Getting Data In

Thread Info

maxHotSpanSecs not rolling hot buckets

I use "maxHotSpanSecs" to cut the size of each bucket received. Only join "maxHotSpanSecs = 2592000" (30d) in test of...

by New Member in

where to add my props.conf for new sourcetype - created using preview

I want to push out a props .conf file to monitor a file which resides on two machines with forwarders deployed. my...

by Path Finder in

How to add a forwarder manager server to a dev-testing stand-alone instance of splunk?

I have a stand-alone Dev instance of splunk running on Linux. It works great for testing. But now I have to do some t...

by Contributor in

Why is my timestamp not being recognized...

Hi, I have the following data coming in: 10009 SYSTEM 03/05/17 11:12:44 Info Message Partner MQCACTUSOUT, Sessi...

by Champion in

Calculate percentage increase/decrease of indexing volume compared to average indexing volume

I want to trigger an alert if there is 50% increase/decrease of today's indexing volume versus average indexing volum...

by Path Finder in

How to troubleshoot why a file in monitored folder is not being indexed in Splunk Light Free 6.3.0?

Hi, I’ve been using Splunk Light Free Version 6.3.0 for about a month on Mac OS X, and it’s been working well, mon...

by Explorer in

Route event data to different target groups issue

Hi Splunkers, here are my 3 configuration files transforms,props,outputs /// props.conf [host:firstClient] TRANSFO...

by New Member in

In my current batch stanza in inputs.conf, why is the file indexed twice?

My inputs.conf is as follow: [batch://C:\Splunk\2.txt] index = netiq move_policy = sinkhole sourcetype = shinsei_d...

by Path Finder in

How to assign timestamp for an event from two different fields

I have an event like "abcabcabc....abc..timestamp:-2017-05-05T*08:08:08.987.....abc...abc.....date:-2017-05-03*......

by Contributor in

Error on Splunk Universal Forwarder Upgrade

Hi everyone, When we upgrade agent (6.0.2 to 6.0.3) we have a WIndows error : "1901 Error attempting to read from the...

by Explorer in

How to develop a regular expression that will blacklist my log paths in inputs.conf?

Below is my monitoring path [monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01] I want to blackl...

by Path Finder in

How can I create a search via the REST API in a specific app?

I am trying to perform a search to modify a lookup csv via the REST API. The simple search |inputlookup filename....

by Engager in

CSV file ingestion not respecting column headings

I'm trying to monitor a CSV file (via a UF) with column headings included in the file. I want the column headings to ...

by Path Finder in

Transforms field/value extract not fully working

I have a log that has multiple fields and values and each event has a different set of fields and values. To handle t...

by Explorer in

Why is there no data in my summary index?

I built a splunk cluster. I created a lot of alerts on the main search server, some alerts I enabled the summary inde...

by Communicator in

Is there a way to write a script to download the latest Splunk version?

All, I see there is a "got wget" option on the download page for Splunk, which is great, but that hardcodes me to...

by Builder in

Indexes appear in usage report but not in indexes.conf or on indexer

I just inherited a stand alone splunk instance and when I run the usage report by indexes, I see a couple of indexes ...

by Path Finder in

TimeZone issue

I am having issue with some ironport logs with Time zone. The logs are coming in as UTC "2017-05-04T16:05:40+00:00" b...

by New Member in

Batch input for Windows preventing new file creation

We want to set up a process that writes an application log to a batch input where Splunk will ingest the file and the...

by Communicator in

How to rename host field value based on event data?

I have a Linux server that ingests pre-cooked log files. Each line of the log file begins with the host that the log ...

by Communicator in

LDAP by SSL using WIndows 2012R2 cannot connect to Active Directory server

Trying to use LDAP with SSL and running into issue 'Can't contact LDAP server'. Looked on Splunk Answers and saw simi...

by Explorer in

Parse JSON series data into a chart

I'm trying to parse the following JSON data into a timechart "by label". The "data" section is a timestamp and a valu...

by Explorer in

What happened if universal forwarder is pointed to a new Deployment server?

Hello, Situation: - Universal forwarder pointed to a temp Deployment server - Two applications are deployed on the...

by Explorer in

Search query to check 50-100 forwarders phoning home status from thousands of forwarders.

Hi, We have thousands of forwarders installed. Our requirement is to check status of only 50-100 forwarders from t...

by Explorer in

SPlunk API

How grant required access & end point information for accessing the Splunk API? Please help us how we can grant ac...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

maxHotSpanSecs not rolling hot buckets

where to add my props.conf for new sourcetype - created using preview

How to add a forwarder manager server to a dev-testing stand-alone instance of splunk?

Why is my timestamp not being recognized...

Calculate percentage increase/decrease of indexing volume compared to average indexing volume

How to troubleshoot why a file in monitored folder is not being indexed in Splunk Light Free 6.3.0?

Route event data to different target groups issue

In my current batch stanza in inputs.conf, why is the file indexed twice?

How to assign timestamp for an event from two different fields

Error on Splunk Universal Forwarder Upgrade

How to develop a regular expression that will blacklist my log paths in inputs.conf?

How can I create a search via the REST API in a specific app?

CSV file ingestion not respecting column headings

Transforms field/value extract not fully working

Why is there no data in my summary index?

Is there a way to write a script to download the latest Splunk version?

Indexes appear in usage report but not in indexes.conf or on indexer

TimeZone issue

Batch input for Windows preventing new file creation

How to rename host field value based on event data?

LDAP by SSL using WIndows 2012R2 cannot connect to Active Directory server

Parse JSON series data into a chart

What happened if universal forwarder is pointed to a new Deployment server?

Search query to check 50-100 forwarders phoning home status from thousands of forwarders.

SPlunk API

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions