Getting Data In

Thread Info

Calculate Age from 2 Timestamp fields

Hi All! I have a field in my data which represents DOB in a YYYYMMDD format. I'm trying to compare that DOB Timest...

by Explorer in

What REST API call can I use to find if a role has any read/write permissions on any Splunk objects?

Hello, I want to find if a role has any Read/Write permissions on any Splunk objects using REST API. Which REST AP...

by Path Finder in

Heavy Forwarder send events to remote syslog

I am being asked to forward events from a Heavy Forwarder, to a remote ArcSight server as raw events. Our HF's receiv...

by Contributor in

Can a Splunk forwarder send data to Apache Kafka and then to our Splunk cluster? Bonus: Are heavy forwarders deprecated?

Hi Due to architecture reasons I need to use Apache Kafka as a message broker between Splunk Forwarders and Splunk...

by Explorer in

Archive raw and/or indexed data to external syslog server

Hi all, Our Splunk server is getting data through several channels, e.g. universal forwarders, TCP input (e.g. OPS...

by Communicator in

Index override on heavy forwarder data

Hi, There is situation where we have installed DB connect on HF and then the HF sends that data to 2 sets of diffe...

by New Member in

Will universal forwarder installs only work on specific OS versions?

I was told that it didn't matter what version of the Universal forwarder I installed on my servers. Does it matter th...

by Explorer in

What are all those brackets inside indexes.conf?

Hi, Is there a documentation that explains what are [_internal], [introspection] , [_splunklogger], etc? I'm tryin...

by Path Finder in

Splunk Universal Forwarder -- installing additional roles?

I had installed the Universal Forwarder 6.5.1 a while back and set it to connect to a deployment server / Splunk inst...

by New Member in

Is it safe to delete manually frozen buckets while indexer cluster is up and running?

Is it safe to delete all frozen buckets from coldToFrozenDir manually from the indexers, while the cluster is up and ...

by Explorer in

The crash.log in the splunk forwarder has reflected Segmentation fault on starting up the process. How to resolve this configuration?

The splunk forwarder has been crash with segmentation fault when start the process in the AIX environment. It also...

by New Member in

Scripting in metrics with Splunk?

All, Still getting my head around metrics. I shameless stole this line of bash and setup metrics and it's working...

by Builder in

Why collect Syslog via universal forwarder vs sending to Splunk directly?

Hi all, I've been reading quite a bit on syslog collection via a Splunk Universal Forwarder. In particular answer ...

by Explorer in

How to set "Splunk Authentication" in Splunk Java SDK?

I got authentication like "Splunk xyz-hnhn-hsnsnhdn-etahshd" (Of course I am putting wrong password here so don't try...

by Path Finder in

How do I set the inputs.conf file for continuous monitoring of an input file for appended data?

Hi, I've uploaded a txt file containing CPU performance data to splunk, set the source type to csv and have create...

by Path Finder in

How can we adjust our firewall's timezone?

Hi All, Currently we are facing an issue with time stamp for an firewall logs. We could see the logs are coming into ...

by Motivator in

Which indexes.conf should I edit to set retirement policy?

Hi, I'm trying to delete old data due to space issue and I found this http://docs.splunk.com/Documentation/Splunk/...

by Path Finder in

Is there any way to NOT duplicate the data when adding CSV file?

Hello, Are there any way? In my dashboard the data comes from a CSV file and in order for the dashboard to update,...

by New Member in

Do we need a license for Heavy forwarder..?

I have this workflow UFs---------->HF---------->Splunkcloud I'm using this HF just to route the data to Splunk...

by Builder in

How can i get a timestamp when time only shows time and date is randomly assigned on other lines?

Stumped here. I have a logfile that looks like 18:21:05 (lmgrd) TIMESTAMP 8/16/2017 18:26:06 (ansyslmd) TIMESTA...

by Splunk Employee in

Universal Forwarders are phoning home but the indexes are not populating

So while I was out, some Windows config changes were pushed to some Windows servers that had fully deployed UFs with ...

by Contributor in

How to integrate BeyondTrust Retina to Splunk and find log source?

I am planning to integrate BeyondTrust Retina to Splunk and would like to know the process. Currently, the logs are c...

by New Member in

Import CSV with column that has "Change %" (percent symbol) in it. How do I search on this field?

Hello, I have been importing a CSV that has a column that has a percent symbol in it. How do I search on this...

by Communicator in

HTTP Event collector not working for .NET logging

We are getting authorization error while calling the service from dot net or java client. It is working fine with cur...

by Communicator in

How to create automatic wildcard lookups against more than one field in a CSV file?

Hi, I have defined a Automatic Lookup to a CSV File with several values per line. I would create automatic wildcar...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Calculate Age from 2 Timestamp fields

What REST API call can I use to find if a role has any read/write permissions on any Splunk objects?

Heavy Forwarder send events to remote syslog

Can a Splunk forwarder send data to Apache Kafka and then to our Splunk cluster? Bonus: Are heavy forwarders deprecated?

Archive raw and/or indexed data to external syslog server

Index override on heavy forwarder data

Will universal forwarder installs only work on specific OS versions?

What are all those brackets inside indexes.conf?

Splunk Universal Forwarder -- installing additional roles?

Is it safe to delete manually frozen buckets while indexer cluster is up and running?

The crash.log in the splunk forwarder has reflected Segmentation fault on starting up the process. How to resolve this configuration?

Scripting in metrics with Splunk?

Why collect Syslog via universal forwarder vs sending to Splunk directly?

How to set "Splunk Authentication" in Splunk Java SDK?

How do I set the inputs.conf file for continuous monitoring of an input file for appended data?

How can we adjust our firewall's timezone?

Which indexes.conf should I edit to set retirement policy?

Is there any way to NOT duplicate the data when adding CSV file?

Do we need a license for Heavy forwarder..?

How can i get a timestamp when time only shows time and date is randomly assigned on other lines?

Universal Forwarders are phoning home but the indexes are not populating

How to integrate BeyondTrust Retina to Splunk and find log source?

Import CSV with column that has "Change %" (percent symbol) in it. How do I search on this field?

HTTP Event collector not working for .NET logging

How to create automatic wildcard lookups against more than one field in a CSV file?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions