Getting Data In

Thread Info

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

I have to upgrade 2 SH and 4 indexer clusters from Splunk 6.3 to Splunk 6.6. SearchHeads are not pooled. I'll be upgr...

by Path Finder in

Problem indexes.conf splunkd not restarting !

Hello , I have a distributed architecture of Splunk SH with Splunk ES and an indexer . I get suddenly this error m...

by Path Finder in

Multiple Whitelists

Hi I have the following two inputs in inputs.conf. They both work separably but not together. **Working** [moni...

by Influencer in

How to configure the universal forwarder to collect System Properties on a Windows Server?

How can I configure the universal forwarder to collect the hosts system properties?

by New Member in

Complex Conditional search based on time

I am a newbie in splunk and practising to learn it slowly. I have a setup where I am forwarding logs of Windows Ma...

by Communicator in

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicat...

by New Member in

How to drop log file headers before indexing?

I've had a read of dropping useless headers in Splunk 6 and tried using the FIELD_HEADER_REGEX, in fact I also tried ...

by SplunkTrust in

Using Splunk as a enterprise data platform

Splunk has to fit into a structured and unstructured world without duplicating effort. Splunk currently serves as a s...

by Path Finder in

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

We are pulling data like Red Hat logs, Apigee, Ansible etc. from AWS through fluentd plugin which is forwarding data ...

by New Member in

Can single forwarder forward data to two different indexer's ??

Hi I am using a UF say in Machine A , its has logs at two different paths say Log Path1 and Log Path2 . Now i want...

by Motivator in

unable to send windows events from splunk server to third party syslog server

tried below configurations to forward the data from SPLUNK server to syslog server(third party) , but no data in sysl...

by Loves-to-Learn in

Is it possible to set a conditional timestamp from indexed events?

I have an XML file with "items" that are being indexed. The issue is that these "items" can possibly have two differe...

by New Member in

Datanow props/transforms not working properly

I have some Datanow syslog data coming into my environment and i have setup a transforms.conf file to extract some sp...

by Path Finder in

How can I send the data from splunk to python arguments?

Hello everyone, i would like to ask if you guys have an idea on how can i send the data i got from splunk to python a...

by Explorer in

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Question - is there a CRC equivalent for data indexed from a Powershell function? On a server, I have a log file g...

by Path Finder in

Whats the best practice to break the windows events?

Hi All, We have 2 Domains, all the windows events are going to wineventlog and windows and perfmon indexes. If I b...

by Builder in

Splunk forwarders on clustered nodes monitoring the same files

Is there a high-availability or multi-node configuration for Splunk forwarders? I have a small RHEL cluster writin...

by Motivator in

Best way to Filter Windows Events before Indexing?

Hi We're seeing may Events with EventCode 4624 and 4634 with Account_Name ending with $ sign. Is there any value f...

by Builder in

line-break issues in events

I'm having issues with line break for some reason. I'm looking to break into individual line events. I've included th...

by Contributor in

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

When I import the csv file (before indexing), Splunk puts the columns in alphabetical order. I would keep the sort as...

by Path Finder in

Do I need frozen storage?

My retention policy has drastically changed and we are utilizing syslog as a main retention source. On the Splunk sid...

by Contributor in

Where to make configuration changes in inputs.conf and outputs.conf on Linux?

Hi Team, I have installed Splunk setup on one of my VM. On another VM I installed the Splunk universal forwarder t...

by New Member in

The Universal Forwarder tries to collect data from the connected device through the network driver.

Forwarder is installed in Windows 7 32bit. The Universal Forwarder tries to collect data from the connected device th...

by New Member in

How to ingest netflow/sflow logs

We intend to collected netflow/sflow logs in our Splunk Enterprise solution. I read that there is an app required to ...

by New Member in

Props.conf file changes

Hi, my sample data like this 101,Mango,0.40% 102,Orange,0.70% It is coming as a single event, as i want to split int...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

Problem indexes.conf splunkd not restarting !

Multiple Whitelists

How to configure the universal forwarder to collect System Properties on a Windows Server?

Complex Conditional search based on time

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

How to drop log file headers before indexing?

Using Splunk as a enterprise data platform

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

Can single forwarder forward data to two different indexer's ??

unable to send windows events from splunk server to third party syslog server

Is it possible to set a conditional timestamp from indexed events?

Datanow props/transforms not working properly

How can I send the data from splunk to python arguments?

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Whats the best practice to break the windows events?

Splunk forwarders on clustered nodes monitoring the same files

Best way to Filter Windows Events before Indexing?

line-break issues in events

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

Do I need frozen storage?

Where to make configuration changes in inputs.conf and outputs.conf on Linux?

The Universal Forwarder tries to collect data from the connected device through the network driver.

How to ingest netflow/sflow logs

Props.conf file changes

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions