Getting Data In

Ask a Question

Discussions

Thread Info

Archive data to remote share drive. Where I can put login detail

Hi Everyone I am trying to move index file to a remote share drive, to access the drive I need put username/password...

by Communicator in

Splunk props.conf

Hi, My logs are not breaking correctly. Below is sample logs 16:40:13,732 INFO web Redeemed promotion=BI_500_POINT...

by Explorer in

Multi site Data center forwarding data to indexer?

Considering multi site data center for log forwarding having same logs , lets say site 1 and site 2 logs are being fo...

by Engager in

How to run Universal Forwarder script to create user splunk and set the forwarder service to run under said user?

Hello, This isn't a question as much as I have modified the Splunk Universal Forwarder remote installation script ...

by Explorer in

Universal forwarder support on RHEL 7

Hello, I do not see any version of Splunk universal forwarder for linux kernel 3.10+ on the dowload portal. Is the...

by Explorer in

Why is our Windows Splunk forwarder displaying passwords in clear text in the password file? How do we encrypt it?

On the Windows side, the Splunk forwarder file displays clear text passwords. Can they be encrypted, and how? Than...

by New Member in

outputs.conf: sslPassword not hashing if placed under the [tcpout] stanza

Hey all, I've configured $SPLUNK_HOME/etc/system/local/outputs.conf to use SSL certificates for forwarding logs. M...

by Path Finder in

WinEventLog System

hi question regarding the wineventlog system collection. for some reason splunk is only displaying event code 7036...

by Path Finder in

WinEventLog question

hi i added the below to my inputs.conf and restarted the forwarder service but when i search my host it still does...

by Path Finder in

Average on time only, without considering date

I have this query: Base quey | eval EndTime = if(Result="OK", _time, null) | eval StartTime = if(LogType ="START"...

by Communicator in

Empty results from rest call in Report

Hello. Running 6.6 (paid license) with LDAP authentication. I need to use my own email in a Report. I built a complex...

by Path Finder in

Forward logs to 3rd party syslog server without additional timestam/oroginated host field

Hi, We have a syslog input with non-syslog sourcetype over TCP. Everything looks good in Splunk. However, we have ...

by Communicator in

je n'arrive pas à ajouter des données sur Splunk, voilà le message d'erreur: "Vous n'êtes pas habilité à ajouter des données. Veuillez contacter votre administrateur"

lorsque je transmet un chemin d'un file ou que je transmet directement le file, je n'arrive pas à accéder a avoir l'h...

by New Member in

Questions on Splunk and Syslog-ng Server

What are the Splunk requirements to receive the data from Syslog-ng server?What are the Syslog requirements to get th...

by New Member in

Index isn't shrinking when configuring Index size

I have the app Splunk_TA_microsoft_ad and I am trying to reduce the storage size of the index "wineventlog" from 50gb...

by Explorer in

Why does forwarding stop until i restart splunk

I have a 4.3.3 UF on a windows 2008r2 box that was forwarding windows event logs quite happily. It's now stopped for...

by Path Finder in

Not showing csv data

hi, I uploaded csv file having a date field. This field has current week dates as well as future week dates. CSV got ...

by Communicator in

Filtering mutiple table rows created from a single log entry

I have multiple JDBC connection pools and their realtime stats are written to a log on a regular basis. I would like ...

by New Member in

REST API searches without search id

Hello guys, is it possible to request directly results without preliminary search id or we always need to run, get...

by Motivator in

How do I enable the HTTP Event Collector?

The following HTTP Event Collector walkthrough says - -- To enable it, in Splunk Enterprise and self-service or...

by Ultra Champion in

Why am I getting an error that my license has expired or have exceeded license violations?

Hi  Dears, I am using Splunk 6.4 as a heavy forwarder which send its logs to an indexer (6.3) . Heavy forwarder ...

by Explorer in

Input Script as a Data to Index the same in Splunk

We got an requirement to input data via script and I am new to it. so how to achieve it. So how to achieve it...

by Path Finder in

Where to save the r-code in splunk and how to run the r-code?

Hi, Where to save the R-code in splunk and how to run the r-code ? Thanks, sai

by Engager in

Logs defaulting into _internal

I changed the Index I am sending logs to and then reloaded the server-class but my logs are ending up in _internal no...

by New Member in

Setup deployment server and a heavy forwarder.

we have a clustered environment 6 indexers , 3 search heads , 1 Cluster Master, License Server, Deployment Server on ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Archive data to remote share drive. Where I can put login detail

Splunk props.conf

Multi site Data center forwarding data to indexer?

How to run Universal Forwarder script to create user splunk and set the forwarder service to run under said user?

Universal forwarder support on RHEL 7

Why is our Windows Splunk forwarder displaying passwords in clear text in the password file? How do we encrypt it?

outputs.conf: sslPassword not hashing if placed under the [tcpout] stanza

WinEventLog System

WinEventLog question

Average on time only, without considering date

Empty results from rest call in Report

Forward logs to 3rd party syslog server without additional timestam/oroginated host field

je n'arrive pas à ajouter des données sur Splunk, voilà le message d'erreur: "Vous n'êtes pas habilité à ajouter des données. Veuillez contacter votre administrateur"

Questions on Splunk and Syslog-ng Server

Index isn't shrinking when configuring Index size

Why does forwarding stop until i restart splunk

Not showing csv data

Filtering mutiple table rows created from a single log entry

REST API searches without search id

How do I enable the HTTP Event Collector?

Why am I getting an error that my license has expired or have exceeded license violations?

Input Script as a Data to Index the same in Splunk

Where to save the r-code in splunk and how to run the r-code?

Logs defaulting into _internal

Setup deployment server and a heavy forwarder.

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions