Getting Data In

Thread Info

How to parse my sample JSON using spath?

I am trying to parse this json using spath, trying to create visualization from those kind of json logs. can some one...

by Engager in

how to upload and index xml file

please help me to upload xml file

by Engager in

How to add constant to HOST name using regular expression

I am using a reg-exp to set the host name from the file path e.g. \servername\logs\application\ag_clientname_log moni...

by Engager in

How to replicate a particular index's indexed data to other set of indexers?

We have 2 sets of Indexers in our environment. Set-1 has 29 indexers and Set-2 has 5 indexers. All the data comes ...

by Path Finder in

Sourcetypes "cross polinating"

I am having an issue with Splunk where the sourcetypes are getting mixed up between actualy sources. For example I ha...

by Builder in

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

In our inputs there are wildcard entries for directories and I recently noticed there were duplicate entries for the ...

by Contributor in

Should each device sending data have a different UDP input port?

Hello! I'm new and this is my first post here in the community. I did the Splunk installation with the purpose of ...

by New Member in

How do I Configure a Workflow to POST JSON Encoded Data?

When creating a work flow with a POST request everything is automatically URL encoded according to the docs. "Splu...

by Explorer in

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

I have several input types in my dashboard for which I have allotted different tokens. Now I have a requirement where...

by Explorer in

Renaming auto extracted fields

After parsing my json fields the auto extracted fields have format like this a{}.b and a{}.b{}.c and so on. When i tr...

by Explorer in

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

I have to upgrade 2 SH and 4 indexer clusters from Splunk 6.3 to Splunk 6.6. SearchHeads are not pooled. I'll be upgr...

by Path Finder in

Problem indexes.conf splunkd not restarting !

Hello , I have a distributed architecture of Splunk SH with Splunk ES and an indexer . I get suddenly this error m...

by Path Finder in

Multiple Whitelists

Hi I have the following two inputs in inputs.conf. They both work separably but not together. **Working** [moni...

by Influencer in

How to configure the universal forwarder to collect System Properties on a Windows Server?

How can I configure the universal forwarder to collect the hosts system properties?

by New Member in

Complex Conditional search based on time

I am a newbie in splunk and practising to learn it slowly. I have a setup where I am forwarding logs of Windows Ma...

by Communicator in

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicat...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to parse my sample JSON using spath?

how to upload and index xml file

How to add constant to HOST name using regular expression

How to replicate a particular index's indexed data to other set of indexers?

Sourcetypes "cross polinating"

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

Should each device sending data have a different UDP input port?

How do I Configure a Workflow to POST JSON Encoded Data?

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

Renaming auto extracted fields

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

Problem indexes.conf splunkd not restarting !

Multiple Whitelists

How to configure the universal forwarder to collect System Properties on a Windows Server?

Complex Conditional search based on time

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

How to drop log file headers before indexing?

Using Splunk as a enterprise data platform

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

Can single forwarder forward data to two different indexer's ??

unable to send windows events from splunk server to third party syslog server

Is it possible to set a conditional timestamp from indexed events?

Datanow props/transforms not working properly

How can I send the data from splunk to python arguments?

Powershell script to extract events from a log file - many dupe events indexed in Splunk

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Splunk Ingest Actions

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions