Getting Data In

Discussions

Thread Info

Folder monitoring and whitelist

i used web to setup the folder monitor settng -> Data inputs » Files & directories » but in the whitelist if i *.csv ...

by New Member in

How to display "(2)" next to hostname when a second host has been detected in the list?

Hello All, I have a simple search that returns a list of host and time stamps: host _time x 2018-03-23 1...

by New Member in

What's an efficient way to determine if any given host is being indexed by Splunk via API?

What's an efficient way to determine if any given host is being indexed by Splunk via API? I've read the API docs, bu...

by New Member in

HTTP event collector client AJAX error "readyState 0, status 0, statusText error"

Hello, while trying to send messages to Splunk HTTP event collector through javascript inside a web page, I sometimes...

by Communicator in

Why was the datamodel_summary folder created automatialy after I changed the Splunk_DB path?

Hi, I changed the path of index data from D drive to New drive. It was successful to change and possible to search...

by Path Finder in

How to extract data when log entries have multiple entries?

I have a log entry which has multiple entries within it. i would like to be able to extract each row and have a table...

by Engager in

cisco ASA web content filtering and access logs

Hello All, I was following a splunk document for Syslog NG where they were showing how to filter out cisco ASA logs f...

by Communicator in

Nix TA cpu.sh

CPU metrics are not coming through on my UBUNTU systems. Any idea why this is not happening? I have metrics from RHEL...

by Splunk Employee in

How to increase log retention period for one of the indexes to one year?

[my_index] coldPath = volume:primary/my_index/colddb homePath = volume:primary/my_index/db thawedPath = $SPLUNK_DB/my...

by Communicator in

How to reach an embedded scheduled search via the REST API?

Hi all, I'm trying to find out if there is a way to reach an embedded scheduled search via the rest API. The re...

by Explorer in

Why am I having a line breaking problem with syslog like data over TCP?

Hi. I'm having some issues with a datasource comming from TCP:514 (Syslog like). 239 <47>Mar 22 11:15:19 ATP-00...

by Contributor in

Failed to remove lines from log files before indexing using SEDCMD command in props.conf

We are trying to remove few lines from log files before indexing using SEDCMD command in props.conf. We are using uni...

by Path Finder in

How to create indexes in Splunk cloud using rest API?

I need to automate a new deployment at our end and for Splunk monitoring to be automated need to make a rest call to ...

by Observer in

How to join a DB search with a lookup.csv?

I have a database search that pulls back a list of ID's for me and I also have a Lookup that has the titles and the I...

by Communicator in

Splunk Add-on for Check Point OPSEC LEA - Any idea which input contains HTTPS Inspection?

We recently on boarded checkpoint logs into splunk using the opsec addon. We are looking at filtering out the https i...

by New Member in

Use curl to get ip_intel information from Splunk ES

We follow the example from this page (http://docs.splunk.com/Documentation/ES/4.7.2/API/ThreatIntelligenceAPIreferenc...

by Path Finder in

How to get licensing of indexes per indexing server?

I have two reports that I would like to combine so that for a specific group of indexers I can get the list of indexe...

by Communicator in

REST API endpoint to get saved searches results?

Say I have a saved search called My_Search which takes 3 input arguments. What is the endpoint used to execute My_Sea...

by Communicator in

How to add data into an already uploaded file?

Hi All, How can I add more data or append data to a file which I already uploaded in Splunk Enterprise 7 suppos...

by Path Finder in

How do I calculate elapsed time difference between timestamps that are from different timezones?

I have a timestamp in EST and one from any other non-EST timezone how do I calculate the elapsed time between them bo...

by Explorer in

Single Index v/s Multiple Indexes

We are moving from on-prem to cloud in splunk and as a part of this would want to know the index strategy that should...

by Explorer in

How to index .EVTX file stored in a different location on a universal forwarder?

HI All, I would like to index .evtx file stored in a different location in my universal forwarder. E:\Logs\Even...

by Contributor in

Is it possible to create a deployment package of universal forwarder with complete configuration?

Hello, Is it possible to create a package of Splunk universal forwarder with the complete configuration so that I ...

by Engager in

What is the most efficient way to sends a large number of raw csv files to splunk?

I have a network share folder with a huge number of directories and files (.csv). Files are constantly being added an...

by New Member in

Trouble with Host Extraction at Index Time

To me this should be simple, but I can't get it. When entering host info while adding data I select "regex on path" a...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Folder monitoring and whitelist

How to display "(2)" next to hostname when a second host has been detected in the list?

What's an efficient way to determine if any given host is being indexed by Splunk via API?

HTTP event collector client AJAX error "readyState 0, status 0, statusText error"

Why was the datamodel_summary folder created automatialy after I changed the Splunk_DB path?

How to extract data when log entries have multiple entries?

cisco ASA web content filtering and access logs

Nix TA cpu.sh

How to increase log retention period for one of the indexes to one year?

How to reach an embedded scheduled search via the REST API?

Why am I having a line breaking problem with syslog like data over TCP?

Failed to remove lines from log files before indexing using SEDCMD command in props.conf

How to create indexes in Splunk cloud using rest API?

How to join a DB search with a lookup.csv?

Splunk Add-on for Check Point OPSEC LEA - Any idea which input contains HTTPS Inspection?

Use curl to get ip_intel information from Splunk ES

How to get licensing of indexes per indexing server?

REST API endpoint to get saved searches results?

How to add data into an already uploaded file?

How do I calculate elapsed time difference between timestamps that are from different timezones?

Single Index v/s Multiple Indexes

How to index .EVTX file stored in a different location on a universal forwarder?

Is it possible to create a deployment package of universal forwarder with complete configuration?

What is the most efficient way to sends a large number of raw csv files to splunk?

Trouble with Host Extraction at Index Time

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions