Getting Data In

Discussions

Thread Info

How can we apply TRUNCATE across many sourcetypes?

We would like to set TRUNCATE=0 so we don't truncate the events at all. We normally use the sourcetype in props.conf....

by Ultra Champion in

What are the best way and practices to manage indexes

Hi everyone! I would like to know what are the best practices to manage the index's size. I read in this post (...

by Explorer in

how get a single output from 2 different "stats count"

Good morning, with the following search: index="app_dynatrace" sourcetype="pa" application="Saipemcom Prod" "dimen...

by New Member in

Config data Hot Warm Cold ?

Can anyone teach or show me some way to config data age of Hot Warm Cold with each indexs ? And how to check it succe...

by Engager in

If we make changes in .conf files is there a way not to restart entire splunk?

In general if we make changes in .conf files we need to restart splunk. Suppose splunk is deployed in production envi...

by New Member in

Index only one column from csv input

I wanted to index only "Date" column from this CSV file. I don't want any of the other columns to be indexed and want...

by Path Finder in

How can the forwarder detect available indexers?

We hard-code the indexers in the outputs.conf at the moment. How can we detect the indexers automatically by the forw...

by Ultra Champion in

Scripted data input producing output not appearing in Splunk

I am completely baffled on why some of the output I am producing from a script (its key-value pairs) is not appearing...

by Builder in

Forwarding and Indexing Large Files

Anyone have any experience with fowarding and indexing files larger than 200mb every minute? I'm curious if there are...

by Explorer in

How can I get list of users from rest api ?

Hi everyone, I'm currently running Splunk 6.5.3 I want list of all users who has access to splunk. |rest /s...

by New Member in

How to add log file in whitelist for date append file?

How to add log file in whitelist for date append file? Below is the file with date. Please help us to add those fi...

by Contributor in

Need some help with event breaks

Hi all, I was hoping someone might be able to point me in the right direction for where to set this and how exactly ...

by Communicator in

How to open the file in a web server

Hi Team, I have a file in a web server. The file can be opened in browser using link http://www.abcde.com/sample.t...

by New Member in

How to get two lines of JSON to break as two events?

I am using a simple receiver to upload some lines of JSON. The input file has one JSON object (hash) per line, termin...

by Explorer in

Why Splunkd does not automatically restart when Windows server is rebooted and how to fix?

Hello, When I go to services.msc I have splunkd set up to restart as a user with a u/n and p/w. However, it does n...

by Communicator in

Custom timestamps for csv format?

I have the following data from csv file that I want to index into splunk. I want to set the timestamp to be t...

by Contributor in

How do I unzip a file when pulling it from REST API?

So the rest API that I set up in Splunk will go out to this rest endpoint and the file that it will receive is a zip ...

by Contributor in

Using alternate Python for script data inputs

We are trying to do some snmp queries using Python and input the output key-value pairs into Splunk. We want to use p...

by Builder in

Why am I only getting 3 days worth of logs?

Hi, i am monitoring IIS logs for my environment and i want to ignore the older log files.i just want the files for...

by Contributor in

How to get results only from the last source file?

Hi, I got an index which continuously receive new source file automatically, what I want is to my search to only r...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How can we apply TRUNCATE across many sourcetypes?

What are the best way and practices to manage indexes

how get a single output from 2 different "stats count"

Config data Hot Warm Cold ?

If we make changes in .conf files is there a way not to restart entire splunk?

Index only one column from csv input

How can the forwarder detect available indexers?

Scripted data input producing output not appearing in Splunk

Forwarding and Indexing Large Files

How can I get list of users from rest api ?

How to add log file in whitelist for date append file?

Need some help with event breaks

How to open the file in a web server

How to get two lines of JSON to break as two events?

Why Splunkd does not automatically restart when Windows server is rebooted and how to fix?

Custom timestamps for csv format?

How do I unzip a file when pulling it from REST API?

Using alternate Python for script data inputs

Why am I only getting 3 days worth of logs?

How to get results only from the last source file?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...