Getting Data In

Ask a Question

Discussions

Thread Info

VM templating of Splunk instances

We plan to create Splunk pre-installed virtual machine (VM) templates for internal use. We have assumed the follow...

by Path Finder in

Why isn't the timestamp being recognized ?

We have a case that looks like this - So, the events are not broken by the timestamp. Is it because of the...

by Ultra Champion in

When I delete an old version of Splunk does it delete the old indexes and hosts?

Hi All, I've recently had to reinstall Splunk on my server. It was using an index called "index2", I've since removed...

by New Member in

How to deal with data that was uploaded twice?

Hi Experts, I am now in a strange situation, we have a index in which we uploaded .csv files for every month and f...

by Path Finder in

Search for a list of installed packages with version numbers for a host

I've managed to create a search which will list for me all installed packages on a particular host, but I need to hav...

by New Member in

Windows Events Not showing Up on Indexer

A UF was installed on 2 Windows domain Controllers. These are in a different windows forest than my other devices. I ...

by Path Finder in

Doing stats on multivalued JSON fields (mxexpand is too slow)

Hi Ninjas I'm dealing with some deeply nested JSON events like: "sendTime":"2017-09-21T17:02:06.583+02:00","run...

by Communicator in

: skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block10

skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk s...

by Path Finder in

inputs.conf stanza to monitor only current data after changes are pushed to production (ignoring historical data)?

Hi All, I want to ingest the log files from an application server directory using universal forwarder. Log file...

by Communicator in

How to stop line breaking twice? First line feed is CR format and the second line feed is CRLF format

In my environment the following servers exist. windows 2012 R2 Splunk 6.5.2 On this server, when trying to export ...

by Builder in

diag を生成しても、デフォルトで lookup ファイルが含まれない

Splunk ver. 6.5.0 以降の Splunk サーバーで diagを生成したところ、lookup ファイルがデフォルトで diag内に見つかりません。これは製品の不具合でしょうか。

by Communicator in

Event data filtering working in one environment but not in other.

I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1. I need to fil...

by Path Finder in

Is there any reason I shouldn't edit an add-on's bin directory files?

I want to add a few things to an app that sends off API commands when saved searches trigger. Basically a new field f...

by Builder in

Does a change to props.conf require an indexer rolling restart?

I'm about to implement the change in Why isn't the timestamp being recognized ? It will be in $SPLUNK_HOME/etc/sys...

by Ultra Champion in

CSV Searches

Hello everyone. I've been reading and reading and I can not get consistent results from anything I have tried. So hop...

by New Member in

Trouble setting up universal forwarder for Windows Log Collection

I am trying to setup my splunk enterprise 6.6.1 to be able to injest windows logs from remote pc's but not having muc...

by Path Finder in

IIS Log Files parsing and Removing Load Balance Health Check

I,m using the new 7.0.0 version of Splunk at my distributed installation (Indexer,Search Head) and i´m trying to pars...

by New Member in

Splunk architecture feedback

Hello every body , I have to deploy 3 virtual machines to set up an architecture containing a forwarder, indexer a...

by New Member in

How to monitor servers using splunk

I have been tasked with figuring out how to monitor server activity using splunk and create alerts

by New Member in

Capturing AD Authenticated Applications

Scenario: We're doing an active directory upgrade which will effect applications that currently point to specific dom...

by Explorer in

How to get the daily indexed volume for Splunk on Ubuntu with a bash script?

Hi, I'd like to be able to monitor the amount of data indexed daily (ie, "so far today") so I can surface this up ...

by New Member in

Problem to index the entire CSV file

we use csv to track app's performance. I added the csv to forwarder and keep monitoring it. The problem is that while...

by New Member in

Extracting Key Value pair from JSON input

Hi, I need helkp regarding extraction of key value pair from a json input being forwarded to out indexer. I have alre...

by Explorer in

On which user my Splunk is running?

Not that familiar with *NIX hence the question. I created the user and group called splunk and then ran Splunk fo...

by Communicator in

import csv file and only store diffs from last import of same file (autoruns data)

I'm interested in storing csv output from the sysinternals autoruns tool in Splunk. But I will be pulling in from a r...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

VM templating of Splunk instances

Why isn't the timestamp being recognized ?

When I delete an old version of Splunk does it delete the old indexes and hosts?

How to deal with data that was uploaded twice?

Search for a list of installed packages with version numbers for a host

Windows Events Not showing Up on Indexer

Doing stats on multivalued JSON fields (mxexpand is too slow)

: skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block10

inputs.conf stanza to monitor only current data after changes are pushed to production (ignoring historical data)?

How to stop line breaking twice? First line feed is CR format and the second line feed is CRLF format

diag を生成しても、デフォルトで lookup ファイルが含まれない

Event data filtering working in one environment but not in other.

Is there any reason I shouldn't edit an add-on's bin directory files?

Does a change to props.conf require an indexer rolling restart?

CSV Searches

Trouble setting up universal forwarder for Windows Log Collection

IIS Log Files parsing and Removing Load Balance Health Check

Splunk architecture feedback

How to monitor servers using splunk

Capturing AD Authenticated Applications

How to get the daily indexed volume for Splunk on Ubuntu with a bash script?

Problem to index the entire CSV file

Extracting Key Value pair from JSON input

On which user my Splunk is running?

import csv file and only store diffs from last import of same file (autoruns data)

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions