Getting Data In

Thread Info

Will stanzas inherit index from [default] in inputs.conf?

In the inputs.conf, I have the [default] stanza with the index and host like below. [default] index = prod_dc hos...

by Explorer in

folder monitoring

I have a folder with several files on desktop. (xml) files have same names but different numbering for ex: File1, Fil...

by Path Finder in

Why am I unable to find the source or sourcetype when using a powershell script in Splunk?

Hi I want to use a powershell script in Splunk I put the script in BIN folder, I have created an input in data ent...

by Motivator in

why folder monitoring is not working?

Hello, I have a folder with several files on desktop. (xml) files have same names but different numbering for ex:...

by Path Finder in

Pivot FILTER exclude quotation mark character

Hello Team, I do have a pivot: | pivot xxxxx RootObject count(RootObject) AS "Count of admin_adminsearch_RMD578...

by Path Finder in

Using props/transforms to assign sourcetype and extract fields?

We have various 514/udp sources that all get mashed in under sourcetype "syslog". I'd like to break some of these out...

by Path Finder in

How to extract JSON object parameters that change based on search variable?

Hi, quite a beginner here with Splunk. Is there a way to simply extract all parameters in below JSON object? The para...

by New Member in

Unable to login- splunk enterprise edition.

I am not able to login to Splunk enterprise web interface. It says invalid Username and password. Tried different thi...

by Explorer in

Get version, date, and definition date from ClamAV

I need to get the today's date, av def date, and version from clamav (Linux antivirus). If you run the ./clamav.sh -V...

by Engager in

About failure of log monitoring.

In my environment, several types of logs are stored in the log server in the following form. ~ /"Log type"/"Device na...

by Builder in

Why is the TCPAppender vis splunk-library-javalogging doesn't seem to work with logback?

I intend to use the splunk logging library I tried this by adding a logback configuration as mentioned in the above ...

by New Member in

Why is splunk not ingesting my .zip files?

I've ingested csv's contained in .zip archives in the past. Something has happened in the past few days that has stop...

by Builder in

Is there a way to make forwarding/indexing decisions based on which Splunk server sent the data?

Is there a way to make forwarding/indexing decisions in Splunk config files based on the sending Splunk server regard...

by New Member in

Reset splunkforwarder to re-read file from beginning

I have a log file that I need to have the splunkforwarder re-start from the very beginning. my index.conf entry is th...

by Explorer in

Does a new sourcetype stanza need to exist in a place besides the Forwarder before ingesting?

I was under the impression I could define sourcetypes in props.conf on the forwarder, which would then send that data...

by Builder in

Bulk load metrics using JSON/HEC

Hi - is it possible to send multiple events using one REST call via HEC. The example shows sending one event, but I w...

by Engager in

monitor that proper amount of events are coming in per host

I am trying to build an app that will set a baseline per host of event count that will alert me when a hosts event co...

by Communicator in

Deployment of SSL Certificates on Splunk Universal Forwarders

Hi Splunkers! I would like to secure splunkd (port 8089) on Splunk Universal Forwarders by using a throwaway self-...

by Path Finder in

How can we log and containerize the logs using Kubernetes and Splunk?

Hi Folks; I came across this post on github https://github.com/kubernetes/kubernetes/issues/24677 and it had some ...

by Builder in

Help with syslog tranforms/props

Hi, I've inherited a splunk environment where the syslog needs a fair amount of clean-up. The incoming syslog mess...

by Champion in

Help with setting index and sourcetype via transforms.conf

Hi, I want to override the "unknown" index that some of my syslog messages are coming in as, using props and trans...

by Champion in

Find source types from UF to HF...

Hi all...one of my Heavy Forwarders is relaying much data, we are using it for an intermediate forwarding tier to Spl...

by Explorer in

Monitoring deploymentclient.conf in etc\system

Is it possible to monitor the folder in etc/system which consists the deployment client ip thru windows app/add-on. ...

by Path Finder in

Why Monitoring a Directory is not working?

Hello, I have a folder with several files on desktop. (xml) files have same names but different numbering for ex:...

by Path Finder in

How to integrate Splunk with servicenow without duplicate table records?

Hi all, I have integrated splunk with servicenow to get all tables from servicenow. Recently I observed that whenever...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Will stanzas inherit index from [default] in inputs.conf?

folder monitoring

Why am I unable to find the source or sourcetype when using a powershell script in Splunk?

why folder monitoring is not working?

Pivot FILTER exclude quotation mark character

Using props/transforms to assign sourcetype and extract fields?

How to extract JSON object parameters that change based on search variable?

Unable to login- splunk enterprise edition.

Get version, date, and definition date from ClamAV

About failure of log monitoring.

Why is the TCPAppender vis splunk-library-javalogging doesn't seem to work with logback?

Why is splunk not ingesting my .zip files?

Is there a way to make forwarding/indexing decisions based on which Splunk server sent the data?

Reset splunkforwarder to re-read file from beginning

Does a new sourcetype stanza need to exist in a place besides the Forwarder before ingesting?

Bulk load metrics using JSON/HEC

monitor that proper amount of events are coming in per host

Deployment of SSL Certificates on Splunk Universal Forwarders

How can we log and containerize the logs using Kubernetes and Splunk?

Help with syslog tranforms/props

Help with setting index and sourcetype via transforms.conf

Find source types from UF to HF...

Monitoring deploymentclient.conf in etc\system

Why Monitoring a Directory is not working?

How to integrate Splunk with servicenow without duplicate table records?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!