Getting Data In

Thread Info

syslog configuration

First Part I configure central syslog server where I planned to have all logs from all syslog devices. my syslog conf...

by Communicator in

How can I force Splunk to reread a config file every now and then in addition to when it changes?

All, I am bringing in a number of configs as sourcetype=config_file via inputs.conf and I am pretty happy with it...

by Builder in

Windows DHCP Logs

I am having trouble getting a Splunk forwarder (4.1.2) to send Windows 2008 R2 DHCP logs back to the main Splunk inde...

by Path Finder in

Can you auto remove CSV files after indexing?

Is there a configuration in Splunk where it can remove/move a CSV file after it has been indexed? so it does not show...

by Builder in

Why is the log time different than the system time?

I have been beating my head against the wall on this one for a few days now. I have tried every suggestion I can find...

by Path Finder in

What can be done when port 8089 is taken on the forwarder?

We reach a situation where port 8089 is being used by another app on a set of forwarders. Can we use another port on ...

by Ultra Champion in

How Do I Remove Device From Splunk Server Class?

Hello everyone. I am managing Windows and Mac devices via the Splunk DMC. Because of an error I made in the Splunk Se...

by Explorer in

Transform to nullQueue depends on search?

Hello, I've been spending the last month experimenting with Splunk. Lately, i've tried to reroute a specific event...

by Engager in

Need some more clarification on _meta value while using.

Hi Folks, we have ingested the logs from microsoft azure using microsoft cloud services app on HF and we added som...

by Explorer in

How to get total comma separated values in splunk?

Hi all, I am getting event like this Im trying to get total values with the comma separated but I am not g...

by Path Finder in

How can I only show rows from next 6 months based on the datestamp?

I am trying to only show records that have "md_createdAt" fields that occur in the next 6 months, looking forward fro...

by Path Finder in

Updated : JSON event break for multiple source type and single event in multiple lines.

Hi, I am uploading json file having 2 different source type and single event is split multiple lines. I am very...

by Builder in

Configuring Splunk for Multiple Indexer Partitions

I am not sure how to configure the indexes.conf AND the splunk-launch.conf. I understand multiple volumes in indexes....

by Path Finder in

Why is our dispatch directory getting full with strange CSV files?

Hi, Our dispatch directory is getting full with some newly created srfiletmp_420128713.csv like files. These files...

by Path Finder in

Universal forward installed on windows server but can't get the logs for that server.

Hi Everyone, I am testing universal forwarding in our testing environment and also installed universal forwarder i...

by Explorer in

Splunk DSYM upload script in build phase is returning 400

Splunk DSYM upload script in build phase is returning 400 while contacting the server, and failing the builds. I t...

by Explorer in

syslog indexing

However at this point I am getting logs from syslog data source and they are saved at /central/$hostname$/gateway.log...

by Communicator in

How to forward Windows event log "application" to 2 different indexes?

Our Splunk 6.1.5 environment is on Linux. We have universal forwarders installed on our windows machines. They are al...

by Explorer in

IndexedExtractionsConfig ERROR causes splunkd to crash with an input script that generates json data stream

Hi, I am currently working in improving the Nmon App and notably the way splunk generates and indexes the perf mon...

by Influencer in

setup heavy forwarder and making it a deployment client

hello, we are trying to setup HF with multi NIC feature and we wanted to know the steps as we also need to make the H...

by Communicator in

Unable to login for the second time (Windows local machine)

I have problems logging in to Splunk enterprise free version after the first login. I have tried the 'admin' and 'cha...

by Engager in

splunk handling csv file with each line have different format

dears, I have CSV file consist for example of multiple numbers of line each line has different header and length d...

by Explorer in

Can the heavy-forwarder send to multiple receivers?

The 6.2.0 heavy-forwarder is configured to send everything to the indexer xyz. Now I want it to send specific events ...

by Explorer in

splunk cloud, universal forwarder no data in

I have setup splunk cloud yesterday and installed a universal forwarder on both linux (centos) and windows (windows s...

by New Member in

Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes

My team has a number of index-time sedcmd-based password masking rules for words in known positions of passwords. Thi...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

syslog configuration

How can I force Splunk to reread a config file every now and then in addition to when it changes?

Windows DHCP Logs

Can you auto remove CSV files after indexing?

Why is the log time different than the system time?

What can be done when port 8089 is taken on the forwarder?

How Do I Remove Device From Splunk Server Class?

Transform to nullQueue depends on search?

Need some more clarification on _meta value while using.

How to get total comma separated values in splunk?

How can I only show rows from next 6 months based on the datestamp?

Updated : JSON event break for multiple source type and single event in multiple lines.

Configuring Splunk for Multiple Indexer Partitions

Why is our dispatch directory getting full with strange CSV files?

Universal forward installed on windows server but can't get the logs for that server.

Splunk DSYM upload script in build phase is returning 400

syslog indexing

How to forward Windows event log "application" to 2 different indexes?

IndexedExtractionsConfig ERROR causes splunkd to crash with an input script that generates json data stream

setup heavy forwarder and making it a deployment client

Unable to login for the second time (Windows local machine)

splunk handling csv file with each line have different format

Can the heavy-forwarder send to multiple receivers?

splunk cloud, universal forwarder no data in

Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions