Getting Data In

Discussions

Thread Info

How to perform a database cleanup on Windows?

Hello! Looking in the community, unfortunately I was confused and found only for Linux versions. And I installed it i...

by New Member in

Powershell unattended installation

How would you go about creating an unattend intallation on a Windows. I need a script for hte following reason: co...

by Champion in

index the same logs to multiple indexes - good or bad?

Hi There, I would like to know if it's not recommended to index the same logs to two different indexes? We actuall...

by Explorer in

Simple XML: How to pass timestamps to a drilldown?

Running Splunk 6.3.10 I'm running into an issue trying pass a custom time to a drilldown for a table. The search r...

by Explorer in

Lookup in props using combined columns

While writing props/transforms for an in house TA, i'm stuck with a tricky situation. I'm making use of lookup file t...

by Super Champion in

Rename sourcetype to keep all the same no -too_small or -2,-3 added

We have a 3 index/3 search head cluster with master and deployment server. I have a inputs.conf with [monitor:L...

by New Member in

How to create a summary index for my csv file

On a daily basis I have a CSV loaded into splunk. I want to create a summary index so that this CSV will have histori...

by Contributor in

Splunk Cloud Trial and Http Event Collector - NOT WORKING

I have the 15 day trial version of Splunk Cloud. The Http Event Collector documentation http://dev.splunk.com/view/ev...

by Contributor in

At what point do you need to consider scaling horizontally for Syslog collection and what would that architecture look like?

I started a thread a while ago about UDP errors with syslog (http://answers.splunk.com/answers/42645/log-dropping-in-...

by Builder in

What are the Advantages and Disadvantages of Clustered indexers and Load Balanced Indexers?

Hi Fellow Ninja, I just want to ask what are the advantages and disadvantages of clustered indexers and Load balan...

by Communicator in

New application of the search head cannot make search data

I've created two splunk applications that work fine and can access the data on my indexers. However, when I create a ...

by Path Finder in

Filter iis logs before indexing

I've upgraded to Splunk 6.01 and noticed the improved handling of the windows events prior to indexing and wondered i...

by Explorer in

whitelist queries

HI I have a question The existing whitelist in inputs.conf includes whitelist = (tomcat|vizql|hs_err|tdeserver6...

by New Member in

How do I mask a pattern using sedcmd in props.conf?

How do I replace/mask the pattern below in props.conf..? pattern \"password\":\"passtest@123\" expecting \"pass...

by Builder in

How to parse my sample JSON using spath?

I am trying to parse this json using spath, trying to create visualization from those kind of json logs. can some one...

by Engager in

how to upload and index xml file

please help me to upload xml file

by Engager in

How to add constant to HOST name using regular expression

I am using a reg-exp to set the host name from the file path e.g. \servername\logs\application\ag_clientname_log moni...

by Engager in

How to replicate a particular index's indexed data to other set of indexers?

We have 2 sets of Indexers in our environment. Set-1 has 29 indexers and Set-2 has 5 indexers. All the data comes ...

by Path Finder in

Sourcetypes "cross polinating"

I am having an issue with Splunk where the sourcetypes are getting mixed up between actualy sources. For example I ha...

by Builder in

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

In our inputs there are wildcard entries for directories and I recently noticed there were duplicate entries for the ...

by Contributor in

Should each device sending data have a different UDP input port?

Hello! I'm new and this is my first post here in the community. I did the Splunk installation with the purpose of ...

by New Member in

How do I Configure a Workflow to POST JSON Encoded Data?

When creating a work flow with a POST request everything is automatically URL encoded according to the docs. "Splu...

by Explorer in

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

I have several input types in my dashboard for which I have allotted different tokens. Now I have a requirement where...

by Explorer in

Renaming auto extracted fields

After parsing my json fields the auto extracted fields have format like this a{}.b and a{}.b{}.c and so on. When i tr...

by Explorer in

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

I have to upgrade 2 SH and 4 indexer clusters from Splunk 6.3 to Splunk 6.6. SearchHeads are not pooled. I'll be upgr...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to perform a database cleanup on Windows?

Powershell unattended installation

index the same logs to multiple indexes - good or bad?

Simple XML: How to pass timestamps to a drilldown?

Lookup in props using combined columns

Rename sourcetype to keep all the same no -too_small or -2,-3 added

How to create a summary index for my csv file

Splunk Cloud Trial and Http Event Collector - NOT WORKING

At what point do you need to consider scaling horizontally for Syslog collection and what would that architecture look like?

What are the Advantages and Disadvantages of Clustered indexers and Load Balanced Indexers?

New application of the search head cannot make search data

Filter iis logs before indexing

whitelist queries

How do I mask a pattern using sedcmd in props.conf?

How to parse my sample JSON using spath?

how to upload and index xml file

How to add constant to HOST name using regular expression

How to replicate a particular index's indexed data to other set of indexers?

Sourcetypes "cross polinating"

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

Should each device sending data have a different UDP input port?

How do I Configure a Workflow to POST JSON Encoded Data?

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

Renaming auto extracted fields

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions