Getting Data In

Discussions

Thread Info

How to send Windows events to indexer and also to third-party server (single line events) using Splunk Heavy Fowarder?

I am trying to send the data from Heavy Forwarder to INDEXERs and THIRD PARTY system (non splunk) but 3rd party syste...

by Loves-to-Learn in

Universal Forwarder Using High CPU?

I recently installed a Universal Forwarder on an HA Windows server the other day and the guy who owns the server was ...

by SplunkTrust in

Can we change index in the indexer?

Our heavy forwarder is forwarding logs to the Indexer. All the logs are going to the main Index. In the indexer level...

by Engager in

splunk universal forwarder batch input forwarding but not deleting

Hi, we have an indexer cluster, to which we index many many small files. we have about a few hundreds thousand files....

by Explorer in

What are my options for automatically ingesting data into Splunk?

I'm trying to determine the architecture options for automatically ingesting data into Splunk, i.e I place data in a ...

by Builder in

How to route a subset of data to a local splunk indexer and all the data to a 3rd party system?

Scenario I am trying to send all Windows Forwarded events to the 3rd party appliance, and send only forwarded even...

by New Member in

Filtering with the week number

Hello, I have a question: can we do a filtering with the week number In my dashboard I have filtering on the period (...

by Explorer in

Is there a way to figure out the host and the sourcetype for the log going to null queue

We are using regex rule to send specific logs to nullQueue. We use universal forwarders to send the logs to the index...

by Communicator in

Java API query syntax failure

I''m using Splunk 6.6.3, Java API 1.6.4.0, Java 1.8.0_45, IntelliJ IDE. I'm making part of a simple application t...

by Explorer in

What are the steps to install a universal forwarder on Tru64 UNIX V5.1B server?

Hi All, I am trying to install the universal forwarder on a Tru64 UNIX V5.1B alpha system. Please help me with the...

by Path Finder in

Rest commands with search time reference

Hi Splunkers, I need to search alerts triggered for my app in the given time range. The time range is selected fro...

by Explorer in

CPU usage high on forwarder indows citrix

We see the processes of splunk does have average 12% usage per orocess on citrix

by Explorer in

REST endpoint for datasets?

I'm trying to get the REST endpoint for datasets of a data model. I can find the endpoint for the data model, but I'm...

by Communicator in

Filtering on multiple times

I have a search with two indexes. The first index needs to be run on all time, but I have a field within that index ...

by Contributor in

Delete PII from Splunk

We're using Splunk for logging from multiple applications. Some of these applications deal with PII data. If one o...

by Explorer in

How to parse a big JSON file?

Hi Everyone, I am trying to parse a big json file. When i use the below .... | spath input=event | table event ...

by New Member in

Why am I getting error "App folder name cannot contain spaces or special characters." trying to add an application in Splunk on Windows?

I am running Splunk on Windows and when I go to add an application, I am getting an error re: the folder name as the ...

by Influencer in

Reindex old data from zip files

I am trying to recover log data that has aged out of the Splunk index. I have access to the original log files, they ...

by New Member in

Display parts of an event as JSON

What I want to do is display the content of the message.model. However when I attempt to do this with things as M...

by Engager in

How do I convert 'LastPhoneHome' value to time format?

I am building a DB to manage newly installed UF devices as well as the de-installed UF devices. I was wondering I was...

by Path Finder in

csv file indexing not keep the data order

Hello Context : I have a sqlplus session on server, it generates 6 csv files in append mode every minutes. Each fi...

by Explorer in

INFO DatabaseDirectoryManager - Getting size on disk: Unable to get size on disk for bucket

Dear Splunk Professionals, We are having an On-Premise Splunk 6.2.0 (build 237341)setup with two servers. One bein...

by Communicator in

Why is the REST API not able to edit attributes in a saved search?

Hi All I am having a weird issue where I am trying to update certain attributes for a saved search - it does updat...

by Contributor in

What's the purpose of the forwarder's license?

Not clear about it - what's the purpose of the forwarder's license? We have a fairly large Splunk implementation, and...

by Ultra Champion in

How to have control over the hourly fishbucket snapshots in order to reduce the CPU and I/O impact?

Hi, A couple days ago I posted a question regarding hourly CPU spikes on Universal Forwarder. It was found that th...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to send Windows events to indexer and also to third-party server (single line events) using Splunk Heavy Fowarder?

Universal Forwarder Using High CPU?

Can we change index in the indexer?

splunk universal forwarder batch input forwarding but not deleting

What are my options for automatically ingesting data into Splunk?

How to route a subset of data to a local splunk indexer and all the data to a 3rd party system?

Filtering with the week number

Is there a way to figure out the host and the sourcetype for the log going to null queue

Java API query syntax failure

What are the steps to install a universal forwarder on Tru64 UNIX V5.1B server?

Rest commands with search time reference

CPU usage high on forwarder indows citrix

REST endpoint for datasets?

Filtering on multiple times

Delete PII from Splunk

How to parse a big JSON file?

Why am I getting error "App folder name cannot contain spaces or special characters." trying to add an application in Splunk on Windows?

Reindex old data from zip files

Display parts of an event as JSON

How do I convert 'LastPhoneHome' value to time format?

csv file indexing not keep the data order

INFO DatabaseDirectoryManager - Getting size on disk: Unable to get size on disk for bucket

Why is the REST API not able to edit attributes in a saved search?

What's the purpose of the forwarder's license?

How to have control over the hourly fishbucket snapshots in order to reduce the CPU and I/O impact?

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions