Getting Data In

Thread Info

Changing Index for ActiveDirectory Sourcetype within Splunk_TA_windows

Hello All, I'm using the Splunk_TA_windows app from Splunk to understand windows data. I've modified the app to po...

by Builder in

How to upload log files to Splunk using REST API?

Hi , I want to upload log files using Splunk Rest APIs. Can you please share how I can do that

by Engager in

Assigning sourcetype to a source in HeavyForwarder props.conf is not working

Shouldn't this work ? Only If I assign the sourcetype in the inputs.conf of the Universal forwarder this works.. But ...

by Communicator in

Why is the timestamp showing up in the future on some sourcetypes?

Hi Team, Currently we are having issue for certain sourcetype the indexed events are with the future time stamp. The ...

by Motivator in

JSON transformations

Hi. I have a problem with transformations in Splunk: Example event(small part of it): Dec 1 22:29:42 127.0.0.1 1 2...

by Explorer in

Rename an index in 4.1.8

We've renamed an environment that was indexing to an identically named index. Currently, the renamed environment is i...

by Engager in

Can we add indexers with smaller storage?

We are about to add a couple of indexers but they have fewer TBs for storage. Is it ok? How would it work out? They s...

by Ultra Champion in

Splunk Upgrade to 7.0 TLS and SSL on Windows Server 2008R2 question

I am in the process of planning an upgrade from 6.5.2 to 7.0.1 and am looking at the Windows-specific changes listed ...

by SplunkTrust in

How to fix a timestamp issue for Symantec logs?

Hi All, Currently we are facing an problem in time stamp for a Symantec log data. Problem: When we search with the b...

by Motivator in

What is the best timestamp format to use for my custom log to be indexed by Splunk?

What is the best timestamp format to use for my custom log to be indexed by Splunk? Sensible choices are: Round...

by Motivator in

How to delete 'DONE' jobs in a Search Head Cluster

Hi guys, Is there a way to delete a DONE or running job in a Search Head Cluster? Currently some of my users co...

by Contributor in

Uninstall universal forwarder error: "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'"

I am trying to uninstall Universal Forwarder 6.1.3 and it gives me an error "Splunk Installer was unable to enable ev...

by New Member in

How to index full json data and automatically extract fields without using field extraction

Here's the format of the data i have been working on. i've tried using INDEXED_EXTRACTIONS=JSON in props but the even...

by New Member in

What's the best method to update/replace indexer cluster members?

We will be getting another batch of indexers in shortly, and each will have substantially more drive space than the o...

by Influencer in

How do I exclude service accounts that match the computer name in search results?

I have not been successful in building a search query that excludes results of a service account that matches the com...

by Explorer in

How to get complete event information in to the command field ?

HI All, For past one week, I am trying to get an answer for my problem, but haven't got a good fix for the issue stil...

by Motivator in

Universal forwarder is listening to the wrong port for the splunkd process

We are rolling out the UF to our windows servers, no apps yet, just the UF. The deploymentclient.conf only has the de...

by Path Finder in

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

I am in a sandbox playing with indexer cluster server management. My end goal is to play with and set up indexer disc...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Changing Index for ActiveDirectory Sourcetype within Splunk_TA_windows

How to upload log files to Splunk using REST API?

Assigning sourcetype to a source in HeavyForwarder props.conf is not working

Why is the timestamp showing up in the future on some sourcetypes?

JSON transformations

Rename an index in 4.1.8

Can we add indexers with smaller storage?

Splunk Upgrade to 7.0 TLS and SSL on Windows Server 2008R2 question

How to fix a timestamp issue for Symantec logs?

What is the best timestamp format to use for my custom log to be indexed by Splunk?

How to delete 'DONE' jobs in a Search Head Cluster

Uninstall universal forwarder error: "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'"

How to index full json data and automatically extract fields without using field extraction

What's the best method to update/replace indexer cluster members?

How do I exclude service accounts that match the computer name in search results?

How to get complete event information in to the command field ?

Universal forwarder is listening to the wrong port for the splunkd process

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

forward-server listed as inactive

inputs.conf monitor stanza for a remote Windows server

What is the difference between index and indexer?

Changing Time Format

License Usage by sourcetype in 6.6

Does an indexer write its queues to disk when we shut it down?

Splunk monitoring Android

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions