Getting Data In

Discussions

Thread Info

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

I'm running error script on a bunch of AIX servers but have encountered the "SOFTWARE PROGRAM ERROR" on few of the se...

by Contributor in

How can I learn to use PowerShell in Splunk?

I am new to PowerShell and Splunk. I want to learn PowerShell in Splunk, so how can i? Where can I find PowerShell in...

by Engager in

How to make multivalue fields parse in props.conf and transforms.conf?

So I've gotten stuck trying to get multivalue field working. I have, in general, two type of events. The first:...

by Builder in

How can I increase the output count limit for the command.script component?

Hi, I have a search that is using the "script" command but this search is exceeding a limit as you can see: ...

by Contributor in

Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error?

Hi, Splunk forwarder crashed few times in the last two days after onboarding few new customers. Please find bel...

by Explorer in

How to receive data from forwarders in the trial version of Splunk installed on my personal laptop?

How to receive data from forwarders in a Splunk trial/free version instance installed on my personal laptop?

by Path Finder in

How to stop the master node from indexing data ?

Hi, I have an indexer cluster composed of 2 indexers with a master node. I have seen that my master node is actua...

by Explorer in

How does licensing work for a Splunk Heavy Forwarder and Indexer?

Hi, Need a little insight on how licensing for a Heavy forwarder works: We are planning a solution for Client w...

by New Member in

Why is setting up INFO Logging entries from custom modular inputs showing up as ERROR in splunkd?

Hi All, So following the instructions here https://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModInput...

by Builder in

Why am I unable to see the resource usage of my indexers via the DMC?

I am running 6.3.1 on my search head and 6.3.1 on my 3 indexers. I can see the on the resource usage per instance the...

by Explorer in

Receiving JSON files from Azure containing multiple events in each file. How do I break these into unique events?

I am pulling in JSON files into Splunk from Microsoft Azure. Each JSON files contains multiple events and time stamps...

by New Member in

Why am unable to uninstall Splunk universal forwarder?

When i try to uninstall Splunk universal forwarder from remove programs, i get this following error splunk the mi...

by New Member in

How to parse json which makes up part of the event

Hello, We have some json being logged via log4j so part of the event is json, part is not. The log4j portion has t...

by Explorer in

Can we write UDP or TCP streams directly to indexer ports rather than using a Universal Forwarder in between?

by Contributor in

How to deploy scripted inputs on different OS architectures?

I have two scripted inputs, one bash script for Linux and one batch script for Windows. Both scripts are written to r...

by Communicator in

How to resolve when a C# HttpWebRequest to REST API is not working?

Hey there, trying to use C# WebRequest class to send a simple search (via POST to get the sid then GET to get the res...

by Explorer in

How to make sure all servers checking in with the deployment server use FQDN?

I've noticed that among all of the universal forwarders checking in with my deployment server, there is no consistenc...

by Path Finder in

Is there a way to only forward certain log events?

Hi, Is there a way of only sending certain events from a log file via a forwarder? E.g. our log files contain a...

by Engager in

How to make the deployment server manage all Universal Forwarders' server.conf account for system unique fields like "sslKeysfilePassword ” and “pass4SymmKey”?

The goal is to have the deployment server manage server.conf on all Universal Forwarders, like it does with inputs/ou...

by Path Finder in

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Hi, Can we upgrade SH version of 6.1.2 to 6.5 while we are planning to continue other components (Indexer,Deployer...

by Path Finder in

Is it possible to configure HTTP Event Collector in a custom app?

Is it possible to configure HTTP Event Collector in a custom app, that is to say, not in the splunk_httpinput applica...

by Engager in

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

Hi All; Noticed something very interesting and I don't seem to find the smoking gun. Today I was alerted by one of...

by Builder in

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

Hi, I have an application (Spring XML Application) which needs to read data from Splunk and convert it into CSV fo...

by New Member in

How to use Splunk to access an email client and index the details in CSV attachments?

Hi, I need to access an email client (Gmail or Outlook) and index the details in the CSV attachments. Any sugge...

by Explorer in

How to ignore internal indexes when searching?

Hello, | rest /services/data/indexes-extended | eval bd_home_event_min_time=strftime('bucket_dirs.home.event_min_t...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

How can I learn to use PowerShell in Splunk?

How to make multivalue fields parse in props.conf and transforms.conf?

How can I increase the output count limit for the command.script component?

Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error?

How to receive data from forwarders in the trial version of Splunk installed on my personal laptop?

How to stop the master node from indexing data ?

How does licensing work for a Splunk Heavy Forwarder and Indexer?

Why is setting up INFO Logging entries from custom modular inputs showing up as ERROR in splunkd?

Why am I unable to see the resource usage of my indexers via the DMC?

Receiving JSON files from Azure containing multiple events in each file. How do I break these into unique events?

Why am unable to uninstall Splunk universal forwarder?

How to parse json which makes up part of the event

Can we write UDP or TCP streams directly to indexer ports rather than using a Universal Forwarder in between?

How to deploy scripted inputs on different OS architectures?

How to resolve when a C# HttpWebRequest to REST API is not working?

How to make sure all servers checking in with the deployment server use FQDN?

Is there a way to only forward certain log events?

How to make the deployment server manage all Universal Forwarders' server.conf account for system unique fields like "sslKeysfilePassword ” and “pass4SymmKey”?

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Is it possible to configure HTTP Event Collector in a custom app?

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

How to use Splunk to access an email client and index the details in CSV attachments?

How to ignore internal indexes when searching?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures