Getting Data In

Thread Info

How do I install a heavy forwarder for Splunk Cloud in a Windows environment?

Hi, Want to install HF for Splunk cloud on windows. Downloaded the Splunk enterprise 6.6.2 for windows from splunk we...

by New Member in

Union / Intersect results from different source type

Hi - I'm trying to union/intersect results from different source type using the SET command: set union [search sou...

by Path Finder in

Splunk not getting forwarder data though ports seem to be open

I am trying to set up a Splunk universal fowarder on a VyOS router going to a Splunk Enterprise instance I have on a ...

by New Member in

Need help creating/configuring CSV lookup

I know that using inputlookup will use a CSV file but is it possible to have a script create the CSV file that inputl...

by Explorer in

How can I send events from a monitor input file to an index I created?

I am not sure about this, it's very tricky. Can anyone help me on this? Do I need to update any .conf files?

by Path Finder in

How can I find the total and average indexing rates for all indexers?

How can I find the total and average indexing rates for all indexers on Splunk Cloud?

by New Member in

Why isn't my data reaching the index?

We have a small farm with no access to the forwarders. The forwarders do phone home but the following returns nothing...

by Ultra Champion in

Is there any way to apply cluster-bundle without rolling restart and search interruption?

I have a use case where we're updating props.conf frequently. We'd like to ideally be able to do this on an ad-hoc ba...

by Explorer in

How to Blacklist EventCode

I see this type of question has been asked several times, however I haven't been able to find the answer to my situat...

by Explorer in

How to resolve error "java.lang.IllegalArgumentException: URI can't be null" when testing HTTP Event Collector from a Java client?

I am trying to test the HTTP Event Collector from a java client, referred the Java project from splunk.com. Please he...

by Engager in

How do I get license usage per indexer using the Distributed Management Console?

I'm trying to use the licensing dashboard in DCM, splunk 6.4.1. For a 30 day by indexer it runs: `dmc_licensing_ba...

by Explorer in

Windows: How can I incorporate a PowerShell script into my search?

I'm working on a search over our Windows events to analyze the changes to permissions on files and directories: index...

by Observer in

How can I create a list of network devices?

Hi, I want to create a list of the IP addresses in our environment against the host DNS name. Cheers, Sean

by New Member in

How to forward logs with Splunk Universal Forwarder for the files with no header and logs should be in form of key/value

I have a Splunk Forwarder setup already on my host. I have certain files on folder (/tom/mike/). File names are st...

by Engager in

How do I complete a search including common and unique data fields from two different sources?

Hello, I would like to run a query that includes results from our main index as well as an uploaded CSV. I don't t...

by New Member in

How to index a log that was missing for a specific date in the past?

Hey Guys, We have a log for a specific index that was missing during an outage and we got it recovered. Obviously ...

by New Member in

Why is my "/usr/bin/last" script not working?

i have problem with my basic script. ist connnten only #!/bin/sh /usr/bin/last i updated also my default/i...

by Path Finder in

What is the compression ratio between the forwarders and indexers?

I need the approximate compression ratio of the data forwarded to indexers.

by New Member in

How can we find out whether a set of forwarders are connected to all indexers?

Is there a way to find out whether a set of forwarders are connected to all intended indexers? On a regular basis we ...

by Ultra Champion in

Recursively monitor files in current directory and subdirectories upto a specified maxDepth

Is it possible to recursively monitor the files in a directory tree but only till a specified maxDepth? Example: I ha...

by Path Finder in

Modify Splunk user role via the REST API

I have about 125 accounts I need to change the role on. This has to be possible via the REST API. Any thoughts from a...

by Builder in

On a Linux host, is a Splunk user account needed if you are running forwarder as root?

Hello, On a Linux host, in which we are installing universal forwarder (using rpm installer), if we install and pl...

by Engager in

Block Specific host/ip on indexer

Hi, I want to block the specific host/ip which sending logs to indexers for a time being later would need to enabl...

by Path Finder in

Search to show license usage at heavy forwarder level

Hello, I have a search similar with below which provide a total of 2868 GB usage for last 24 hrs. index=_intern...

by Path Finder in

Copy the value of a metadata filed to a new field at Index time

I have some network devices sending logs to a syslog server that has a UF installed. The 'host' field is populated wi...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How do I install a heavy forwarder for Splunk Cloud in a Windows environment?

Union / Intersect results from different source type

Splunk not getting forwarder data though ports seem to be open

Need help creating/configuring CSV lookup

How can I send events from a monitor input file to an index I created?

How can I find the total and average indexing rates for all indexers?

Why isn't my data reaching the index?

Is there any way to apply cluster-bundle without rolling restart and search interruption?

How to Blacklist EventCode

How to resolve error "java.lang.IllegalArgumentException: URI can't be null" when testing HTTP Event Collector from a Java client?

How do I get license usage per indexer using the Distributed Management Console?

Windows: How can I incorporate a PowerShell script into my search?

How can I create a list of network devices?

How to forward logs with Splunk Universal Forwarder for the files with no header and logs should be in form of key/value

How do I complete a search including common and unique data fields from two different sources?

How to index a log that was missing for a specific date in the past?

Why is my "/usr/bin/last" script not working?

What is the compression ratio between the forwarders and indexers?

How can we find out whether a set of forwarders are connected to all indexers?

Recursively monitor files in current directory and subdirectories upto a specified maxDepth

Modify Splunk user role via the REST API

On a Linux host, is a Splunk user account needed if you are running forwarder as root?

Block Specific host/ip on indexer

Search to show license usage at heavy forwarder level

Copy the value of a metadata filed to a new field at Index time

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions