Getting Data In

Thread Info

Is there a way to force a single deployment client to check in with the deployment server on demand?

Is there a way to force a deployment client to check in with deployment server on demand? During tests I normally...

by Builder in

Indexing data with a batch input, why are the sources and data still in the Splunk index after the file is deleted?

Hey Splunk Community, I am having some confusion about the [batch] input. I have read the documentation and though...

by New Member in

Will be there any log data loss when switching indexers?

Please consider that we have a ten lines of events in a web server and We are collecting logs using universal forward...

by Path Finder in

Know what SourceTypes are being consulted by Users

Hello Community, I am the administrator for a medium Splunk infrastructure my manager came this morning and asked....

by New Member in

How many monitor stanza and how many index in inputs.conf file ?

Hi ! I have three types of logs from three different applications. I have loaded these logs on the Unversal Forwarder...

by New Member in

Best Practice of Deploying Splunk on Large Infrastructure

Hi All, Good Day, currently our Splunk Infrastructure is built with 3 Heavy Forwarders, 6 Non-clustered Indexers, ...

by Communicator in

How to assign _time value to another field which is already exist in the data with value?

I used below setting in props foe below sample data. But didn't help. Is that possible and how? 1.SEDCMD-Validated...

by Path Finder in

How can I parse a large JSON block with nested structures and get unique events from it?

Need to be able to pull/group and dedup a number of nested JSON events where each record has a single account identif...

by Path Finder in

Why do I have a different result in a saved search from CSV files and a different saved search history?

Hi guys, We have a saved search that takes its sources from 5 csv files. On a run, it returns back 10k of events. ...

by New Member in

Why are the logs that are being forwarded to the indexer, cannot be seen on the search head?

I can see the logs on the indexer but they aren't searchable on search head. I've already checked for - The ind...

by Path Finder in

Can we create a symbolic link for only search peer bundles in indexers?

Suppose splunk is installed in the path called SPLUNK_HOME/etc/.... and the search peers bundles are located the SPLU...

by Explorer in

How can I route os data from one set of indexers to another set of indexers?

Hi, We need to route os data from one set of indexers to another set of indexers,but while using the below setting...

by Engager in

indexes.conf location

Hi. I need to add some limits to retention in my indexes.conf file on several indexers. The documentation suggests...

by Path Finder in

How would I change the index of a sourcetype?

For example using WinEventLog: Security In props.conf [WinEventLog:Security] TRANSFORMS-routing=forexamplename ...

by New Member in

Indexing log files already (although not correctly) indexed

I am at first experience of indexing log files. Therefore I am conscious of not having a full control of what i am do...

by New Member in

How to onboard Secure Edge Data in splunk?

I want to onboard a Secure Edge device data to Splunk Enterprise Security. What will be the correct Solution to have ...

by New Member in

How to install Splunk on Windows 2012 R2 server?

Hi All, I m new to Splunk, I would like to install Splunk enterprise on Windows 2012 R2 server via RDC Manager , I c...

by Path Finder in

How to blacklist specific accounts in Windows security log event 4663?

I've seen several posts here, but none that really have a concrete answer on this. I'm trying to blacklist certain ac...

by Explorer in

iis server on board into splunk

Hello Professionals, we set up Splunk about 6 months ago, now we would like to onboard iis server to Splunk.May I kno...

by New Member in

Powershell input for Splunk universal forwarder - Windows Server

I am just trying to create a dashboard which shows Windows System information (like Task Manager) Powershell scrip...

by Contributor in

Can you put an overlay on a mstats prediction?

I had a question from one of our engineers who are looking to leverage the metric indicies to do predictions of memor...

by Builder in

input stanza for on prem codedeploy logs

we use codedeploy to deploy to some of our on prem servers with the codedepoy agent it logs to C:\Deployments\xxxxxx-...

by Explorer in

Splunk ML Toolkit, Python, Custom Algorithm: How do I output a plot in a custom algorithm?

For ex, in the supplied CorrelationMatrix example, can I plot the correlation values? Something like a 'corrplot' in ...

by New Member in

How to rename index in data sent from another splunk instance?

We are receiving data from an external splunk instance. They have indexes A,B,C. When our indexers receive there data...

by Path Finder in

Authentication error: Client is not authenticated while trying to add search peers to the search head

I'm trying to set up a simple Splunk environment, but when running: $SPLUNK_HOME/bin/splunk add search-server http...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is there a way to force a single deployment client to check in with the deployment server on demand?

Indexing data with a batch input, why are the sources and data still in the Splunk index after the file is deleted?

Will be there any log data loss when switching indexers?

Know what SourceTypes are being consulted by Users

How many monitor stanza and how many index in inputs.conf file ?

Best Practice of Deploying Splunk on Large Infrastructure

How to assign _time value to another field which is already exist in the data with value?

How can I parse a large JSON block with nested structures and get unique events from it?

Why do I have a different result in a saved search from CSV files and a different saved search history?

Why are the logs that are being forwarded to the indexer, cannot be seen on the search head?

Can we create a symbolic link for only search peer bundles in indexers?

How can I route os data from one set of indexers to another set of indexers?

indexes.conf location

How would I change the index of a sourcetype?

Indexing log files already (although not correctly) indexed

How to onboard Secure Edge Data in splunk?

How to install Splunk on Windows 2012 R2 server?

How to blacklist specific accounts in Windows security log event 4663?

iis server on board into splunk

Powershell input for Splunk universal forwarder - Windows Server

Can you put an overlay on a mstats prediction?

input stanza for on prem codedeploy logs

Splunk ML Toolkit, Python, Custom Algorithm: How do I output a plot in a custom algorithm?

How to rename index in data sent from another splunk instance?

Authentication error: Client is not authenticated while trying to add search peers to the search head

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions