesting to know the average event size for a given source or sourcetype. How can this be achi...

by Splunk Employee in

Is there a way to generate SOAP request programmatically from web sphere logs(data elements logged in) using Splunk API(if any)?

I'm new to Splunk and exploring options. I want to know if I can extract/generate the SOAP request from WAS logs(usin...

by Explorer in

Why is Splunk not reading old data in a file?

Hi Splunkers, I recently ran into an issue where our Splunk forwarder is able to read and index the new lines in t...

by Path Finder in

Can you help me with a question about persistent queuing with multiple tcp ports?

I have a forwarder that forwards to two different Splunk systems: SplunkA and SplunkB. The data coming into the forwa...

by Path Finder in

If the divider of logs is set at DateTime value, how do you get Splunk to return one log instead of two?

We have divider of logs as DateTime value. If Splunk forwarder sees DateTime value in the string, it forms other log-...

by New Member in

How do I CIM tag mainframe Z/OS audit logs sent in via syslog?

This is actually a question I already the answer for, I just want to use the question/answer style to ensure it compl...

by SplunkTrust in

How come Apache web server logs being sent to nullQueue are still being indexed?

I have the universal forwarder pushed out to some Apache web servers that are indexing some access logs. I would like...

by Builder in

How can i integrate Sharepoint Audit logs in to splunk?

Team, I am planning to integrate Sharepoint on-premise and Sharepoint Online Audit logs in to splunk . Could you p...

by New Member in

Can you help me with my search to extract and stats count a JSON field using Splunk?

Hi , I want a Splunk query to extract and stats count filed from JSON msg body. For e.g: index=abc org_name=...

by Explorer in

When using Splunk to retrieve data from an Oracle database, how do I reduce the returned results to only the last 30 days?

Splunk database input query from oracle database ? I am using Oracle database to retrieve data to Splunk and the d...

by Contributor in

How do I configure custom index-time field extraction?

Hello, i want to extract a field on index-time extraction on search head (i know it's not the best idea), but I'm...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What is the difference between kv_mode=json and kv_mode=none?

Why is the collectd interval not working?

How do you aggregate two types of data?

How do you migrate historic data from on-prem Splunk Enterprise to Splunk Cloud?

How do I extract fields from a JSON map while keeping the relationship?

How do I extract a value of a key from multi-format data?

What is the best practice to deal with equal stanzas in input.conf due to wildcards?

How do I find when was the last time a particular source type was updated?

Why aren't my command line flags working when installing a Universal Forwarder (UF) via Power Shell on Windows?

How to determine the average size of my indexed events?

Is there a way to generate SOAP request programmatically from web sphere logs(data elements logged in) using Splunk API(if any)?

Why is Splunk not reading old data in a file?

Can you help me with a question about persistent queuing with multiple tcp ports?

If the divider of logs is set at DateTime value, how do you get Splunk to return one log instead of two?

How do I CIM tag mainframe Z/OS audit logs sent in via syslog?

How come Apache web server logs being sent to nullQueue are still being indexed?

How can i integrate Sharepoint Audit logs in to splunk?

Can you help me with my search to extract and stats count a JSON field using Splunk?

When using Splunk to retrieve data from an Oracle database, how do I reduce the returned results to only the last 30 days?

How do I configure custom index-time field extraction?

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server

Ingest Actions error

Splunk OTEL Collector throwing Timeout and Authent...

HEC stopped working