Getting Data In

Discussions

Thread Info

How can we access perfect json events after applying the transaction command?

With lots of help here, we adjusted the incoming data to be perfect json structures and name value pairs are extracte...

by Ultra Champion in

How can I setup a lookup table based off of sitecode?

We have 3 main site-codes in our environment and we are trying to implement a lookup table via Splunk. Here is what w...

by New Member in

Can I use props/transform to make MULTIPLE changes to the same event from a log?

All, Can I use props/transform to make MULTIPLE changes to the same event from a log? Lets say I have an app ...

by Builder in

What is the ideal way of writing log files using log4net?

is there a best practice log4net pattern template that can help SPLUNK index data more efficiently and do field extra...

by Path Finder in

How to create a list of source files for use in primary search?

My question focuses around using one search to create a list of files I don’t want to consider in the primary search....

by Path Finder in

How to CONTINOUSLY monitor logs on HTTP url

Hello, I'm trying to monitor some logs that I have on an http url, the url structure is http://subdomain.doma...

by New Member in

Help with Archiving Frozen data

Hi, We have multi site indexer clustering with 2 sites, 3 indexers in each site with RF-3 and SF-2. Each indexer ...

by Builder in

How to extract multiple fields using the Extract property in props.conf?

So I'm trying to extract multiple fields using the Extract property in props.conf The source file looks like my.pr...

by Communicator in

Why only one indexer out of the 3 overall, is receiving reasonable amount of data and the others aren't?

Hi Splunkers, I have a very mind-rattling situation here. I have a distributed environment (non-clustered) with 2 SH...

by Path Finder in

Can I access a CSV lookup with a Python script?

Hello, I have a custom search (written in Python). From my Python script I would like to use/access a CSV lookup. ...

by Observer in

How can I index all events without a specific word from a monitor stanza?

Hi all, I'm trying to index all events without a specific word from a monitor stanza. This is my input.conf: [def...

by Path Finder in

How do i extract data from my event source filename

I have multiple logfiles like TEST_SRC_FR.txt, TEST_SRC_IN.txt, TEST_SRC_AU.txt which are my source files. Now i want...

by Explorer in

Why isn't the Sysmon Technology Add-on Parsing my Sysmon Logs?

What needs to happen in order for SysmonTA to parse the Windows Sysmon Event Logs? Here is the output I get when I tr...

by New Member in

What is the process of upgrading search and index cluster?

Hi All, I need to upgrade a search and index cluster. Please advise if anything is missing and my understanding is...

by New Member in

sedcmd for part of the string in props.conf

I need to anonymize ES credentials going to syslog I need to redact only the password and leave the user name -u admi...

by New Member in

How to integrate with Venafi?

We are planning to integrate with Venafi. Any ideas how to make this integration work....

by Ultra Champion in

Can I use syslogNG

We currently use rsyslog on our Linux forwarder with a file monitor input with filtering, but we would like to use sy...

by Path Finder in

How to check regexp rules from transforms.conf ?

Hi, I'm looking for a way (through a cmdline for example) to check whether my rules inside transforms.conf are corre...

by New Member in

How do I ingest logs from a separate set of Splunk Enterprise Servers?

Hi Splunkers! I have a Splunk distributed deployment. One of my customers has a separate Splunk distributed dep...

by Path Finder in

Show/Exclude results maintenance window

I have a CSV file with some value times that I would like to exclude from my searchs/reports. That CSV file contai...

by Engager in

Why am I getting a HTTP 503 error when using threads to call oneShotSearch and maximum number of concurrent historical searches?

Hi All, I am using the Java splunk api service to make oneShotSearch calls for service data. HTTP 503 response: S...

by New Member in

What is the TZ for America Central?

It's not totally clear at List of tz database time zones Is the TZ for America Central America/Chicago? I need it...

by Ultra Champion in

Why am I getting an error when sending logs from universal forwarder to heavy forwarder?

Hello, I have some windows systems that I'm trying to send logs from via a universal forwarder, to a heavy forwarder....

by New Member in

How to configure the inputs.conf to only allow specific event IDs and only filter on a wildcard username?

Hi fellas, Testing the product out. Have 2012 DC --> UF --> Splunk test environment I've figured out how to con...

by Explorer in

How to re-index data in a different index?

I am trying to forward a csv file to a new index. However, I found that it has already been forwarded to another inde...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How can we access perfect json events after applying the transaction command?

How can I setup a lookup table based off of sitecode?

Can I use props/transform to make MULTIPLE changes to the same event from a log?

What is the ideal way of writing log files using log4net?

How to create a list of source files for use in primary search?

How to CONTINOUSLY monitor logs on HTTP url

Help with Archiving Frozen data

How to extract multiple fields using the Extract property in props.conf?

Why only one indexer out of the 3 overall, is receiving reasonable amount of data and the others aren't?

Can I access a CSV lookup with a Python script?

How can I index all events without a specific word from a monitor stanza?

How do i extract data from my event source filename

Why isn't the Sysmon Technology Add-on Parsing my Sysmon Logs?

What is the process of upgrading search and index cluster?

sedcmd for part of the string in props.conf

How to integrate with Venafi?

Can I use syslogNG

How to check regexp rules from transforms.conf ?

How do I ingest logs from a separate set of Splunk Enterprise Servers?

Show/Exclude results maintenance window

Why am I getting a HTTP 503 error when using threads to call oneShotSearch and maximum number of concurrent historical searches?

What is the TZ for America Central?

Why am I getting an error when sending logs from universal forwarder to heavy forwarder?

How to configure the inputs.conf to only allow specific event IDs and only filter on a wildcard username?

How to re-index data in a different index?

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions