Getting Data In

Thread Info

Is there a way to extract data from Splunk indexer using Infomatica?

Hello, Is there a way to extract data from Splunk indexer using Infomatica? I am trying to read data from Splunk and ...

by Engager in

CSV Headers are listing as events and not extracting into interesting fields .

CSV Headers are listing as events and not extracting into interesting fields . This is the props.conf I'm using H...

by Path Finder in

Why am I getting error "Cannot find item for POST arg_name=..." trying to update inputs.conf (scripted inputs) through setup.xml?

Hi, I'm trying to update update a stanza within inputs.conf so I can change the cron schedule on a scripted input...

by Explorer in

curl in Shell Script run by splunk return empty

I am trying to get data from a third party API so I get splunk to run this very basic script. IP=$(curl -s 'htt...

by Path Finder in

Heavy Forwarder as Indexer and License Usage

Hi colleagues, I've still trying to find an answer to my questions here, but it seems there is nothing helpful to ...

by Explorer in

Are there any libraries which support HEC indexer acknowledgement?

Hi, I have Java program and I want to use HEC indexer acknowledgement to get confirmation that the event has hit t...

by Explorer in

How to dynamically update transforms.conf with cURL?

Hi, I have the following transforms.conf actual configuration (with various User in the regex): [admin filter] ...

by Contributor in

how to check if forwarder is forwarding data?

I want to check if forwarder is forwarding the latest data to indexer.

by Contributor in

Using a .csv as part of a search

New splunk user, trying to get my feet under me. here's the situation; We have a rather large splunk deployment, a...

by New Member in

How to convert "_internal" field "date_zone" to time zone?

I am trying to convert the field "date_zone" reported by our Universal Forwarders (UF) in "index=_internal" from +090...

by Contributor in

How to edit props.conf and transforms.conf to keep specific events and discard the rest?

props.conf [host::192.168.1.20:514] TRANSFORMS-set= setnull,sra transforms.conf [setnull] REGEX = . DEST_KE...

by Builder in

Is it possible to use field transformation at search level?

I want to create a report with search query, Is there any way to use field transformation in it? For example: ...

by New Member in

What is the best practice to manage the same index with the same log paths but in different environments?

I have a clustered Splunk env with an index="myjavaapp". I need to collect the logs from multiple environments - Dev...

by Path Finder in

How to get date and time from this format?

I have date and time in this format, [2010/01/14@08:43:17.561+0100] How to read it correctly into Splunk?

by Observer in

How to write the extract the timestamp from my sample event in props.conf?

How to write the extract the timestamp from the following event in props.conf? Mar 3 15:16:10 servername user:info...

by Explorer in

Is it possible to dedup events before they are indexed?

Using index=ets2 source="my_source" | eval id=_cd."|".index."|".splunk_server | transaction _raw maxspan=1s keep...

by Engager in

scripted input as multiple events

Howdy, I've set up a scripted input for a Windows forwarder using Powershell. The script works and outputs the dat...

by Path Finder in

How to use kvstore to store configurations for correlation across our technology stack?

Hello all! I am struggling to fully understand kvstore and how to get at the data. I am not having any issues populat...

by Builder in

Updated props/transforms don't change the search result

I've updated the props in on a 6.1 server. Checked with btool which claims my configs are acceptable. I've also ch...

by New Member in

DATETIME_CONFIG=NONE DateParserVerbose - Failed to parse timestamp

Hi, I am facing weird issue with timestamp recognition by splunk. Modified timestamp is 2016/11/26 but somehow I see ...

by Explorer in

Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it?

Hi all, So I am trying to specify a rest data input and I think there is a problem specifying a Header property wh...

by Path Finder in

Batch DB input With a column ID

I want to do a Batch DB input because the table in the DB I'm pulling from deletes records instead of marks them with...

by Path Finder in

Why are my Universal Forwarder logs not reaching my Indexer?

I'm troubleshooting why my Splunk Universal Forwarder (UF) logs in Active Directory Forest B are not reaching my Splu...

by New Member in

UAT SPLUNK install - forwarder not forwarding (Could not send data to output queue (parsingQueue), retrying...)

Hi I have set up a UAT Install of SPLUNK on dell178srv. The new SPLUNK is up and running and i can access and use ...

by Influencer in

Stanzas for log file paths in inputs.conf for multiple hosts that don't apply to all hosts

I have 6 different log file paths with many log file names across ~20 hosts in 6 different environments. All log path...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is there a way to extract data from Splunk indexer using Infomatica?

CSV Headers are listing as events and not extracting into interesting fields .

Why am I getting error "Cannot find item for POST arg_name=..." trying to update inputs.conf (scripted inputs) through setup.xml?

curl in Shell Script run by splunk return empty

Heavy Forwarder as Indexer and License Usage

Are there any libraries which support HEC indexer acknowledgement?

How to dynamically update transforms.conf with cURL?

how to check if forwarder is forwarding data?

Using a .csv as part of a search

How to convert "_internal" field "date_zone" to time zone?

How to edit props.conf and transforms.conf to keep specific events and discard the rest?

Is it possible to use field transformation at search level?

What is the best practice to manage the same index with the same log paths but in different environments?

How to get date and time from this format?

How to write the extract the timestamp from my sample event in props.conf?

Is it possible to dedup events before they are indexed?

scripted input as multiple events

How to use kvstore to store configurations for correlation across our technology stack?

Updated props/transforms don't change the search result

DATETIME_CONFIG=NONE DateParserVerbose - Failed to parse timestamp

Data Inputs REST / HTTP Header Properties: How can I specify a value with an "aring" (å) character in it?

Batch DB input With a column ID

Why are my Universal Forwarder logs not reaching my Indexer?

UAT SPLUNK install - forwarder not forwarding (Could not send data to output queue (parsingQueue), retrying...)

Stanzas for log file paths in inputs.conf for multiple hosts that don't apply to all hosts

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions