Getting Data In

Thread Info

How to index full json data and automatically extract fields without using field extraction

Here's the format of the data i have been working on. i've tried using INDEXED_EXTRACTIONS=JSON in props but the even...

by New Member in

What's the best method to update/replace indexer cluster members?

We will be getting another batch of indexers in shortly, and each will have substantially more drive space than the o...

by Influencer in

How do I exclude service accounts that match the computer name in search results?

I have not been successful in building a search query that excludes results of a service account that matches the com...

by Explorer in

How to get complete event information in to the command field ?

HI All, For past one week, I am trying to get an answer for my problem, but haven't got a good fix for the issue stil...

by Motivator in

Universal forwarder is listening to the wrong port for the splunkd process

We are rolling out the UF to our windows servers, no apps yet, just the UF. The deploymentclient.conf only has the de...

by Path Finder in

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

I am in a sandbox playing with indexer cluster server management. My end goal is to play with and set up indexer disc...

by Builder in

forward-server listed as inactive

Hi guys, i have been working on the creation of a deployment server with universal forwarders, and the outputs.conf ...

by New Member in

inputs.conf monitor stanza for a remote Windows server

Hello, In the inputs.conf of a deployment app, i need to monitor multiple files on numerous remote servers. What...

by New Member in

What is the difference between index and indexer?

What is the difference between INDEX and INDEXER in SPLUNK

by New Member in

Changing Time Format

Hi, I have a search that displays the "UserID Expiration Date" field as "12/6/2019 21:01" I would like to conve...

by Path Finder in

License Usage by sourcetype in 6.6

I just upgraded from 6.5.6 to 6.6.5, and some searches I was doing in my personal dashboard stopped working. Throu...

by Explorer in

Does an indexer write its queues to disk when we shut it down?

I wonder whether the contents of the Indexing queue is being written to disk when we shut down the indexer? Also, wha...

by Ultra Champion in

Splunk monitoring Android

Hi, splunkers! I wanna monitoring my phone by Splunk? What can u advice? How can I realize it?

by Builder in

metrics - individual events

Hi Splunkers, We are evaluating moving to metrics events for our existing apps. In our apps, we have to display th...

by Path Finder in

Upgraded from MS Exchange 2010 to 2013 and now I no longer get any data from the eventtype=msexchange-admin-audit?

All of the other data from all previous eventtypes is coming through just fine, except the msexchnage-admin-audit. We...

by New Member in

Extract index from filename in inputs.conf

We have a splunkforwarder DaemonSet in Kubernetes, which is forwarding node logs to our splunk server. We want to ...

by Engager in

Is it possible to get Cisco eStreamer data processed by the Splunk universal forwarder?

Hi, Is it possible to get Cisco eStreamer data processed by the Splunk Universal forwarder? Is there any step-by-step...

by New Member in

What's the most efficient way to monitor JBoss log file activity?

Sometimes we see our JBoss process running but really not functional. The indication is that the log file has not upd...

by New Member in

Need help with complicated Json format

I've got complicated structure. Start of the log file: { "dataUpdatedTime" : "2017-12-28T12:07:00+02:00", "link...

by New Member in

How to send syslog data to the indexer and another TCP listener? (Part 3)

Hi All, Thank you for the assistance so far. I just want to confirm my understanding and ask a follow-up REGEX...

by Builder in

Help creating a sourcetype for this data

I've been trying to figure out a way to create a sourcetype and extract data like this. Can someone help? It appears...

by Explorer in

Log Collection and forward to SPLUNK

Hello I have a request to have a SYSLOG server and a SPLUNK server. The request is to have the logs from external ...

by Explorer in

How can I forward data received from file path monitoring to third party system?

Hi, We have a UF which forwards data to HF and HF passes it to indexers. UF forwards OS logs as well as logs from the...

by Explorer in

Splunk Alert: Forwarder Offline is sending an alert every hour

Splunk Alert: Forwarder Offline is sending an alert every hour however the SplunkForwarder is not offline. Please hel...

by New Member in

how to configure multiple indexing queues in indexes.conf? What is the impact if we configure two indexing queues and then reduce to one?

We have a requirement which our architects think needs to have multiple indexing queue. can anyone provide a referen...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to index full json data and automatically extract fields without using field extraction

What's the best method to update/replace indexer cluster members?

How do I exclude service accounts that match the computer name in search results?

How to get complete event information in to the command field ?

Universal forwarder is listening to the wrong port for the splunkd process

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

forward-server listed as inactive

inputs.conf monitor stanza for a remote Windows server

What is the difference between index and indexer?

Changing Time Format

License Usage by sourcetype in 6.6

Does an indexer write its queues to disk when we shut it down?

Splunk monitoring Android

metrics - individual events

Upgraded from MS Exchange 2010 to 2013 and now I no longer get any data from the eventtype=msexchange-admin-audit?

Extract index from filename in inputs.conf

Is it possible to get Cisco eStreamer data processed by the Splunk universal forwarder?

What's the most efficient way to monitor JBoss log file activity?

Need help with complicated Json format

How to send syslog data to the indexer and another TCP listener? (Part 3)

Help creating a sourcetype for this data

Log Collection and forward to SPLUNK

How can I forward data received from file path monitoring to third party system?

Splunk Alert: Forwarder Offline is sending an alert every hour

how to configure multiple indexing queues in indexes.conf? What is the impact if we configure two indexing queues and then reduce to one?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions