Getting Data In

Thread Info

Event Splitting on Nested JSON

I have JSON files which I am trying to event split as the JSON contains multiple events within each log. Here is an e...

by Explorer in

How to automate a silent installation of a Splunk universal forwarder on Solaris using the PKG file?

Hello fellow Splunkers, Have any of you been able to install Splunk Universal Forwarder on Solaris using the PKG f...

by Path Finder in

Splunk Add on for AWS

Hi Team, We are trying to onboard AWS cloudwatch metrics and events data to splunk , we decided to go with splunk A...

by Loves-to-Learn in

change location of Database containing seekAddress and seekCRC for monitored files

Hello Splunk community,I would like to know if there is a way to change the database location of monitored file in sl...

by Loves-to-Learn in

Configure event timestamp recognition from epoch

Hello, I have events in this format: <servername> <metricname> <epochtime> <metricvalue> These events comes...

by Path Finder in

Parse XML data into fields while indexing

Sample data: <?xml version="1.0" encoding="UTF-8" ?><Results xmlns:xsi="http://www.w3.org"><Result><Code>OK</Code><...

by Path Finder in

Quarantined heavy Forwarder

Hi at all, I encountered a strange behaviour in one Splunk infrastructure. We have two heavy Forwarders that conc...

by SplunkTrust in

Filter using a lookup.

I want to write a query whose purpose is to print for users who are not authorized to enter, and of course with the p...

by Loves-to-Learn Lots in

Universal forwarder installation on a splunk server?

Hello, I'm reading the Forwarder Management manual and it states " Do not install the universal forwarder over an ...

by Path Finder in

Role or User Specific Web Session Timeout

Hi all, I have read through the splunk documentation for session timeout here, but these seems to be for splunk ove...

by Path Finder in

Field Alias

A user wants to create a new field alias for a field that appears in two sourcetypes.How many field aliases need to b...

by Engager in

how to work with transforms.conf

Hello I have few services that today sends data some index via code. We are going to remove this index and create...

by Communicator in

Solaris SPARC server integration with Splunk

Hi All,I need to collect system metrics and monitor local files on Solaris servers. I'm considering installing the Un...

by Loves-to-Learn in

Not getting normal logs from UPS, but test logs work at any severity level

I'm not very experienced with Splunk, but I've been asked to set up syslog forwarding from our UPS's to our Splunk se...

by New Member in

Use headers as fields for CSV imports on splunk cloud platform

Hi, i'm using the splunk cloud platform for a school project. When I import my csv files into splunk, it doesn't see...

by Explorer in

Sample C++ Boost code to send msg to Splunk

Hi, I'm trying to run this below sample code to send msg to Splunk, but getting error - Host not found. Am I doin...

by New Member in

Local Event Log Collection on Mac

Hello, I am brand new to Splunk and after watching a short tutorial to get started, I saw that Settings => Data Inp...

by New Member in

Data Models mapping not working for me

Hello, community, I wanted to share a challenge that I have mapping fields to Data Models. The issue is that I h...

by Communicator in

How do we define collections.conf in SplunkCloud?

Creating Lookup Definition (transforms stanza) can be done on Splunk Web UI. But since we need to point a kv definiti...

by Builder in

Filter which events to be ingested

Hello everyone , I need to onboard a huge amount of logs which the 90% of them is unnecessary . My goal is to i...

by Engager in

How to ingest file that need to calculate timestamp for each events using elasped time and trigger time

How to this the following file based on trigger time and elapsed time? "File name","AUTO_231126_012051_0329.CSV","V...

by Explorer in

HF not send the logs to Splunk Cloud instance

Hi Splunkers, i already done configuration of HF and install uf credentials. but i can't see the logs of palo a...

by Loves-to-Learn in

Assistance Needed for Setting Up Assets and Identity from Scratch

Hi, Can someone please assist me in setting up assets and identity from the scratch, and what prerequisites are nec...

by Builder in

How to monitor a log file that is getting trimmed at beginning of file

We are using Splunk 9 and are seeing a situation where a file gets re-ingested entirely each time the vendor product ...

by Explorer in

Slack notification error code 1

I'm trying to get Slack alerts set on my Splunk Cloud instance but the test give me the following output: 04-14-202...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Event Splitting on Nested JSON

How to automate a silent installation of a Splunk universal forwarder on Solaris using the PKG file?

Splunk Add on for AWS

change location of Database containing seekAddress and seekCRC for monitored files

Configure event timestamp recognition from epoch

Parse XML data into fields while indexing

Quarantined heavy Forwarder

Filter using a lookup.

Universal forwarder installation on a splunk server?

Role or User Specific Web Session Timeout

Field Alias

how to work with transforms.conf

Solaris SPARC server integration with Splunk

Not getting normal logs from UPS, but test logs work at any severity level

Use headers as fields for CSV imports on splunk cloud platform

Sample C++ Boost code to send msg to Splunk

Local Event Log Collection on Mac

Data Models mapping not working for me

How do we define collections.conf in SplunkCloud?

Filter which events to be ingested

How to ingest file that need to calculate timestamp for each events using elasped time and trigger time

HF not send the logs to Splunk Cloud instance

Assistance Needed for Setting Up Assets and Identity from Scratch

How to monitor a log file that is getting trimmed at beginning of file

Slack notification error code 1

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions