Getting Data In

Thread Info

How to make the deployment server manage all Universal Forwarders' server.conf account for system unique fields like "sslKeysfilePassword ” and “pass4SymmKey”?

The goal is to have the deployment server manage server.conf on all Universal Forwarders, like it does with inputs/ou...

by Path Finder in

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Hi, Can we upgrade SH version of 6.1.2 to 6.5 while we are planning to continue other components (Indexer,Deployer...

by Path Finder in

Is it possible to configure HTTP Event Collector in a custom app?

Is it possible to configure HTTP Event Collector in a custom app, that is to say, not in the splunk_httpinput applica...

by Engager in

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

Hi All; Noticed something very interesting and I don't seem to find the smoking gun. Today I was alerted by one of...

by Builder in

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

Hi, I have an application (Spring XML Application) which needs to read data from Splunk and convert it into CSV fo...

by New Member in

How to use Splunk to access an email client and index the details in CSV attachments?

Hi, I need to access an email client (Gmail or Outlook) and index the details in the CSV attachments. Any sugge...

by Explorer in

How to ignore internal indexes when searching?

Hello, | rest /services/data/indexes-extended | eval bd_home_event_min_time=strftime('bucket_dirs.home.event_min_t...

by Motivator in

How can we have a slider as an input option in a panel of a dashboard?

I want to create a panel that will take input from a dropdown and also the slider (just like we have one in a shoppin...

by Path Finder in

How to parse the format of Windows Event Log, in order to forward these logs to syslog server?

Hi , For some reason , I must forward the Windows Event Log to our syslog server. I configured the indexer server a...

by Path Finder in

Can I run queries having "search" keyword through Splunk REST API?

I have a query which uses "subsearch", so it has a search keyword within the query. I get results when I run this que...

by New Member in

setup.xml to modify/create an entry in app.conf (or anywhere else)

Hi, I've been trying to make a basic setup.xml that can create a stanza and config that I can access from a script...

by Builder in

How can I create a filter to capture certain events from security logs?

Hi All, I'm a newbie to the Splunk world and trying to figure out a couple things. I currently have Splunk Light i...

by New Member in

Query on accessing Hadoop data in Splunk using "Splunk App for HadoopOps"

Hi, We have a Hadoop cluster where in we are storing data. We have downloaded Splunk enterprise and the Splunk App...

by Communicator in

What is the best architecture setup to handle multiple log sources and apply all data to specific field headers?

Hello - as you may see by my account status, I'm a complete newbie to Splunk. I apologize for any confusion or use...

by New Member in

Filter the data using props.conf and transforms.conf

here i want to filter the data which is after Key Length =0 before indexing to SPLUNK CLOUD through Heavy Forwarder. ...

by Explorer in

Keeping Host data when using Heavy Forwarder

We have recently moved from having an internal hosted Splunk setup to Splunk Cloud. Before the move to the Cloud all ...

by Engager in

Monitoring Novell eDirectory events with Splunk

Has anyone used Splunk to monitor Novell eDirectory events? I need to know if there is a solution out there to replac...

by Splunk Employee in

Try to use transforms.conf

Hi, we try around with Splunk (first contact). We to prof what we can log from HDS Storages. System report via ...

by New Member in

UF in Linux how to configure

Dear Friends. But I have some doughs I installed the UF in Centos and followed this cmd. 1: /Command: /opt/splunkf...

by Explorer in

DMC alert for Disk usage

HI All, We are receiving false alert in the DMC and checked the search it running following rest search . In that ...

by Contributor in

Why is the Splunk universal forwarder not pushing data to indexer?

I recently upgraded a workstation to Win10 Enterprise. I installed the Splunk universal forwarder, however I am not c...

by New Member in

Advice for setting up a Splunk production environment

We are setting up a production Splunk environment on Linux VM's (RHEL7). I'm not exactly a "server guy" so learning o...

by New Member in

Splunk REST API without SSL (i.e HTTP only)

Hi, I'm trying to use Splunk REST API, using standard HTTP request (not HTTPS). When trying to connect to port 808...

by Engager in

Why does attempting to install the Universal Forwarder on Windows via CLI fail?

I'm trying to perform a simple command line install for Windows Universal Forwarder (UF) and can't seem to get the in...

by SplunkTrust in

We are getting an error when trying to create a search job using the REST API ?

Hi All, Could you please guide us in getting this issue resolved, currently one of the developer is trying to create ...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to make the deployment server manage all Universal Forwarders' server.conf account for system unique fields like "sslKeysfilePassword ” and “pass4SymmKey”?

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Is it possible to configure HTTP Event Collector in a custom app?

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

How to use Splunk to access an email client and index the details in CSV attachments?

How to ignore internal indexes when searching?

How can we have a slider as an input option in a panel of a dashboard?

How to parse the format of Windows Event Log, in order to forward these logs to syslog server?

Can I run queries having "search" keyword through Splunk REST API?

setup.xml to modify/create an entry in app.conf (or anywhere else)

How can I create a filter to capture certain events from security logs?

Query on accessing Hadoop data in Splunk using "Splunk App for HadoopOps"

What is the best architecture setup to handle multiple log sources and apply all data to specific field headers?

Filter the data using props.conf and transforms.conf

Keeping Host data when using Heavy Forwarder

Monitoring Novell eDirectory events with Splunk

Try to use transforms.conf

UF in Linux how to configure

DMC alert for Disk usage

Why is the Splunk universal forwarder not pushing data to indexer?

Advice for setting up a Splunk production environment

Splunk REST API without SSL (i.e HTTP only)

Why does attempting to install the Universal Forwarder on Windows via CLI fail?

We are getting an error when trying to create a search job using the REST API ?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions