Getting Data In

Discussions

Thread Info

Is it possible to list out empty index

Hi, I am working on index="retail_ca", The problem with this index is some days the data is not ingesting in this...

by Communicator in

Additional search in REST API results enpoint

I'm using curl and the REST API to submit a job and fetch the results by search id. What I'd like to do is, rather th...

by New Member in

Is it possible to create a command that launches a powershell script?

We currently have a PowerShell script that queries one of our EDR solutions and returns all data for the specified ho...

by Path Finder in

Forward data from logstash-forwarder to Splunk Indexer

Hi all, we have an ELK-cluster in our company and now we want to have the data, we have in ELK, as well in Splunk....

by Path Finder in

How to split multiple lines of data into a single individual line in splunk?

Hi All, We are monitoring the wtmpx data from the Unix machines via splunk using the Splunk add-on for Unix, based on...

by Motivator in

Why am I unable to boot-start splunk universal forwarder as non-root user on MacOS High Sierra?

Hi there, I'm new to Splunk and am testing out installing splunk forwarder on some Mac clients running High Sierra...

by Engager in

Splunk - Server and Application logs timestamps are different

We have a set of servers where the server Timezone is in PST/PDT but the application running on that server has log t...

by New Member in

Why does the forwarder stops sending data to all configured TCP connections when one connection is not available?

Hello, I'm new to splunk and hope you can help me with this problem. I'm using Universal forwarder to send data fr...

by Engager in

why are my configurations not working even after reboot?

The log files I'm working with are using the log4j syntax, and I'm loading them into splunk through the GUI (not real...

by New Member in

Why is the TIMESTAMP_FIELDS setting in props.conf, on the Universal Forwarder, not taken into account?

I have the issue that the TIMESTAMP_FIELDS setting in the props.conf on the Universal Forwarder is not taken into acc...

by Path Finder in

Forwarder refusing to start

My forwarder was working fine but stopped and I can't get it running again. Running the splunk start command appears ...

by Path Finder in

"ERROR DistributedPeerManagerHeartbeat - A time skew of approximately 61 seconds exists between this search head and peer indexer1"

Hi Splunkers, I'm getting the following error on my search head's splunkd.log: ERROR DistributedPeerManagerHear...

by Communicator in

Event and log timestamps are off by a bit

Local splunk server timezone is GMT. Incoming firewall logs are in Eastern. But when I query, the times are off when ...

by New Member in

Encountering a "command not found" error when executing rebuild command

Hello, I executed the below command on an indexer but received a "rebuild: command not found" error message: sp...

by Communicator in

In Splunk hec, what should you check if you cannot search fields from http event collector in SHC?

With Splunk HEC it is possible to send a HTTP POST with Json payload to services/collector/event. This supports the f...

by Explorer in

How can I change the output of a search job to JSON?

I'm not a developer, so please bear with me. i'm using service.savedSearches.fetch, then mySavedSearch.dispatch(funct...

by Explorer in

Splunk Forwarder with DB Connect : connection not closed with Splunk Indexer

I am using Splunk Heavy Forwader with DB Connect to forward data to a Splunk Indexer instance. Although the HF is not...

by Engager in

GeneratingCommand intended behaviour?

I've been writing custom commands using SCP1, particularly using splunk.Intersplunk.outputStreamResults and it's been...

by Engager in

How to edit my props and transforms to filter out certain phrases in ASA logs?

Hi, I've read a few articles on filtering data inputs. Basically I have a noisy ASA that I'm logging, and I want ...

by New Member in

How to extract timestamp without destroying the sequence of original events from my sample data?

Hi, I have the following sample event data. - For some reason, there is no sub-seconds-order data for the timestam...

by New Member in

How to collect logs from multi Box account

Hi folks, I have three contracts of Box services, and I try to gather box transaction logs by API. I could get box lo...

by Splunk Employee in

TRANSFORMS-ROUTING filtering out source address

I have set up a TRANSFORMS-ROUTING and it is forwarding data to a 3rd party however, they do not want to see the sour...

by Contributor in

Heavy Forwarder vs. Reduced Splunk Enterprise & DB Connect App

Hello everyone! My team and I are attempting to create a service for our departments' applications that enable the...

by Communicator in

Search fields not updating on token set

I am attempting to set a token via a drilldown in a simple xml dashboard as a way to filter a table. <input t...

by Engager in

How does Splunk work on Workstation after a network disconnect?

Hello I am trying to understand how SPLUNK works on Workstation after a network disconnect. Is it the same proces...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is it possible to list out empty index

Additional search in REST API results enpoint

Is it possible to create a command that launches a powershell script?

Forward data from logstash-forwarder to Splunk Indexer

How to split multiple lines of data into a single individual line in splunk?

Why am I unable to boot-start splunk universal forwarder as non-root user on MacOS High Sierra?

Splunk - Server and Application logs timestamps are different

Why does the forwarder stops sending data to all configured TCP connections when one connection is not available?

why are my configurations not working even after reboot?

Why is the TIMESTAMP_FIELDS setting in props.conf, on the Universal Forwarder, not taken into account?

Forwarder refusing to start

"ERROR DistributedPeerManagerHeartbeat - A time skew of approximately 61 seconds exists between this search head and peer indexer1"

Event and log timestamps are off by a bit

Encountering a "command not found" error when executing rebuild command

In Splunk hec, what should you check if you cannot search fields from http event collector in SHC?

How can I change the output of a search job to JSON?

Splunk Forwarder with DB Connect : connection not closed with Splunk Indexer

GeneratingCommand intended behaviour?

How to edit my props and transforms to filter out certain phrases in ASA logs?

How to extract timestamp without destroying the sequence of original events from my sample data?

How to collect logs from multi Box account

TRANSFORMS-ROUTING filtering out source address

Heavy Forwarder vs. Reduced Splunk Enterprise & DB Connect App

Search fields not updating on token set

How does Splunk work on Workstation after a network disconnect?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions