Getting Data In

Thread Info

Limit Data send from Forwarder to Indexer

Hello, is it possible to limit the data which will be send to the forwarder, like 10 MB/day? One of our applica...

by Path Finder in

Extract time stamp at different places in different logs in single source type

Hi, I have two different events in single source type and logs look like below, Jan 15 09:50:18 xxxxxxxxxxxx A...

by Path Finder in

What is the best approach for a search time extraction of JSON formatted data within syslog event value?

I have a data source I am pulling syslog data from (a modular input). The data returned from this API is syslog forma...

by New Member in

Need advice/help with how to parse data file

Need help parsing file Each file represents a unique complete test. Here is a snippet of what we have. Some not...

by Splunk Employee in

shell script for converting a foxbase .DAT file to (comma delimited) .CSV using excel

Hello, I'm kind of new to this, so please bear with me. I have been trying to make a shell script that can do the ...

by Explorer in

Why is my forwarding configuration not forwarding data?

Good afternoon, working on setting up the final piece of Splunk infrastructure and I have come across a little speed ...

by Path Finder in

How to find out why Splunk Indexer re-indexed my IIS logs?

Recently, my Splunk environment decided to re-index ALL of my IIS logs (which crushed my daily license quota). I have...

by New Member in

How to combine multiple searches and output results into one CSV file?

Here is example query.. index=A host=host1 | stats count by host | index=B sourcetype=s1 | dedup host | table hos...

by Path Finder in

How to get the latest event from duplicate events and count a specific value for that latest event?

This is my sample data: _time duration ID 2017-01-12 19:40:03 5 AAAAA 2017-01-12 19:42:03 10 ...

by Communicator in

What is the regular expression for these Event ID codes?

Client needs to push these event codes through Heavy Forwarder to Splunk Cloud. So please help in creating REGEX for ...

by Explorer in

What protocol is used for the SSL connection between the Splunk forwarder and index?

I would like to know what protocols / ciphers are used for the ssl connection. Is it SSLv3, TLS1.0, TLS1.1 or TLS1.2?...

by New Member in

subtract value on Subquery

So basically I want to make a subquery where I can use the values founded in the first query to make a subtract from ...

by Explorer in

fschange Alternatives

Does anyone know of another way to monitor folders/files in Windows other than fschange? I have played with the "moni...

by Explorer in

RBAC/permissions: Is it possible to restrict a role as only able to search an index from a particular app?

My customer has indexed data that inadvertently contains clear-text passwords in it. There are folks who need to b...

by Builder in

Is it possible to monitor a KVM virtual infrastructure with Splunk?

Hi, Is it possible to monitor a KVM virtual infra with Splunk? Best regards, Laurent

by New Member in

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?

http://docs.splunk.com/Documentation/Splunk/6.4.5/Search/ExportdatausingRESTAPI I read the manual, nothing is work...

by Builder in

historic data not ingesting

I ingested the logs data to Splunk Uat servers, it got ingested all data including the historic data, But when I inge...

by Contributor in

Hunk: Why am I unable to retrieve results for a date and time range beyond today's date?

I have the exact same issue as https://answers.splunk.com/answers/320535/post.html . I tried the regex provided in th...

by Explorer in

How to edit my configuration to line break events at every "= ID:" in my sample log file?

Some of the events are not being broken down. It works most of the time, but will not break lines couple of times, ea...

by Communicator in

Can audit.log be forwarded to another index?

Hello There I'm trying to index a few Splunk internal logs like splunkd, metrics, web*, audit, etc under /var/log/...

by Explorer in

Why is Splunk Universal Forwarder on AWS not showing up in the list of forwarders in my Cloud instance?

I am new to Splunk and I am trying to test Splunk Cloud with my AWS instance. I have a forwarder built in AWS. It doe...

by Engager in

Why should I install Splunk on Domain Controllers?

Currently debating installing Splunk on all Domain Controllers. Have a back and forth with my colleagues and security...

by New Member in

Why is the universal forwarder not forwarding some lines in my logs?

I'd set up the universal forwarder to send my logs to another server and it's working, but it's losing part of some l...

by New Member in

Drop events before indexing. Complex filter

Hi, I need to filter out some data before indexing, ands can't quite get it to work. The data is a json format (from...

by Path Finder in

How does Splunk define a host?

I am a network admin. I followed the documentation on how to connect an F5 load-balancer, Cisco ASA, and Checkpoint F...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Limit Data send from Forwarder to Indexer

Extract time stamp at different places in different logs in single source type

What is the best approach for a search time extraction of JSON formatted data within syslog event value?

Need advice/help with how to parse data file

shell script for converting a foxbase .DAT file to (comma delimited) .CSV using excel

Why is my forwarding configuration not forwarding data?

How to find out why Splunk Indexer re-indexed my IIS logs?

How to combine multiple searches and output results into one CSV file?

How to get the latest event from duplicate events and count a specific value for that latest event?

What is the regular expression for these Event ID codes?

What protocol is used for the SSL connection between the Splunk forwarder and index?

subtract value on Subquery

fschange Alternatives

RBAC/permissions: Is it possible to restrict a role as only able to search an index from a particular app?

Is it possible to monitor a KVM virtual infrastructure with Splunk?

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?

historic data not ingesting

Hunk: Why am I unable to retrieve results for a date and time range beyond today's date?

How to edit my configuration to line break events at every "= ID:" in my sample log file?

Can audit.log be forwarded to another index?

Why is Splunk Universal Forwarder on AWS not showing up in the list of forwarders in my Cloud instance?

Why should I install Splunk on Domain Controllers?

Why is the universal forwarder not forwarding some lines in my logs?

Drop events before indexing. Complex filter

How does Splunk define a host?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions