Getting Data In

Discussions

Thread Info

Problem with XML input

I've got a problem with my XML input. I've tried several settings, but can't seem to find the right ones.. Here's a s...

by Path Finder in

Input data getting source type changed

I used to have a PaloAlto firewall and i had it setup to syslog on ump/5514. I was also running a couple of PaloAlto ...

by Explorer in

how to Generate report for top IP's on monthly basis?

We receive 45-50 millions of data daily from various log sources(servers, network devices, proxy, cloud). we need to ...

by Explorer in

How to add a CSV lookup table - Splunk Light Free eval

How can a CSV based lookup table be added to Splunk Light Free; and are lookup tables supported in Splunk Light Free?...

by Engager in

Multicharacter Event Delimiter

by Contributor in

Where can I get application logs regarding Splunk API?

One of our Web/mobile team is considering an innovation project involving Splunk integration. Basically, better track...

by Explorer in

How to query against Splunk API a saved search without the search Id?

Can someone suggest how to query against Splunk API for a saved search without the Search Id? Basically we have a req...

by Explorer in

2 different fields from different csv.

Hi. can you please help me in making a search command for the below result? "resource name" is a field name of my csv...

by Explorer in

How to import pdf file in Splunk with automated script

Hello All, I have requirement where i need to monitor pdf files and import in splunk for searching. But found t...

by Communicator in

Why are my Scripted Input XML events truncated to 4 lines?

I have scripted input that's calling a simple rest service to get a list of messages. No matter what settings I put i...

by Explorer in

How to parse Microsoft-Windows-TaskScheduler/Operational logs?

Can someone help me out with a regular expression to parse Microsoft-Windows-TaskScheduler/Operational logs? I don't ...

by Explorer in

How to edit my AMI of Splunk's inputs.conf to allow TLS connections?

I am inexperienced with both Splunk and AWS, so keep that in mind.  I wish to edit my AMI of Splunk Enterprise's inp...

by New Member in

How to update input on Universal Forwarder using deployment server

Presently, I configured a deployment server - the deploymentclient.conf is present on each server - Should be possibl...

by Path Finder in

How to edit my transforms.conf in order to set the sourcetype for each syslog being forwarded?

Hello, I have a customer sending three different kind of logs via syslog. I am pulling the logs off of a network f...

by Path Finder in

Add / Remove desired indexes in / from the search

I'm using this search => index=_internal source="*license_usage.log" type=usage idx="f*" | eval MB = round(b/1048...

by Explorer in

Why is the retention policy not working on certain indexes (to delete indexed data that are older then 1 year)?

Hi All, Currently we facing a storage issue in one of the indexer instances, though the retention policy has set for ...

by Motivator in

AIX上のUFを起動するとSplunkWebサービスが起動できない旨のメッセージが表示される

AIX上にあるUFを起動すると下記のエラーメッセージが splunkd.logに出力されます。 WARN DC:DeploymentClient - Restarting Splunkd... WARN Restarter -...

by Communicator in

Why is "machineTypesFilter" not pushing to both Windows apps?

I've got an odd issues where my Linux clients are getting the 'forward logs' app, but my Windows ones are not. My Win...

by Path Finder in

How to resolve error "SRC did not 'startsrc splunkweb' on our behalf: exit code=1" when restarting a 6.0.13 universal forwarder on AIX?

My Splunk Deploy Server is CentOS 6.7 The UF, Splunk Universal Forwarder 6.0.13 running on server, AIX 7.1. If ...

by Splunk Employee in

How to configure a Splunk forwarder for a network switch/router?

Hello Team: We would like to capture the network traffic data at a network switch/router level and then we want to...

by New Member in

Hide Radio Input in Dashboard

Does anyone know how to hide a radio input in a Dashboard? We have a regex calculation that we've assigned to a radio...

by Path Finder in

How do you enable debug logging for scripted input

I am trying to debug a scripted input that isn't running when it should and I want to enable debug logging. When I lo...

by Communicator in

How to log REST API calls?

Hi, I am trying to debug Splunk REST API calls and need verbose logging of life cycle of that transaction on serve...

by Explorer in

How to properly parse my JSON input?

Hi, I have a JSON input file, and am having two issues. First, I can't seem to get the timestamp to map appropriat...

by Champion in

Is it possible to configure Splunk to show the filename only and not the contents of the file we're monitoring?

In the Splunk deployment we have, I'm using the Splunk universal forwarder to monitor changes to a folder, specifical...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Problem with XML input

Input data getting source type changed

how to Generate report for top IP's on monthly basis?

How to add a CSV lookup table - Splunk Light Free eval

Multicharacter Event Delimiter

Where can I get application logs regarding Splunk API?

How to query against Splunk API a saved search without the search Id?

2 different fields from different csv.

How to import pdf file in Splunk with automated script

Why are my Scripted Input XML events truncated to 4 lines?

How to parse Microsoft-Windows-TaskScheduler/Operational logs?

How to edit my AMI of Splunk's inputs.conf to allow TLS connections?

How to update input on Universal Forwarder using deployment server

How to edit my transforms.conf in order to set the sourcetype for each syslog being forwarded?

Add / Remove desired indexes in / from the search

Why is the retention policy not working on certain indexes (to delete indexed data that are older then 1 year)?

AIX上のUFを起動するとSplunkWebサービスが起動できない旨のメッセージが表示される

Why is "machineTypesFilter" not pushing to both Windows apps?

How to resolve error "SRC did not 'startsrc splunkweb' on our behalf: exit code=1" when restarting a 6.0.13 universal forwarder on AIX?

How to configure a Splunk forwarder for a network switch/router?

Hide Radio Input in Dashboard

How do you enable debug logging for scripted input

How to log REST API calls?

How to properly parse my JSON input?

Is it possible to configure Splunk to show the filename only and not the contents of the file we're monitoring?

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

Issue with my search query

we have daily ingestion of 7 TB but how do i know ...

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions