Getting Data In

Thread Info

Sending two inputs from One universal forwarder to Two different Indexers (not load balancing)

I have a universal forwarder with two different apps installed, App A and App B. The inputs for App A need to be sent...

by Motivator in

How to index only part of a html log file?

Hi, i have situation to index a log file which is actually a html file. This is an access log. This looks complex to ...

by Loves-to-Learn Lots in

9998 port to open

Port on the server and the network seems open for 9998 port for indexers to receive data but only 1 out of the 3 inde...

by Path Finder in

Why is universal forwarder connection failing and getting "Socket error from x.x.x.x while idling: error: ...SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol."?

I cannot get Splunk enterprise to work. I am using the free version (6.x), and I have an all Linux environment. It is...

by New Member in

How to parse Radius log files into splunk? What the configuration required for props and transforms

Following is the Radius log file format that i have got. Now i need only few of the fields from each instance. Also y...

by Communicator in

Why is my props.conf configuration no longer working on my French timestamp and FileZilla server logs?

Hello guys, I have a problem with French logs so I tried to create props.conf and deploy it : [fzs] TIME_PREFIX...

by Motivator in

How do I set up a Splunk Cloud Trial (Sandbox) Forwarder?

I've noticed customers having problems with the current 6.2.1 Online Sandboxes. As of last month, the UI has changed ...

by Splunk Employee in

Cannot See Universal Forwarder from Splunk Enterprise

Hello, I have installed splunk enterprise in a windows environment. I have installed Universal Forwarder on a sepa...

by New Member in

Why do I receive "insufficient permission to access this resource " error while to upload a CSV file?

All I am trying to do is to upload .csv file. When I select the default source type and click on "save as" and give i...

by Path Finder in

how to add header field to an inputlookup CSV without header

Hi guys, I am wondering if it is possible to add a header field to search result if the CSV source doesn't have a hea...

by Explorer in

Why is my HTTP Event Collector curl successful, but it returns no data in Splunk?

Hello, I am testing a simple HTTP Event Collector input: $ curl -k "https://localhost:8088/services/collector" ...

by Communicator in

How to rename the sourcetype name after data has been indexed?

Hi, I created an index for one log file in Splunk indexer with sourcetype = _json, but I would like to see the sou...

by Explorer in

3rd-party syslog server recieved the strange messages from UF..

I configured universal forwarder to transfer raw data to Splunk indexer and 3rd-party syslog server by following conf...

by Contributor in

how to sedcmd??

In the form of logs is as follows SNMPv2-SMI::mib-"2.2.1.2.1" = "lo" SNMPv2-SMI::mib-"2.2.1.2.2" = "eth0" SNMPv2-S...

by New Member in

We are trying to make a REST input and the result is XML data but it has no schema.

We are trying to make a REST input and the result is XML data but it has no schema. The Source we are using is the Pa...

by Explorer in

Routing problem with props and transforms

Hi, I am having trouble for routing the logs to separate index using props and transforms. With the below code on ...

by Path Finder in

Why can't I generate KV pairs from nested field?

Here is a single record Feb 9 12:17:35 dev-test USERstrng[Rule Hits Digest][2017-02-09T12:05:00-07:00,2017-02-09T...

by Explorer in

Change host at index time

I have a mixture of Wintel and *nix hosts that send logs via the UF, the UF is deployed globally by third parties so ...

by Engager in

How to extract fields from a JSON?

Hello everybody, I have the next event registered in my splunk: Fri Mar 31 11:05:18 COT 2017 name=amqp_msg_rece...

by New Member in

How to avoid exceeding daily limit when monitoring directory?

I want to monitor a directory that already has many gbs of data (historical data). New data is added to that director...

by Builder in

Is there a REST API to remove missing forwarders?

I have already found documentation on updating the "DMC Forwarder - Build Asset Table" with a post as referenced here...

by Engager in

Splunk Universal Forwarder, 8089 management port SSL certificate expired

As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded. The SSL certificate use...

by Path Finder in

Unable to get data from ASA

Hi, I am on an ASA 9.1 release, splunk 6.5.2, Splunk _TA_cisco-asa 3.2.6 I have configured the ASA syslog to se...

by New Member in

Is there a way to get a complete list of all deployment clients via the REST API in Splunk 6.1.3?

When running the following I only get 30 deployment clients on Splunk 6.1.3 https://deploymentserver:8089/services...

by Path Finder in

Add meta data to events from log correlation

Hi! We're pushing data into splunk over syslog port 1514. Different subsystems report different types of data. One...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Sending two inputs from One universal forwarder to Two different Indexers (not load balancing)

How to index only part of a html log file?

9998 port to open

Why is universal forwarder connection failing and getting "Socket error from x.x.x.x while idling: error: ...SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol."?

How to parse Radius log files into splunk? What the configuration required for props and transforms

Why is my props.conf configuration no longer working on my French timestamp and FileZilla server logs?

How do I set up a Splunk Cloud Trial (Sandbox) Forwarder?

Cannot See Universal Forwarder from Splunk Enterprise

Why do I receive "insufficient permission to access this resource " error while to upload a CSV file?

how to add header field to an inputlookup CSV without header

Why is my HTTP Event Collector curl successful, but it returns no data in Splunk?

How to rename the sourcetype name after data has been indexed?

3rd-party syslog server recieved the strange messages from UF..

how to sedcmd??

We are trying to make a REST input and the result is XML data but it has no schema.

Routing problem with props and transforms

Why can't I generate KV pairs from nested field?

Change host at index time

How to extract fields from a JSON?

How to avoid exceeding daily limit when monitoring directory?

Is there a REST API to remove missing forwarders?

Splunk Universal Forwarder, 8089 management port SSL certificate expired

Unable to get data from ASA

Is there a way to get a complete list of all deployment clients via the REST API in Splunk 6.1.3?

Add meta data to events from log correlation

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions