Getting Data In

Ask a Question

Discussions

Thread Info

Timezones issues 1 site, 3 users in different timezones.

Hi I have 1 sight, but users in 3 timezone. One in Dublin,Paris and Beirut. (Paris is one hour ahead of me). ...

by Influencer in

License slave to master REST API calls

Hello guys, is it possible to know which REST calls (if it's the case) are done when license slave is reporting it...

by Motivator in

Timezones - Same Time 3 sites

Hi I have 3 office all 1 hour different from each other. 100% of SPLUNK is installed in the middle office. (Paris...

by Influencer in

Why is my Universal Forwarder showing extreme lag or latency when sending Windows event log data?

A Windows 2008R2 Universal Forwarder and Indexer are located in different geographical location. Events are hours beh...

by Explorer in

REGEX help with ingesting XML file. Timestamp not working correctly

Looking to extract the "2017-06-23 15:48:56.218" from the 2nd line in the log and use it for the timestamp when inges...

by Path Finder in

Can anyone let me know whether I can stream Splunk data into cassandra database without using DataStax?

Hi I am working on a data analytics project where I am trying to stream Splunk logs data to cassandra database and co...

by New Member in

Failed to find Event Log

[WinEventLog://Microsoft-Windows-DNS Client Events/Operational] disabled = 0 index = wineventlog interval = 60 Wh...

by Builder in

Is it possible to read and monitor Windows server files from a Linux Heavy Forwarder?

I have an environment where it's going to be a hassle to add a new Windows server. However, we have a file on a Windo...

by Builder in

reciprocal entries in next row

I am using lookup commands for data in a csv file and trying to map src_ip to the HOST and the SERVER in different ro...

by Path Finder in

fail over data ingestion

I am collecting logs from different sources using syslog-ng + UF . is there a way I can distribute these logs to two ...

by Engager in

multiple input fields for csv lookup

if I have a src_ip in a juniper sourcetype and want to match it to a HOST in the csv file and also to a SERVER in the...

by Path Finder in

Issues with Splunk "scrub" command not anomymizing data correctly

A customer was using Splunk "scrub" command to anonymize sensitive data (eg user name) at search time. While this wor...

by Splunk Employee in

Archive data to remote share drive. Where I can put login detail

Hi Everyone I am trying to move index file to a remote share drive, to access the drive I need put username/password...

by Communicator in

Splunk props.conf

Hi, My logs are not breaking correctly. Below is sample logs 16:40:13,732 INFO web Redeemed promotion=BI_500_POINT...

by Explorer in

Multi site Data center forwarding data to indexer?

Considering multi site data center for log forwarding having same logs , lets say site 1 and site 2 logs are being fo...

by Engager in

How to run Universal Forwarder script to create user splunk and set the forwarder service to run under said user?

Hello, This isn't a question as much as I have modified the Splunk Universal Forwarder remote installation script ...

by Explorer in

Universal forwarder support on RHEL 7

Hello, I do not see any version of Splunk universal forwarder for linux kernel 3.10+ on the dowload portal. Is the...

by Explorer in

Why is our Windows Splunk forwarder displaying passwords in clear text in the password file? How do we encrypt it?

On the Windows side, the Splunk forwarder file displays clear text passwords. Can they be encrypted, and how? Than...

by New Member in

outputs.conf: sslPassword not hashing if placed under the [tcpout] stanza

Hey all, I've configured $SPLUNK_HOME/etc/system/local/outputs.conf to use SSL certificates for forwarding logs. M...

by Path Finder in

WinEventLog System

hi question regarding the wineventlog system collection. for some reason splunk is only displaying event code 7036...

by Path Finder in

WinEventLog question

hi i added the below to my inputs.conf and restarted the forwarder service but when i search my host it still does...

by Path Finder in

Average on time only, without considering date

I have this query: Base quey | eval EndTime = if(Result="OK", _time, null) | eval StartTime = if(LogType ="START"...

by Communicator in

Empty results from rest call in Report

Hello. Running 6.6 (paid license) with LDAP authentication. I need to use my own email in a Report. I built a complex...

by Path Finder in

Forward logs to 3rd party syslog server without additional timestam/oroginated host field

Hi, We have a syslog input with non-syslog sourcetype over TCP. Everything looks good in Splunk. However, we have ...

by Communicator in

je n'arrive pas à ajouter des données sur Splunk, voilà le message d'erreur: "Vous n'êtes pas habilité à ajouter des données. Veuillez contacter votre administrateur"

lorsque je transmet un chemin d'un file ou que je transmet directement le file, je n'arrive pas à accéder a avoir l'h...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Timezones issues 1 site, 3 users in different timezones.

License slave to master REST API calls

Timezones - Same Time 3 sites

Why is my Universal Forwarder showing extreme lag or latency when sending Windows event log data?

REGEX help with ingesting XML file. Timestamp not working correctly

Can anyone let me know whether I can stream Splunk data into cassandra database without using DataStax?

Failed to find Event Log

Is it possible to read and monitor Windows server files from a Linux Heavy Forwarder?

reciprocal entries in next row

fail over data ingestion

multiple input fields for csv lookup

Issues with Splunk "scrub" command not anomymizing data correctly

Archive data to remote share drive. Where I can put login detail

Splunk props.conf

Multi site Data center forwarding data to indexer?

How to run Universal Forwarder script to create user splunk and set the forwarder service to run under said user?

Universal forwarder support on RHEL 7

Why is our Windows Splunk forwarder displaying passwords in clear text in the password file? How do we encrypt it?

outputs.conf: sslPassword not hashing if placed under the [tcpout] stanza

WinEventLog System

WinEventLog question

Average on time only, without considering date

Empty results from rest call in Report

Forward logs to 3rd party syslog server without additional timestam/oroginated host field

je n'arrive pas à ajouter des données sur Splunk, voilà le message d'erreur: "Vous n'êtes pas habilité à ajouter des données. Veuillez contacter votre administrateur"

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions