Getting Data In

Thread Info

Data getting indexed twice in every field of splunk cluster environment

Hi All,I have a splunk cluster environment where, while pulling data from a source, itgets indexed twice, not as a se...

by Path Finder in

How to prevent the default logs from being forwarded (Windows UF)

Hello, Whenever I forward something, these logs always get forwarded despite I blacklisted it in the inputs .co...

by Explorer in

How to modify sourcetype and host based off of the new sourcetype

Hello, I'm attempting to change the sourcetype and host on a single event. The tricky part is I want the second tr...

by Explorer in

Universal Forwarder - Repeating message TcpOutputProc - Found currently active indexer...

I am getting the following messages on my forwarder running on Windows 10: 04-06-2020 18:05:52.171 -0700 INFO TcpO...

by Path Finder in

Separate business hours intervals from off-business-hours

I am new to splunk. How do we write a splunk query for a support ticket that is "In Progress" status to calculate the...

by Explorer in

How to optimize the ingestion of data from Splunk Universal Forwarder to Splunk Indexer

I have a splunk universal forwarder, which is indexing a 1 GB log file to a Splunk Indexer. The problem I am facing i...

by Explorer in

HOw to import ODL files

Is Oracle Diagnostic Logging ( ODL) format supported in any way by Splunk ?On the forum I have found only one topic r...

by Path Finder in

line breaker event breaker

當我在SH設置好props.conf後去看我的uf端並重啟就會出現以下錯誤: Checking conf files for problems...Invalid key in stanza [web:access] in /op...

by Explorer in

how to identify sourcetype forbetter parsing

I need help in understanding that what sourcetype would be ideal to parse logs of this File type

by Path Finder in

Splunk - Rest API - Curl - Failing with Unbalanced Quotes

Hi, I'm trying to write data to outputlookup file by doing a REST API Call (by running a search query). The b...

by Explorer in

Cant ingest .gz syslog files - was already indexed as a non-archive, skipping

I have .gz syslog files but I am unable to fetch all filesFor each host(abc) it has 23 .tgz files with extension l...

by Communicator in

Error proofpoint TAP : When trying to retrieve the last poll time, multiple kvstore records were found

We have installed "Proofpoint TAP Modular Input" add-on on victoria search head and created input (api call) to fetch...

by New Member in

What could prevent the monitoring of papercut logs?

I'm collecting all other logs ie. wineventlogs, splunkd logsthe inputs.conf is accuratethe splunk user has full acces...

by Engager in

Duplicated values on count

When I do an stats count my field it return the double of the real number index=raw_fe5_autsust Aplicacao=HUB ...

by New Member in

Spike in log ingestion only on weekends

Hello, Can anyone assist in determining why my splunk instance ingest large amounts of data ONLY on the weekends? ...

by New Member in

How to consolidate Thousand Eyes into Splunk to centralize alerts on the dashboard?

Hi Team,Hi Splunk Team, could you guide me through the process on how to consolidate Thousand Eyes into Splunk to cen...

by Loves-to-Learn Everything in

Splunk Not ingesting

Referring to the below inputs.conf for one of my windows server , as you can see, there is some whitespace at the en...

by Explorer in

Whitelisting/Allow list for IP for HEC ingestion

I tried to whitelist an ip address for HEC log ingestion and got the error message "Subnet overlaps Private IP bloc...

by New Member in

send log to bucket s3

hello all, I would need the logs to be sent to my S3 bucket smartstorage after 1 month from my security index, but ...

by Explorer in

How to Traverse Nested JSON Structures in Splunk for Process Event Analysis

This is my JSON data. How should I write a query syntax to directly traverse to the last parentProcess, and then prov...

by Engager in

Question about inputs.conf [monitor:///...]

Hi there. A simple question, it's not for a real usage, just a curiosity  Does UF block inputs for system pa...

by Builder in

Azure Devops Git activity logs in Splunk

Has anyone tried this integration, I am facing issues while integrating this using this app https://splunkbase.splunk...

by Explorer in

Manually adding static file into paloalto index with Splunk_TA_paloalto

We had a problem with our syslog server and a bunch of data went missing in the ingest. The problem was actually caus...

by Path Finder in

TrackMe - Remote Deployment Account - SplunkCloud

Dear Splunk Community, I am here seeking your thoughts and suggestions on the error I am facing with TrackMe ...

by Engager in

splunk universal forwarder error installation on Windowa via PowerShell

Getting this error via Power Shell for the Splunk Universall installation Error below The term 'C:\Program...

by Loves-to-Learn Lots in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Data getting indexed twice in every field of splunk cluster environment

How to prevent the default logs from being forwarded (Windows UF)

How to modify sourcetype and host based off of the new sourcetype

Universal Forwarder - Repeating message TcpOutputProc - Found currently active indexer...

Separate business hours intervals from off-business-hours

How to optimize the ingestion of data from Splunk Universal Forwarder to Splunk Indexer

HOw to import ODL files

line breaker event breaker

how to identify sourcetype forbetter parsing

Splunk - Rest API - Curl - Failing with Unbalanced Quotes

Cant ingest .gz syslog files - was already indexed as a non-archive, skipping

Error proofpoint TAP : When trying to retrieve the last poll time, multiple kvstore records were found

What could prevent the monitoring of papercut logs?

Duplicated values on count

Spike in log ingestion only on weekends

How to consolidate Thousand Eyes into Splunk to centralize alerts on the dashboard?

Splunk Not ingesting

Whitelisting/Allow list for IP for HEC ingestion

send log to bucket s3

How to Traverse Nested JSON Structures in Splunk for Process Event Analysis

Question about inputs.conf [monitor:///...]

Azure Devops Git activity logs in Splunk

Manually adding static file into paloalto index with Splunk_TA_paloalto

TrackMe - Remote Deployment Account - SplunkCloud

splunk universal forwarder error installation on Windowa via PowerShell

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions