Getting Data In

Discussions

Thread Info

Why am I unable to filter out an event code?

I apologize since this has been answered before. I've tried all the solutions offered in the previous threads and am ...

by Explorer in

German umaulat Character is not getting recognized by Splunk Universal Forwarder

My PowerShell script results with "german umaulat" character into data. In our local lab Splunk Universal Forwarder r...

by Engager in

TailingProcessor - Ignoring path="/path/to/xyz" due to: Bug: tried to check/configure STData processing but have no pending metadata.

Splunk is having some problems importing some files. Whenever I drop the new file onto monitored directory the Splunk...

by Splunk Employee in

Multi value field extraction props.conf transforms.conf

Hello fellow Splunker, I have a question about my props.conf and transforms.conf. I want to extract a multi valued...

by Path Finder in

Universal Forwarder 6.5 on Windows Server 2008 32-bit?

Can I install Universal Forwarder 6.5 on Windows Server 32-bit by using the Windows 8, 8.1, and 10 installer? If not,...

by New Member in

Handling events with the same timestamp

I am extracting logs from a file which contain entries with two timestamp log entries: 1. eventTimestamp 2. timestamp...

by New Member in

Time format not being recognized as data point

I have a search with multiple time formats, and the "Duration" time format isn't being recognized when I to a chart. ...

by Communicator in

Source Transform Replace '/' with '_'

Hi, I created props and transforms files to put source value of file in raw event. I am sending these event to thi...

by Explorer in

trying to lexically parse a text field and group results into categories

I have an xml file with a text field. The text field may include trigger words. I have a list of those trigger words....

by New Member in

How to archive specific Splunk data?

All, I have legal telling me I must have a certain subset of data available in Splunk for 12-18 months depending....

by Builder in

query for searching passive hosts

Can someone please explain me what does the following query will do step by step ? type=hosts | sort -recentTime...

by Path Finder in

Why does set host by 'regex on path' work differently between Splunk Web and inputs.conf?

Hi Splunkers, I have a set of directories (syslog collector), created for logs from remote hosts and containing ho...

by Contributor in

Is there a way to break lines in props.conf on search head?

I have the ability to configure a search head but not the indexers. I am wondering if I can break multi-line netstat ...

by Path Finder in

The edits I made to props.conf and transforms.conf are not working to filter my data. Can anyone check to see where I went wrong?

Hello All, I have written the below props.conf and transforms.conf files, but am not able to filter my data, could...

by Communicator in

How to edit my configurations to fetch the client logs from VM to Splunk Enterprise?

i have configured Splunk Enterprise in my local and universal forwarder in my VM. now i need to fetch the tomcat logs...

by New Member in

How to edit props.conf to line break modsecurity events?

Hey guys. I want modsecurity events in Splunk, but can't make right config. I have events like this: --d021db15...

by Communicator in

How to implement Splunk on Linux Platform?

Hello. Friends am new to Splunk. I have Basic knowledge on Windows Platform and learning day by day. Need Help for I...

by Explorer in

How to configure Splunk forwarder on Linux?

Hi Team, If we perform the installation of a forwarder on a windows box we could get a menu of items to be monitor...

by Path Finder in

When executing two different PowerShell scripts in inputs.conf, why does only one script work?

Hi I'm trying to execute 2 different powershell scripts with different sourcetypes but on the same index. one of them...

by New Member in

Why am I unable to search data from Splunk servers when the time period is set for previous week ?

Hi All, Can any one guide me why I am unable to fetch the data from index=_internal host=splunk1 sourcetype=splunkd s...

by Motivator in

Websense Triton DLP (Events and Classification Data)

How can Splunk pull events and classification data from Websense Triton? It appears that the data is stored in a SQL ...

by Splunk Employee in

best practice question around CHECK_FOR_HEADER

So I've been using CHECK_FOR_HEADER=true for various csv data in some apps I'm building. I've learned a great deal ab...

by SplunkTrust in

How to measure total IO or throughput on my indexers?

All, Is there a way in Splunk to measure my total IO/thoughout on my indexers? Looking for a search or an app? ...

by Builder in

What is the best way to index snapshot type data in Splunk and correlate it with other data?

Hello, we have a need to correlate operational data with billing account information. So we are looking to join op...

by New Member in

Can someone provide the steps to install Splunk on Windows through the command line?

How to install Splunk Enterprise 6.5.1 on Windows through the command line?

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I unable to filter out an event code?

German umaulat Character is not getting recognized by Splunk Universal Forwarder

TailingProcessor - Ignoring path="/path/to/xyz" due to: Bug: tried to check/configure STData processing but have no pending metadata.

Multi value field extraction props.conf transforms.conf

Universal Forwarder 6.5 on Windows Server 2008 32-bit?

Handling events with the same timestamp

Time format not being recognized as data point

Source Transform Replace '/' with '_'

trying to lexically parse a text field and group results into categories

How to archive specific Splunk data?

query for searching passive hosts

Why does set host by 'regex on path' work differently between Splunk Web and inputs.conf?

Is there a way to break lines in props.conf on search head?

The edits I made to props.conf and transforms.conf are not working to filter my data. Can anyone check to see where I went wrong?

How to edit my configurations to fetch the client logs from VM to Splunk Enterprise?

How to edit props.conf to line break modsecurity events?

How to implement Splunk on Linux Platform?

How to configure Splunk forwarder on Linux?

When executing two different PowerShell scripts in inputs.conf, why does only one script work?

Why am I unable to search data from Splunk servers when the time period is set for previous week ?

Websense Triton DLP (Events and Classification Data)

best practice question around CHECK_FOR_HEADER

How to measure total IO or throughput on my indexers?

What is the best way to index snapshot type data in Splunk and correlate it with other data?

Can someone provide the steps to install Splunk on Windows through the command line?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions