Getting Data In

Thread Info

No results in search

deleted

by Explorer in

Why are these additional Splunk processes starting and stopping on Windows hosts configured with Universal Forwarders?

I have a collection of Windows 2008R2 servers running the Universal Forwarder which I configured to forward Windows E...

by Explorer in

How to find domain from DNS log

I am trying to compare dns log to a list of suspicions domain my dns log look like that : 22.333.xxx.apple.com ...

by New Member in

How to export a list containing Host Name, Host IP, Apps, Server Class, and Machine Type for a Splunk server?

My group is taking over operations for a Splunk server brought over from an acquisition. We are trying to get a handl...

by Engager in

Is there a option to ingest application logs for only one applicaiton(process) on teh windows servers?

Hi Is there a option to ingest the logs of only one process from the windows servers ignoring rest of the events?

by Builder in

timestamp is outside of acceptable window

I have a field in .csv file that have future dates. while uploading to Splunk, it shows the below error message and d...

by New Member in

handling future dates from csv

hi, I have a csv file, having time field 'Start Time'. This field will have entries of current week dates as well as ...

by Communicator in

Minimise return records by filtering date field

Hi, I am running the below script successfully. However, I would like to now minimise the return results by only c...

by New Member in

i have column a,b,c and i want to delete only in b column where value is 2. remaining columns should have to be same. i tried with mvfilter but it makes empty all the columns. i want to delete/remove particular value and make the field empty

a b c 1 2 3 2 1 4 4 1 2 1 2 3

by Builder in

How to troubleshoot why Splunk suddently stopped indexing logs after 1-2 months?

I have splunk in domain mode set to look through 2 inputs over UNC path that are IIS logs. I have the inputs the same...

by New Member in

How can I route logs to a specific index based on host/source combo?

We currently have our perf and N1 environments combined and I need to route certain logs to certain indexes based on ...

by Path Finder in

Unable to obfuscate data in IIS logs using SEDCMD

Hi all, I need to strip cookie values from IIS events. The sourcetype is correctly set as "iis" and the following ...

by Path Finder in

Why my sourcetypes under universal forwarder not showing up in Splunk GUI?

We have a windows forwarder running on vm02, and forwarding data to vm01 which is the main Splunk Enterprise. we ...

by Communicator in

sedcmd incoming data based on host or index

Hi, I have a SEDCMD simalar to SEDCMD-remove-values = s/<Value>.+<\/Value>/removed-by-splunk/g which works...

by Explorer in

How can I list all views owned by a particular user?

I've tried the /servicesNS/userid/-/data/ui/views endpoint but maybe I'm not using it correctly. I have a known view ...

by Influencer in

Feed inputs as command line argument

Is it possible to provide inputs to Splunk through command line argument (similar to python for compiling)? Instead o...

by Engager in

Splunk Universal Forwarder is ignoring logs

OS: Windows Server 2008 R2 Enterprise Splunk Universal Forwarder version: 6.2.6 (build 274160) Hi, Good Day. Wo...

by Communicator in

forwarder creating multiline event from big file transferred via rsycn on slow channel

We have big file with events in each line of file. Every minute file transfers via rsync to forwarder with new events...

by Path Finder in

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Basically I need time/date code to add within my Panel so that each tiem it opens, the Panel searches from 8AM the fo...

by Explorer in

Escape JSON data at index time

I'm trying to escape JSON data at index time because I can't do it from within the application that is generating the...

by Explorer in

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

I am trying to blacklist the following in the inputs.conf Currently I have this: [monitor:///var/log] disabled...

by Explorer in

WinEventLogs Cannot get Event Details

I am monitoring WinEventLogs for Direct Access Troubleshooting using stanzas like: [WinEventLog://Microsoft-Window...

by Builder in

heavy forwarder operation question

Hi, I'm trying to determine the best way to parse out data before it gets to my splunk indexer. It looks like a heavy...

by Path Finder in

Copy Field and remove duplicate

Hello All, I have a column list of records as below recordA recordB recordA RecordB RecordC RecordD and I w...

by Explorer in

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

We have around 10 Search Heads and 13 Indexers. Since this morning, we are seeing the below errors and our SH is not ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

No results in search

Why are these additional Splunk processes starting and stopping on Windows hosts configured with Universal Forwarders?

How to find domain from DNS log

How to export a list containing Host Name, Host IP, Apps, Server Class, and Machine Type for a Splunk server?

Is there a option to ingest application logs for only one applicaiton(process) on teh windows servers?

timestamp is outside of acceptable window

handling future dates from csv

Minimise return records by filtering date field

i have column a,b,c and i want to delete only in b column where value is 2. remaining columns should have to be same. i tried with mvfilter but it makes empty all the columns. i want to delete/remove particular value and make the field empty

How to troubleshoot why Splunk suddently stopped indexing logs after 1-2 months?

How can I route logs to a specific index based on host/source combo?

Unable to obfuscate data in IIS logs using SEDCMD

Why my sourcetypes under universal forwarder not showing up in Splunk GUI?

sedcmd incoming data based on host or index

How can I list all views owned by a particular user?

Feed inputs as command line argument

Splunk Universal Forwarder is ignoring logs

forwarder creating multiline event from big file transferred via rsycn on slow channel

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Escape JSON data at index time

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

WinEventLogs Cannot get Event Details

heavy forwarder operation question

Copy Field and remove duplicate

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions