Getting Data In

Thread Info

Universal Forwarder resending event log data

If the IP address for a host changes or if it gets a new GUID, would the forwarder resend the entire Windows event lo...

by Path Finder in

Not getting data from Heavy Forwarder

Hello, Recently we have deployed the Splunk Enterprise. Our moto is to monitor Wi-Fi usage, our Wi-Fi devices sending...

by New Member in

Duplicate entries in index with JSON and missing values

When I index JSON files I get duplicate entries in the Splunk index and some values are not indexed at. Example of...

by New Member in

Under Web Analytics what does Top ClientIPs="-" mean?

by New Member in

Cisco eStreamer - Some IPS events have incorrect SID

Versions Splunk Enterprise v7.0.0 Cisco eStreamer eNcore v3.0.0 Problem I currently have an issue where eStr...

by Explorer in

Json event breaking no longer working since forwarding method changed from using a universal forwarder to AWS Firehose

Hello! I have some json data being generated by a client-side tool: { "name": "open_sockets", "hostIden...

by Path Finder in

Where is the data for my monitor file var/log/zimbra.log file?

I set up a monitor zimbra.log file, but I find it is missing the data pushed to the Splunk server compared to the act...

by Path Finder in

weblogic and line breaking

i am trying to read the weblogic DefaultAuditRecorder.log which looks like this (and doesn't seem to be covered in th...

by Path Finder in

How to split one massive log file across multiple indexers?

Is it possible to ingest one huge log file (100gb uncompressed) and round robin CHUNKS of the data to multiple indexe...

by Builder in

I am not able to run splunkkd service on windows10

Please find the attached error which is getting and let me know, if anyone find the solution for this error. T...

by Engager in

Creating new soucertype using Props.conf and transform.conf

All my network data comes to default source type irrespective of type of devices. index = network sourcetype = ne...

by Explorer in

Splunk Forwarder from public server to local server on a network

Hello, I was able to set splunk forwarder from local server to local splunk server on our network. How can i set i...

by Explorer in

Could you please help me write the timestamp extraction for below events.

Hi Folks. Could you please help me write the Time_perfix and Time_format extraction for below events. 07:22:50,...

by Explorer in

Windows Physical Memory Usage

I have a Splunk forwarder installed on a Windows 2008 box. I have no issues getting back standard information, anythi...

by Explorer in

Detect gaps in Windows Universal forwarder eventstrem

Hello, We have Splunk 6 running with Universal forarders on all our Windows servers. The forwarders are used to tr...

by Observer in

Splunk windows docker image

Dear Splunk team, I am trying to pull docker windows image. I can find only the linux image in the docker store. ...

by Explorer in

The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json message ?

The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json mess...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Universal Forwarder resending event log data

Not getting data from Heavy Forwarder

Duplicate entries in index with JSON and missing values

Under Web Analytics what does Top ClientIPs="-" mean?

Cisco eStreamer - Some IPS events have incorrect SID

Json event breaking no longer working since forwarding method changed from using a universal forwarder to AWS Firehose

Where is the data for my monitor file var/log/zimbra.log file?

weblogic and line breaking

How to split one massive log file across multiple indexers?

I am not able to run splunkkd service on windows10

Creating new soucertype using Props.conf and transform.conf

Splunk Forwarder from public server to local server on a network

Could you please help me write the timestamp extraction for below events.

Windows Physical Memory Usage

Detect gaps in Windows Universal forwarder eventstrem

Splunk windows docker image

The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json message ?

universal forwarder vs. dedicated rsyslog/syslog-ng servers to forward syslog to splunk indexer

Why is the forwarder sending data to dev?

How to configure inputs.conf to send data from 1 directory to 2 different clusters with different index/sourcetype

Please provide the time_prefix and time_format for below event type.

Explanation of Checksum for seekptr didn't match, will re-read entire file

Applying timezone on basis of sourcetype and hostname

unarchive_cmd with Java on a Windows system

REST API to check persistent queue file size

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions