Getting Data In

Thread Info

date_zone field has value 'local' & '0'

HI, Splunk Version : Splunk 6.1.1 Splunk Universal forwarder : version 5.0.4 I see the field 'date_zone' has va...

by Motivator in

Why does my tstats search only show results for the main index?

|tstats values(sourcetype) by index I have 10 indexes, but I only get "main" when I run the search above. How ...

by Contributor in

Is there a way to set a tag by source in inputs.conf?

I'm writing an app where it has multiple sources that will be assigned to the sourcetype log4j. Searching for these l...

by Explorer in

How to bulk delete multiple hosts from Splunk that have not phoned home within a set interval?

Good morning. I am brand new to Splunk and so far so good  We operate in the MS Azure Cloud and many of our syste...

by Builder in

How to pull Sharepoint document library meta data into Splunk?

I want to create a Splunk app that uses document meta data from a document library to create reports based on their m...

by New Member in

Why has Splunk stopped indexing my files?

Customer reported that a standalone Splunk Indexer had stopped indexing any monitored files. They also noticed that :...

by Splunk Employee in

Why am I unable to delete indexes from the Splunk Web? Why do I have to restart Splunk when I create a new Index from Splunk Web?

Customer reported several issue with Index Management using the Splunk Web: - Unable to create new Indexes from Setti...

by Splunk Employee in

Why is an indexer in a cluster reporting "CMMessages - got genid thats invalid or out of range, setting to INVALID_GENID"?

Hello, I have an indexer node running Splunk Version 6.3.2 (build aaff59bb082c) that constantly outputs the follow...

by Engager in

How do i convert/fix my cooked data to human readable data?

I've installed a universal forwarder(A) on a linux box which monitors a .log file and forwards data to an intermediat...

by Contributor in

How do I remove host from Data Summary screen but keep data?

Hello, I'm looking for advice on how to handle systems that are removed from the network. We have several hun...

by Explorer in

LINE_BREAKER not working correctly

The event I want to break on looks like this: 25/Jan/17:10:23:00:069+0000 DEBUG Evaluation of condition [188:FTP ...

by Contributor in

What is the best way to collect all DNS queries by client and Responses sent back by a Windows 2012 DNS Server with a universal forwarder?

We have Universal Forwarder installed on MS Windows 2012 DNS server. what is best way to collect all the DNS queries ...

by Explorer in

How can I filter data in search-time from a generated csv file?

Hi, I have a csv file, generated each day from a Powershell script under the Splunk app lookups directory. I use t...

by Contributor in

For Wineventlog, Event ID captures User info, but why does Splunk raw data show user User=NOT_TRANSLATED?

Issue is that for the Wineventlog for Application channel EventCode=11707 and EventCode=11724, intermittently _raw da...

by Splunk Employee in

How to collect Windows event logs that are not from .evtx or .evt files?

I'm trying to collect Windows events. Specifically, I'm trying to collect: \\Applications and Service Logs\Microso...

by Communicator in

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Is there a feature in Splunk (like Dropbox) to drop all types of logs from different applications ? Where can i dr...

by New Member in

Permission denied

I am running Splunk enterprise 6.3.1 and universal forwarder. We deploy the universal forwarder onto a Linux machine ...

by Explorer in

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

I was indexing a years worth of logs (200+GB) from one source path. Data was indexed, but I am trying to understand w...

by Communicator in

How to add Data Sources from different devices to Splunk?

How to Add Data Sources from the following devices: No| Data Type | No’s of devices | ...

by Explorer in

How to configure Splunk to not index a line before it is finished writing?

We are writing out to a log for which splunk is indexing for most lines okay, but some times splunk indexes before th...

by Path Finder in

Is it possible to define a custom location for universal forwarder local configurations?

My Splunk Forwarder is installed on a share, which can be mapped to all the servers in my environment. Therefore, I a...

by Explorer in

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

My attempts to install a Splunk forwarder on Windows 2008 fails and is rolled back. In this case, the application ev...

by New Member in

What is best way to use sourcetype with HTTP Event Collector to categorize data?

From the HTTP Event Collector setting page: Source type The source type is one of the default fields that Splunk ...

by Contributor in

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

Hello, all I have infrastructure like this 1stHF => 2ndHF => Indexer On the first Heavy Forwarder, I clone some...

by Contributor in

How to configure line breaking on ADmanagerplus log?

I am working on ingesting ADmanagerplus logs. I am having difficulty linebreaking the following log which represents ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

date_zone field has value 'local' & '0'

Why does my tstats search only show results for the main index?

Is there a way to set a tag by source in inputs.conf?

How to bulk delete multiple hosts from Splunk that have not phoned home within a set interval?

How to pull Sharepoint document library meta data into Splunk?

Why has Splunk stopped indexing my files?

Why am I unable to delete indexes from the Splunk Web? Why do I have to restart Splunk when I create a new Index from Splunk Web?

Why is an indexer in a cluster reporting "CMMessages - got genid thats invalid or out of range, setting to INVALID_GENID"?

How do i convert/fix my cooked data to human readable data?

How do I remove host from Data Summary screen but keep data?

LINE_BREAKER not working correctly

What is the best way to collect all DNS queries by client and Responses sent back by a Windows 2012 DNS Server with a universal forwarder?

How can I filter data in search-time from a generated csv file?

For Wineventlog, Event ID captures User info, but why does Splunk raw data show user User=NOT_TRANSLATED?

How to collect Windows event logs that are not from .evtx or .evt files?

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Permission denied

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

How to add Data Sources from different devices to Splunk?

How to configure Splunk to not index a line before it is finished writing?

Is it possible to define a custom location for universal forwarder local configurations?

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

What is best way to use sourcetype with HTTP Event Collector to categorize data?

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

How to configure line breaking on ADmanagerplus log?

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions