Getting Data In

Thread Info

Why am I not receiving any data from my new sourcetype in inputs.conf?

I have decided to use a different sourcetype for some logs which are already going into splunk (every 2 mins or so) ...

by New Member in

How to prevent curly brackets from showing up in JSON field names?

Hi folks, I'm trying to ingest some JSON data into Splunk, which it handles wonderfully, but I am getting curly br...

by Communicator in

How to specify source stanza for non-file input types in props.conf

I am trying to write some source:: stanzas in props.conf to forward data to another system. For file inputs (e.g., mo...

by Path Finder in

How can we send our firewall logs directly to an indexer (without a heavy forwarder)?

We have two indexers and 1 search head in our environment. We are going to integrate a Cisco ASA firewall with Splunk...

by New Member in

RSyslog, Dynamic Filenames, and Host_Regex

Hi Splunkers, We're using Rsyslog to collect many of our appliance syslog streams, and then bringing them into Spl...

by Path Finder in

How do I install a heavy forwarder for Splunk Cloud in a Windows environment?

Hi, Want to install HF for Splunk cloud on windows. Downloaded the Splunk enterprise 6.6.2 for windows from splunk we...

by New Member in

Union / Intersect results from different source type

Hi - I'm trying to union/intersect results from different source type using the SET command: set union [search sou...

by Path Finder in

Splunk not getting forwarder data though ports seem to be open

I am trying to set up a Splunk universal fowarder on a VyOS router going to a Splunk Enterprise instance I have on a ...

by New Member in

Need help creating/configuring CSV lookup

I know that using inputlookup will use a CSV file but is it possible to have a script create the CSV file that inputl...

by Explorer in

How can I send events from a monitor input file to an index I created?

I am not sure about this, it's very tricky. Can anyone help me on this? Do I need to update any .conf files?

by Path Finder in

How can I find the total and average indexing rates for all indexers?

How can I find the total and average indexing rates for all indexers on Splunk Cloud?

by New Member in

Why isn't my data reaching the index?

We have a small farm with no access to the forwarders. The forwarders do phone home but the following returns nothing...

by Ultra Champion in

Is there any way to apply cluster-bundle without rolling restart and search interruption?

I have a use case where we're updating props.conf frequently. We'd like to ideally be able to do this on an ad-hoc ba...

by Explorer in

How to Blacklist EventCode

I see this type of question has been asked several times, however I haven't been able to find the answer to my situat...

by Explorer in

How to resolve error "java.lang.IllegalArgumentException: URI can't be null" when testing HTTP Event Collector from a Java client?

I am trying to test the HTTP Event Collector from a java client, referred the Java project from splunk.com. Please he...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why am I not receiving any data from my new sourcetype in inputs.conf?

How to prevent curly brackets from showing up in JSON field names?

How to specify source stanza for non-file input types in props.conf

How can we send our firewall logs directly to an indexer (without a heavy forwarder)?

RSyslog, Dynamic Filenames, and Host_Regex

How do I install a heavy forwarder for Splunk Cloud in a Windows environment?

Union / Intersect results from different source type

Splunk not getting forwarder data though ports seem to be open

Need help creating/configuring CSV lookup

How can I send events from a monitor input file to an index I created?

How can I find the total and average indexing rates for all indexers?

Why isn't my data reaching the index?

Is there any way to apply cluster-bundle without rolling restart and search interruption?

How to Blacklist EventCode

How to resolve error "java.lang.IllegalArgumentException: URI can't be null" when testing HTTP Event Collector from a Java client?

How do I get license usage per indexer using the Distributed Management Console?

Windows: How can I incorporate a PowerShell script into my search?

How can I create a list of network devices?

How to forward logs with Splunk Universal Forwarder for the files with no header and logs should be in form of key/value

How do I complete a search including common and unique data fields from two different sources?

How to index a log that was missing for a specific date in the past?

Why is my "/usr/bin/last" script not working?

What is the compression ratio between the forwarders and indexers?

How can we find out whether a set of forwarders are connected to all indexers?

Recursively monitor files in current directory and subdirectories upto a specified maxDepth

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions