Getting Data In

Thread Info

Impossible to use WMI

hi in wmi.conf i have the code below but when i done index="windows-wmi" sourcetype="WMI:Reliability" nothing is d...

by Motivator in

Break event and extract fields from script input

Hi All, Am getting custom scripted input from one of our app server, but wanted to know understand how to break th...

by Path Finder in

How to store the urldecode data indexing using heavy forwarder to indexer?

I want to store the urlencoded data on the server, install the heavy forwarder on the server, urldecoding the data (e...

by Path Finder in

Understanding and debugging TCP input, is there is a way to understand/view the raw data routed to Splunk?

Hi all I have a tcp stream from logstash to a universal forwarder, the forwarder is already used to forward other inp...

by Path Finder in

scheduler.log is not rolling in Splunk enterprise

Hi Team , we are not seeing scheduler.log in splunk . we have tried the below option but no luck default-m...

by Path Finder in

High volume log rotation

Given this monitor stanza [monitor://blah/var/log/blah.log] What is the expected behavior during log rotation i...

by Explorer in

Will stanzas inherit index from [default] in inputs.conf?

In the inputs.conf, I have the [default] stanza with the index and host like below. [default] index = prod_dc hos...

by Explorer in

folder monitoring

I have a folder with several files on desktop. (xml) files have same names but different numbering for ex: File1, Fil...

by Path Finder in

Why am I unable to find the source or sourcetype when using a powershell script in Splunk?

Hi I want to use a powershell script in Splunk I put the script in BIN folder, I have created an input in data ent...

by Motivator in

why folder monitoring is not working?

Hello, I have a folder with several files on desktop. (xml) files have same names but different numbering for ex:...

by Path Finder in

Pivot FILTER exclude quotation mark character

Hello Team, I do have a pivot: | pivot xxxxx RootObject count(RootObject) AS "Count of admin_adminsearch_RMD578...

by Path Finder in

Using props/transforms to assign sourcetype and extract fields?

We have various 514/udp sources that all get mashed in under sourcetype "syslog". I'd like to break some of these out...

by Path Finder in

How to extract JSON object parameters that change based on search variable?

Hi, quite a beginner here with Splunk. Is there a way to simply extract all parameters in below JSON object? The para...

by New Member in

Unable to login- splunk enterprise edition.

I am not able to login to Splunk enterprise web interface. It says invalid Username and password. Tried different thi...

by Explorer in

Get version, date, and definition date from ClamAV

I need to get the today's date, av def date, and version from clamav (Linux antivirus). If you run the ./clamav.sh -V...

by Engager in

About failure of log monitoring.

In my environment, several types of logs are stored in the log server in the following form. ~ /"Log type"/"Device na...

by Builder in

Why is the TCPAppender vis splunk-library-javalogging doesn't seem to work with logback?

I intend to use the splunk logging library I tried this by adding a logback configuration as mentioned in the above ...

by New Member in

Why is splunk not ingesting my .zip files?

I've ingested csv's contained in .zip archives in the past. Something has happened in the past few days that has stop...

by Builder in

Is there a way to make forwarding/indexing decisions based on which Splunk server sent the data?

Is there a way to make forwarding/indexing decisions in Splunk config files based on the sending Splunk server regard...

by New Member in

Reset splunkforwarder to re-read file from beginning

I have a log file that I need to have the splunkforwarder re-start from the very beginning. my index.conf entry is th...

by Explorer in

Does a new sourcetype stanza need to exist in a place besides the Forwarder before ingesting?

I was under the impression I could define sourcetypes in props.conf on the forwarder, which would then send that data...

by Builder in

Bulk load metrics using JSON/HEC

Hi - is it possible to send multiple events using one REST call via HEC. The example shows sending one event, but I w...

by Engager in

monitor that proper amount of events are coming in per host

I am trying to build an app that will set a baseline per host of event count that will alert me when a hosts event co...

by Communicator in

Deployment of SSL Certificates on Splunk Universal Forwarders

Hi Splunkers! I would like to secure splunkd (port 8089) on Splunk Universal Forwarders by using a throwaway self-...

by Path Finder in

How can we log and containerize the logs using Kubernetes and Splunk?

Hi Folks; I came across this post on github https://github.com/kubernetes/kubernetes/issues/24677 and it had some ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Impossible to use WMI

Break event and extract fields from script input

How to store the urldecode data indexing using heavy forwarder to indexer?

Understanding and debugging TCP input, is there is a way to understand/view the raw data routed to Splunk?

scheduler.log is not rolling in Splunk enterprise

High volume log rotation

Will stanzas inherit index from [default] in inputs.conf?

folder monitoring

Why am I unable to find the source or sourcetype when using a powershell script in Splunk?

why folder monitoring is not working?

Pivot FILTER exclude quotation mark character

Using props/transforms to assign sourcetype and extract fields?

How to extract JSON object parameters that change based on search variable?

Unable to login- splunk enterprise edition.

Get version, date, and definition date from ClamAV

About failure of log monitoring.

Why is the TCPAppender vis splunk-library-javalogging doesn't seem to work with logback?

Why is splunk not ingesting my .zip files?

Is there a way to make forwarding/indexing decisions based on which Splunk server sent the data?

Reset splunkforwarder to re-read file from beginning

Does a new sourcetype stanza need to exist in a place besides the Forwarder before ingesting?

Bulk load metrics using JSON/HEC

monitor that proper amount of events are coming in per host

Deployment of SSL Certificates on Splunk Universal Forwarders

How can we log and containerize the logs using Kubernetes and Splunk?

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions

Index This | How do you write 23 only using the number 2?

Indexer Cluster Fixup Tasks Stuck (fsck failed: ex...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions