Getting Data In

Discussions

Thread Info

Why does importing CSV files from a server directory using transforms.conf results in random month being inserted into event time?

I am monitoring a directory on the search head server that contains a group of CSV's that are being imported into Spl...

by Explorer in

Why does a single, short json file create multiple events in Splunk?

I have short json files that I am uploading via Splunk Forwarder, but when they go into my index, they are always 2 e...

by Path Finder in

Best practice for forwarding data into Splunk through an intermediate forwarder

I am seeking the best practice option to send data to my Splunk instance through an intermediate forwarder with empha...

by Contributor in

add log files to index

I am new in using splunk. can anyone tell me how to add log files to splunk enterprise?

by Path Finder in

what happens if two outputs.conf files were sent to a host using the splunkforwarder ?

A host was already sending data using an outputs.conf file . Another outputs.conf was added with out knowing which is...

by Builder in

splunk heavy forwarder 500 internal server error when login

Hello, when I try to login to splunk heavy forwarder through UI to install splunk apps, I am getting "500 Internal...

by Communicator in

Why are my multi-line events getting broken in the middle of a string?

I have a log that contains multi-line events, some events contain java stack traces. Here is an example log: INFO ...

by New Member in

HTTP Event Collector not working after update

Hello, We have recently set up a Splunk instance and I configured an HTTP Event Collector and everything was worki...

by Explorer in

How can I split custom Windows Event Logs from the same source into multiple source types?

I have a custom Windows Event Log source that I want to monitor via an universal forwarder. I'd like to split the ...

by New Member in

What are the advantages of using Hadoop Data Roll?

Documentation says Archive indexer data to meet your data retention policies without using valuable indexer space....

by Influencer in

Where is the doc for the 6.5 hadoop data roll?

Hi, I'm searching for the documentation for the new 6.5 hadoop data roll feature, and unable to find it. Can someo...

by Champion in

How can I monitor HortonWorks 2.x Hadoop monitoring on Windows?

Hi All, How can I monitor HortonWorks 2.x Hadoop monitoring on Windows platform? -Thiru.

by New Member in

How can you encrypt Indexers to use a specific SSL protocol over ports ex..9997, 9998)

This post is to help others who may have difficulties encrypting their indexers(data) to only respond to highest SSL ...

by Splunk Employee in

Is there a version of the universal forwarder that is compatible with Windows Server 2016?

Is there a version of the universal forwarder that can be used or is compatible with Windows Server 2016?

by Explorer in

connection_host = dns not working

Hi, I set new sourcetype: syslog-net for syslog events I don't want to extract host from. My settings: inputs.c...

by Communicator in

LINE_BREAKERについて

以下のログを1行ごとではなく、8行ごとにイベントを区切りたいのですが、1行ごとに区切られてしまって上手くいきません。 LOGICAL UNIT NUMBER 3 Name: 1692_Robin UID: 60:06:01:60...

by Explorer in

LineBreakingProcessor - Truncating line because limit of 1000000 bytes has been exceeded with a line length >= 1003520 - data_source="lsof", data_host="gbrdcr10328n02", data_sourcetype="lsof"

I am getting this error in the splunkd.log. i've seen a previous post which talks about the Line Breaking settings wi...

by Path Finder in

Indexer cluster Hardware upgradation

Hi, My Splunk environment contains 1 master 6 pears of indexer hosts. I just want to perform the CUP upgrade on my in...

by Path Finder in

How to convert my date and time field into a human readable format?

First, I read similar Question/Answers and was able to follow them for other time formats. These work well but didn't...

by New Member in

Why does my external lookup script not work when called from the search head?

Hi, So, I have set up an external lookup script, following the example of external_lookup.py that is shipped with ...

by Path Finder in

Groovy - Date Format

Hi, This would be very useful If I get any example. I am using Groovy to retrieve savedSearch results. My code ...

by New Member in

インデックス時にファイル名から時刻を取得する方法

ログファイル内に日付、時刻がなく、ファイル名に日付がある場合に、ファイル名の日付を_timeとして認識させることは可能でしょうか？ タイムレンジピッカーによる日付範囲指定を行いたいので、index-timeに_timeに値を設定したい...

by New Member in

How to prevent my transforms.conf been overwrited by webui

Hi, I configured match_type = CIDR(field_name) in my transforms.conf file, and it worked fine. But when I save change...

by New Member in

Can a Splunk search head cluster member also be an indexer?

Brief description: We have 2 large physical machines we would like to use for our new Splunk Enterprise implementa...

by New Member in

Cannot index event because it is larger than mpool size

Hi, i am getting the above message from our indexers from time to time. " Search peer * has the following message:...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why does importing CSV files from a server directory using transforms.conf results in random month being inserted into event time?

Why does a single, short json file create multiple events in Splunk?

Best practice for forwarding data into Splunk through an intermediate forwarder

add log files to index

what happens if two outputs.conf files were sent to a host using the splunkforwarder ?

splunk heavy forwarder 500 internal server error when login

Why are my multi-line events getting broken in the middle of a string?

HTTP Event Collector not working after update

How can I split custom Windows Event Logs from the same source into multiple source types?

What are the advantages of using Hadoop Data Roll?

Where is the doc for the 6.5 hadoop data roll?

How can I monitor HortonWorks 2.x Hadoop monitoring on Windows?

How can you encrypt Indexers to use a specific SSL protocol over ports ex..9997, 9998)

Is there a version of the universal forwarder that is compatible with Windows Server 2016?

connection_host = dns not working

LINE_BREAKERについて

LineBreakingProcessor - Truncating line because limit of 1000000 bytes has been exceeded with a line length >= 1003520 - data_source="lsof", data_host="gbrdcr10328n02", data_sourcetype="lsof"

Indexer cluster Hardware upgradation

How to convert my date and time field into a human readable format?

Why does my external lookup script not work when called from the search head?

Groovy - Date Format

インデックス時にファイル名から時刻を取得する方法

How to prevent my transforms.conf been overwrited by webui

Can a Splunk search head cluster member also be an indexer?

Cannot index event because it is larger than mpool size

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions