Getting Data In

Discussions

Thread Info

In trying to deploy Splunk Enterprise from the Azure marketplace and getting "DeploymentNotFound"

I am trying to deploy Splunk Enterprise via the Azure Marketplace and I get the below error. Deployment 'splunk.splun...

by New Member in

Powershell3 invoke-restmethod errors

I'm trying to call the Rest API using the new cmdlet, invoke-restmethod, and I'm experiencing odd connectivity errors...

by New Member in

Splunk REST API endpoint to confirm password?

Building a .NET app that will access Splunk via REST API. App will prompt for password to use for admin access. Is th...

by Contributor in

how to not index log lines that have these 2 phrases in them?

Looking to get the correct regex statement for my transforms.conf to select both the "(vert.x-eventloop-thread-4)" an...

by Path Finder in

How to edit my props.conf to extract a timestamp in the middle of a log?

I have a log file where i need to do a Timestamp extraction which is in the middle of the log.... somehow it's cap...

by Builder in

cross files csv as to as rechercheV in excel

hello every body, my question is: If i have 2 csv files in Splunk One with the list of servers The other antivirus...

by New Member in

How to delete a index permanantly in clustered environment?

HI, If I remove the index stanza in indexes.conf and deploy it indexers will it remove the index? OR is there any...

by Builder in

change the owner of a saved search via REST

Hi there, I just want to change the attribut "owner" (within eai:acl) of a saved search via REST. Is this feasible...

by Contributor in

Is it possible to selectively line merge syslog-ng truncated events?

I have a syslog server receiving and filtering into files and then forwarding data to my indexers. One source uses ud...

by Communicator in

Using DELIMS with a string instead of single character

Hi, I'm forwarding from an proxy logs using NX-log and nxlog is using string "#011" to separate fields, like that:...

by New Member in

Problem with CDR Phone Data

Hello Everybody, I have a big Problem with customers phone data (cdr´s)... One phone-call has multiple events: ...

by Explorer in

Need to schedule IO wait alerts on Splunk

Our Splunk infrastructure is on Azure and recently we face a major issue where I/O wait time was high and so indexing...

by Path Finder in

Splunk HEC Integration. Where to enable? Deployment Server or Log Server?

Hello, Here's our Splunk setup: 3 Indexers (not clustered) 1 Search Head/Deployment Server 1 Log Server (acts l...

by Builder in

I am trying to remove all the special characters in the field and replace them with space character using sed mode in rex command.

First I tried to search for chars which aren't alphanumeric and replace them with space character. source="Regex.zip:...

by Engager in

Filter data and Extract field before indexed

To avoid over index usage, I want to filter before it indexed and I also want extract field before indexed as well. A...

by New Member in

How to forward the event of a specific index on the heavy forwarder to the specified index of another indexer?

I have a separate Splunk Enterprise instance, The 9997 port has been enabled to receive events from each host and set...

by Communicator in

setting stopacceptorafterqblock attribute in inputs.conf

Hi All, We are running into serious issue with Forwarder settings. Please help Forwarder was working fine when the s...

by Communicator in

How to edit inputs.conf to blacklist an eventcode?

I have the following inputs.conf stanza: [WinEventLog://Security]  disabled=0  current_only=1  blackli...

by New Member in

Splunk closing TCP port 9997 (forwarder port)

I upgraded to 4.3.3 on an indexer that never had any problems before this point in time and now the indexer is droppi...

by Path Finder in

Is it possible for a universal forwarder to inject additional data into existing log stream?

I have several universal forwarders (UF) monitoring files on both Windows and Linux endpoints. I would like to "injec...

by Engager in

Is there a way to configure the Universal Forwarder to prevent duplicate events due to a log file that regenerates?

I am using the universal forwarder to index a log file that regenerates every time that a new row is added. In other ...

by New Member in

Forcepoint Proxy syslogs - Parsing questions

we're getting the syslogs exports from our Forcepoint appliances, using their standardised SIEM integration. The form...

by Path Finder in

How to write a monitor stanza in inputs.conf to monitor a file in splunk ?

Hi All, Can anyone guide us on how to create an input stanza to monitor a files through splunk. Need to monitor logs ...

by Motivator in

How to exclude logs ingesting during index time

In our IIS logs, we are getting thousands of lines like below which is of no use in ingesting into Splunk. So want to...

by Path Finder in

Universal Forwarder and forward-compatibility

In our zest to upgrade our Universal Forwarders (UF) , we have seemed to inadvertently upgrade to a version newer tha...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

In trying to deploy Splunk Enterprise from the Azure marketplace and getting "DeploymentNotFound"

Powershell3 invoke-restmethod errors

Splunk REST API endpoint to confirm password?

how to not index log lines that have these 2 phrases in them?

How to edit my props.conf to extract a timestamp in the middle of a log?

cross files csv as to as rechercheV in excel

How to delete a index permanantly in clustered environment?

change the owner of a saved search via REST

Is it possible to selectively line merge syslog-ng truncated events?

Using DELIMS with a string instead of single character

Problem with CDR Phone Data

Need to schedule IO wait alerts on Splunk

Splunk HEC Integration. Where to enable? Deployment Server or Log Server?

I am trying to remove all the special characters in the field and replace them with space character using sed mode in rex command.

Filter data and Extract field before indexed

How to forward the event of a specific index on the heavy forwarder to the specified index of another indexer?

setting stopacceptorafterqblock attribute in inputs.conf

How to edit inputs.conf to blacklist an eventcode?

Splunk closing TCP port 9997 (forwarder port)

Is it possible for a universal forwarder to inject additional data into existing log stream?

Is there a way to configure the Universal Forwarder to prevent duplicate events due to a log file that regenerates?

Forcepoint Proxy syslogs - Parsing questions

How to write a monitor stanza in inputs.conf to monitor a file in splunk ?

How to exclude logs ingesting during index time

Universal Forwarder and forward-compatibility

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions