Getting Data In

Thread Info

Using Splunk to help define required Cisco ASA rules

Hello folks, Is Splunk able to help me generate rules to put on an ASA? We're running an ASA in transparent mod...

by New Member in

Securing Communications between Deployment Server to Forwarder (upgraded from 6.5.3 to 6.6.x (Deprecated SSL Stanzas) Windows 2012, Windows 2008R2

I have recently upgraded from 6.5.x to 6.6.x and I am now encountering openSSL communication errors between my Deploy...

by Splunk Employee in

Has anyone successfully parsed Exim logs into Splunk?

I'm trying to get Exim logs parsed into Splunk to log inbound/outbound mail. I'm very new using RegEx and have been f...

by Path Finder in

Data is not getting indexed through Universal Forwarder

Hello All, We are forwarding data to indexer from Universal forwarder for couple of months perfectly. Recently we are...

by Explorer in

How to extract two different fields on same timestamp based on the type of log statement?

Hi there, I have the following two different sample logger statements, the first statement written at the beginning o...

by New Member in

Why are separate events combined as a single event from the 1st to the 9th of every month, but are parsed correctly as individual events starting on the 10th?

From the 1st until the 9th 23:59:59 of every month, individual events are being combined into one event. As soon as t...

by New Member in

Summing epoch values within a JSON field

I have ingested a JSON file which shows me how long spent on an app on my phone and looks like (below) The fields hav...

by Builder in

how to onboard data from tableau to splunk?

I am looking to onboard data from Tableau into Splunk. has anyone performed this activity?

by New Member in

How does Splunk collect data?

Hello, How Splunk collect DATA??? : Does splunk copy data from machines....or it collect them and after delete da...

by Explorer in

unable to search index="_internal" for heavy forwarder instance from search head console but splunkd.log is functional

Hi All, Suddenly I am unable to search the index="_internal" for all heavy forwarder instance from search head consol...

by Motivator in

Source vs Sourcetype: What's the difference?

Source - The source of an event is the name of the file, stream, or other input from which the event originates 1) Wh...

by Builder in

401 Disables POST, goes with GET for POST /splunkd/__raw/services/jobs

We are using splunk 6.3.6 I try to perform POST through /splunkd/__raw/services/search/jobs curl -kvsL -X POST --...

by New Member in

Parsing logs from UDP input

I installed addon for my product but the problem is that the addon is intended to collect data from the file, and not...

by Builder in

How does Splunk rotate indexed data (colddb, etc)?

Hi, I have an index called app1 with the following configuration. [app1] coldPath = $SPLUNK_DB/app1/colddb home...

by Path Finder in

What is a summary index and how can one check whether the summary index gets the data of a particular sourcetype?

My main question is I am trying to check whether the current summary indexes in our environment were getting the data...

by Builder in

Can I remove a tag from already indexed data?

Is it possible to remove a tag from indexed data? Fox example if I have an app named 'TA-App' and it had a tag for #d...

by Path Finder in

How do I install a universal forwarder on an IBM Logical Partition (LPAR)?

How do I load the Universal Forwarder on a IBMi LPAR?

by New Member in

AND Operator in JSON

I have a Log System which Logs in JSON Format Like these: { "API_Name": "Get ID Cards", "End Point": "/write/api/v1.1...

by New Member in

Configuration for heavy forwarder to store events locally when indexer is unavailable?

Dears, may i know how to configure splunk Heavy forwarder to store events locally in case of indexer unavailable ?

by Explorer in

Do searches run on the search head or the indexer?

I have a single Splunk instance with very high CPU workload. My investigation shows a bunch of searches are consuming...

by Explorer in

Does Splunk have an option to only index part of a JSON file?

My json file is very long but most of the information in there is redundant. I just want to get all the segments that...

by Contributor in

What are the main differences between the Universal forwarder and Heavy forwarder?

Can someone explain me in simply english the difference between there two forwards and where they are using?

by Builder in

What is best process of sending logs from Splunk to syslogng server ?

Hi, We are planning to forward Windows events logs from Splunk to RSA. https://answers.splunk.com/answers/581066/how-...

by Communicator in

I need to get Windows event details

index="wineventlog" sourcetype="wineventlog:security" | search (action=failure OR action=success) | search (EventCode...

by New Member in

CSV lookup, search unstructured index, find matches and return the statistics

I posted a comment on https://answers.splunk.com/answers/468612/how-to-search-a-lookup-table-and-return-the-matchi.ht...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Using Splunk to help define required Cisco ASA rules

Securing Communications between Deployment Server to Forwarder (upgraded from 6.5.3 to 6.6.x (Deprecated SSL Stanzas) Windows 2012, Windows 2008R2

Has anyone successfully parsed Exim logs into Splunk?

Data is not getting indexed through Universal Forwarder

How to extract two different fields on same timestamp based on the type of log statement?

Why are separate events combined as a single event from the 1st to the 9th of every month, but are parsed correctly as individual events starting on the 10th?

Summing epoch values within a JSON field

how to onboard data from tableau to splunk?

How does Splunk collect data?

unable to search index="_internal" for heavy forwarder instance from search head console but splunkd.log is functional

Source vs Sourcetype: What's the difference?

401 Disables POST, goes with GET for POST /splunkd/__raw/services/jobs

Parsing logs from UDP input

How does Splunk rotate indexed data (colddb, etc)?

What is a summary index and how can one check whether the summary index gets the data of a particular sourcetype?

Can I remove a tag from already indexed data?

How do I install a universal forwarder on an IBM Logical Partition (LPAR)?

AND Operator in JSON

Configuration for heavy forwarder to store events locally when indexer is unavailable?

Do searches run on the search head or the indexer?

Does Splunk have an option to only index part of a JSON file?

What are the main differences between the Universal forwarder and Heavy forwarder?

What is best process of sending logs from Splunk to syslogng server ?

I need to get Windows event details

CSV lookup, search unstructured index, find matches and return the statistics

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions