Getting Data In

Ask a Question

Discussions

Thread Info

Filtering on keywords with exceptions

Hi, I am trying to figure out if there is an easy way to filter based on a word and its negative-form. For example...

by New Member in

How to index data using Rest API in splunk?

HI I have a below curl command, What is the best way to ingest data into Splunk? curl -u "abc:123" -H "X-Requested...

by Builder in

Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

How would I resolve an issue like this? There appears to be ample disk space on the server hosting the Splunk install...

by Engager in

How to filter out Windows Event Logs that have passwords sent in cleartext?

Hello Splunkers, In my environment, we currently send C:\windows\system32\winevt\Logs*.evtx on our windows servers...

by Path Finder in

True-Client-IP=[12.34.56.78]

All, I have some header information coming through like so True-Client-IP=[12.34.56.78] I'd like to correct th...

by Builder in

Received fatal SSL3 alert

I am unable to connect to my Indexer ClusterMaster on Cloud on Port 8000. On checking splunkd.log, i can observe ...

by Builder in

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Running 6.5.0. Attempting to use a Heavy Forwarder to forward a subset of cisco:ASA events to Splunk indexers, wh...

by Engager in

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

I have a Universal Forwarder (UF) that I'd like to send out both compressed and uncompressed data streams to a single...

by New Member in

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

Hi, I used to periodically query the REST API using the search app in Splunk Web, something like so: | rest /se...

by Path Finder in

I cannot get splunk to ingest my csv files!

I have some csv files that have 30+ columns and I cannot get splunk to ingest them. I keep getting crc errors. I've t...

by Builder in

Index holding data

Hi Team, We wanted to keep one year data in splunk for few of the indexes in our environment, we understand that w...

by Contributor in

How to sync csv file with splunk and how to update splunk automatically when there is change in csv file ?

csv file should be synced with splunk so that next time I changed the data in csv file, it should reflect automatical...

by New Member in

Moving splunk from one directory to another in Windows

We have several servers where the Universal Forwarder has been installed to the wrong drive/directory. During our upg...

by Contributor in

The exported csv file of the Splunk results is not aligned

Hi, I have exported my search results into a csv file using Export button. The output result contains a list of Email...

by Explorer in

splunk extract incorrect time

Hi,everyone. My raw log is like this: 2017-05-22 01:00:01 dst:100.100.100.2 src:118.32.120.110 port:60046 count:6 ...

by Communicator in

How to ensure logs generated during Universal Forwarder upgrade are not lost or duplicated?

We are about to upgrade several hundred Universal Forwarders (UF) in our environment. We want to make sure that any l...

by Contributor in

need help in writing time prefix and time format

Hello All i have events like this: hn:keng01-dev01-ins01-rpt31.int.dev.mykronos.com|pid:3161|prod:iHub|****4145...

by Path Finder in

Indexing compressed vs raw logs

Hello, Say for example a five 50MB sample.log.gz (250MB) and if decompressed, it becomes five 600MB (3GB) sample.l...

by Builder in

What is the ideal Splunk setup for log monitoring of different inputs?

How to determine if Splunk needs to be scaled horizontally or vertically? For logs up to 5GB from different inputs, w...

by New Member in

How to enable REST endpoints so that users can use other tools to grab data from Splunk?

How to enable REST endpoints so that users can use other tools to grab data from Splunk? Port 8089 is already opened....

by Path Finder in

How to collect FTP and SFTP activity on servers via Splunk?

We would like to gather information on inbound and outbound ftp and secure ftp connections made to our servers from w...

by New Member in

Proper way to blacklist .gz files in inputs.conf?

According to the documentation, it is this: [monitor:///mnt/logs] blacklist = .gz$ However, I've tried...

by Builder in

how does time synchronization work between forwarder and indexer?

Hi we have hosts sending logs to indexer using universal forwarders. The hosts are spread across different time zones...

by Loves-to-Learn Lots in

how to handle thousands of events with the same timestamp...

Hi, I have a feed that collects snmp performance stats every 5 minutes. I am parsing this logfile with a heavy for...

by Champion in

Can't delete Events

Hello, we got some Events, which we need to clean up. So we need to wipe them: $HOME/bin/splunk search 'index=i...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Filtering on keywords with exceptions

How to index data using Rest API in splunk?

Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

How to filter out Windows Event Logs that have passwords sent in cleartext?

True-Client-IP=[12.34.56.78]

Received fatal SSL3 alert

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

I cannot get splunk to ingest my csv files!

Index holding data

How to sync csv file with splunk and how to update splunk automatically when there is change in csv file ?

Moving splunk from one directory to another in Windows

The exported csv file of the Splunk results is not aligned

splunk extract incorrect time

How to ensure logs generated during Universal Forwarder upgrade are not lost or duplicated?

need help in writing time prefix and time format

Indexing compressed vs raw logs

What is the ideal Splunk setup for log monitoring of different inputs?

How to enable REST endpoints so that users can use other tools to grab data from Splunk?

How to collect FTP and SFTP activity on servers via Splunk?

Proper way to blacklist .gz files in inputs.conf?

how does time synchronization work between forwarder and indexer?

how to handle thousands of events with the same timestamp...

Can't delete Events

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions