Getting Data In

Thread Info

Why is the Windows universal forwarder not showing in forwarder management?

I am trying to create a new universal package for our windows servers. The log data from our test server is showing u...

by Path Finder in

Remove { } from json file before indexing

HI, i am trying to index a local json file, but when going trough the sourcetype the predefined json source type i...

by Explorer in

Forward data to third party and self-service Splunk Cloud

We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Clo...

by Explorer in

How to add IIS logs and Apache logs to common information model for web ?

Hi All, We would like to added the IIS logs and Apache logs to the CIM model for the Web, not sure what exactly needs...

by Motivator in

Convert time to the specific City Timezone

I need to create a report of all remote logins of users. All the times are in EST in Splunk. We need to convert it to...

by Explorer in

I want to set a different "time zone" from the "time zone" in the log.

If there is a log like below that have time zone "+00:00", how can I set different time zone? 2018/5/9 3:00:00+00:...

by Builder in

inputs.conf configuration for key value pair

Hi, I have the below data that I will be importing into splunk. Id like to be able to delimit based on the FIRST (...

by Motivator in

Can we use REST API instead of Universal Forwarder to send logs to indexer, if so, How can we do that?

How can we send the logs through REST API without using the Universal forwarder on the application server or any sour...

by Engager in

How to configure EXPORT Excel (add on) if AdvanceXML is Deprecated ?

As i can see in this documentation http://docs.splunk.com/Documentation/Splunk/7.1.0/AdvancedDev/Whatsinthismanual#A...

by Builder in

Is there any way via REST to get JSON raw data from Splunk for a given query?

Is there any way how I can get JSON raw data from Splunk for a given query? Consider the following timechart query...

by Explorer in

Steps to setup splunk forwarder for splunk in the cloud

Can you please provide the steps to configure splunk forwarder to talk to a splunk web instance in the cloud?

by Explorer in

How can I eliminate logs before indexing?

Hi, Someone can help me in filtering logs from Checkpoint before they are indexing? I tried following that link...

by Communicator in

Docker Splunk logging driver per line 4K byte limit.

We are using splunk logging driver to send docker container logs and some containers are sending log messages >4K byt...

by Path Finder in

What is the easiest way to get data from a Kiwi Syslog server into Splunk?

We have two Kiwi Syslog servers and we would like to migrate the existing data flow from the Kiwi Syslog servers over...

by Explorer in

Fishbucket and history indexes enabled but empty

I have just taken over a Splunk system and I noticed the fishbucket and history indexes are empty even though they ar...

by New Member in

Splunk GET to fatch data from some website with login

Hi Everyone, I have an online reporting tool, which can generate the report and download it my system as excel. I ...

by Communicator in

How to find monitored csv files with more than a 100k rows?

Is there a log or a command output that I can use to determine the number of rows each CSV file that is being monitor...

by Builder in

Wrap a webhook for use with HTTP Event Collector

I have an external system that generates a Webhook that can be posted to a URL of my choosing. I would like to log th...

by Path Finder in

Sudden excessive WinEventLog:Security events involving splunkd.exe

Splunk Universal Forwarder is v6.4.x Splunk Server is v6.5.x In C:\Program Files\SplunkUniversalForwarder\etc\apps...

by Path Finder in

How to route an index based on a search-time extracted field?

I wish to use a search-time extracted field as the basis for routing to a specific index. In my props.conf file I ...

by Engager in

How to add the destination port value for a firewall events in splunk ?

Hi All, Today one of the user notified that for some of the events the events the destination port field value was...

by Motivator in

Can you monitor a keyword on logs in real time or do I have to manually start it?

My question is about monitoring a keyword on logs. Is the monitoring started when I search a keyword, or is it mon...

by Engager in

Timing multiple event actions in IIS logs

Hi, This is a bit of a long one so sorry in advance. I am attempting to time some events which are happening ...

by Path Finder in

How to set different host values on one udp port

Hi I want to set different host value on udp 514 . Events host values equals their IPs, so I want to change it to hos...

by Engager in

Why is the frozen data not deleted automatically?

I have these settings for my index maxTotalDataSizeMB = 100000 coldPath = C:/colddb homePath = C:/db coldToFrozenD...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why is the Windows universal forwarder not showing in forwarder management?

Remove { } from json file before indexing

Forward data to third party and self-service Splunk Cloud

How to add IIS logs and Apache logs to common information model for web ?

Convert time to the specific City Timezone

I want to set a different "time zone" from the "time zone" in the log.

inputs.conf configuration for key value pair

Can we use REST API instead of Universal Forwarder to send logs to indexer, if so, How can we do that?

How to configure EXPORT Excel (add on) if AdvanceXML is Deprecated ?

Is there any way via REST to get JSON raw data from Splunk for a given query?

Steps to setup splunk forwarder for splunk in the cloud

How can I eliminate logs before indexing?

Docker Splunk logging driver per line 4K byte limit.

What is the easiest way to get data from a Kiwi Syslog server into Splunk?

Fishbucket and history indexes enabled but empty

Splunk GET to fatch data from some website with login

How to find monitored csv files with more than a 100k rows?

Wrap a webhook for use with HTTP Event Collector

Sudden excessive WinEventLog:Security events involving splunkd.exe

How to route an index based on a search-time extracted field?

How to add the destination port value for a firewall events in splunk ?

Can you monitor a keyword on logs in real time or do I have to manually start it?

Timing multiple event actions in IIS logs

How to set different host values on one udp port

Why is the frozen data not deleted automatically?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions