Getting Data In

Ask a Question

Discussions

Thread Info

Reading IP addresses from a JSON file, and manage the IP addresses as whitelist

Hi I want to read IP addresses from a Json file and manage the addresses that was read as a whitelist.

by New Member in

How to change data source dynamically

Hi, Is it possible to dynamically set the data source for the query below? We have multiple environments and user...

by Explorer in

Why I am receiving this message "There are currently no forwarders configured as deployment clients to this instance'' and how to resolve it?

We have the application running in remote servers using weblogic. We use the log 4j configuration. Have installed Spl...

by New Member in

How to edit my props.conf to keep multiline events containing XML as one event?

Hi, I’m trying to create a new source type for the first time. I’ve been at it all morning and I’m pretty sure I ...

by New Member in

DBConnect SQLite not picking proper timestamp

Hi All I have an SQLite input setup via DBConnect app . However the input DBMON tail will just NOT parse proper...

by Contributor in

Why am I getting error "Failed to tarAndChksum file='/apps/splunk/splunk/etc/deployment-apps/...'" when I try to add apps to a server class?

Hi, When I am in a server class and I try to add applications, I get the following error message: Failed to tar...

by Engager in

Splunk daemon stops responding when many connections are made

Hi, We have a Splunk deployment where we expose a splunk app through REST. We connect to the app and run approxima...

by Communicator in

Two different Deliminator for a field

I have 2 types of Messages in my log for 1st i want to split it from ":" deliminator and for 2nd i want deliminator ...

by Path Finder in

How to configure a universal forwarder to be aware of a WebLogic Windows server?

Hi, I'm new to Splunk and learn as I go. I set up the universal forwarder on the Oracle WebLogic server, and on th...

by New Member in

How to perform a bulk/batch delete of KV Store records via REST API?

We are trying to find a way to leverage the REST API to perform a bulk delete of KV Store records. Currently, the RES...

by New Member in

How to pass an argument to a macro and execute this macro repeatedly using "by source"?

Hi, I would like to execute macro_with_args repeatedly using by source. How can I pass the arg_value to the macro?...

by New Member in

Group hosts by Sourcetype by Index

Hello, I am trying to perform a search that groups all hosts by sourcetype and groups those sourcetypes by index. ...

by Path Finder in

What is the best practice for assigning indexes and sourcetypes for multiple UDP feeds to the same port?

Excuse the ignorance, I'm coming from the syslog-ng world and just now starting with Splunk. I have multiple devic...

by New Member in

A Cisco Reference design doc specifies about 14 servers to index up to 2 TB/day, while other docs suggest I need 8 indexer servers per 150 Gb.day. Which is it?

I found a doc on the Cisco website which specifies an architecture with about 14 UCS servers to index up to 2 TB/day ...

by Explorer in

Help in import of Numpy in Splunk

I wrote a python script where it is using numpy, while running my script in splunk it is not able to import numpy fro...

by New Member in

How to edit props.conf to override Splunk truncating JSON data?

Hi Guys, So I figured out that my Splunk instance is truncating my JSON data. That's not good and I'd like to reme...

by Explorer in

search keywords from .csv file

Hi All, I want to run a query that search keywords from the .csv file . I have created lookup file and lookup defi...

by Path Finder in

Is there any way to execute SEDCMD after transforms are applied?

Hi, As far as I understand, SEDCMD is executed before TRANSFORMS. Is there any way to make it execute after? I'...

by Engager in

How to indexing single data to multiple index in one splunk server?

Hi, can someone help me I want indexing single data to multiple indexer, i have try edit props.conf [top] T...

by New Member in

How to remove row1 row 2 after using transpose command .

I have just used .....chart count by env |addcolstotals |fillnull value="Total" env In my query Its actually giving ...

by Path Finder in

Can we use single storage to archive index data from all indexers, or do we need separate storage for each indexer?

I would like to archive the data older than 1 year. I have a single storage device to store archived data. Can we use...

by Contributor in

Is it possible to stop the forwarder instead of restarting it when deploying a new app?

Linux 4.2.0-27-generic #32~14.04.1-Ubuntu in /var/log/syslog Nov 24 04:10:25 kernel: [6690966.699401] init: splunk...

by New Member in

How to configure multiple host names in a single inputs.conf file, and push this to all servers in a server class via deployment server?

Hi All, We have a deployment server configured in our server. We want to push a single inputs.conf file to all the...

by Explorer in

strip fqdn from hostname field

hey guys, i am pretty sure we have something in place which is stripping the hostname from the fqdn. just cannot figu...

by New Member in

How to install and configure a universal forwarder on servers that are running applications in a Docker container?

Hello i was looking at Splunk docs regarding how to install Splunk forwarder and configure inputs to forward logs ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Reading IP addresses from a JSON file, and manage the IP addresses as whitelist

How to change data source dynamically

Why I am receiving this message "There are currently no forwarders configured as deployment clients to this instance'' and how to resolve it?

How to edit my props.conf to keep multiline events containing XML as one event?

DBConnect SQLite not picking proper timestamp

Why am I getting error "Failed to tarAndChksum file='/apps/splunk/splunk/etc/deployment-apps/...'" when I try to add apps to a server class?

Splunk daemon stops responding when many connections are made

Two different Deliminator for a field

How to configure a universal forwarder to be aware of a WebLogic Windows server?

How to perform a bulk/batch delete of KV Store records via REST API?

How to pass an argument to a macro and execute this macro repeatedly using "by source"?

Group hosts by Sourcetype by Index

What is the best practice for assigning indexes and sourcetypes for multiple UDP feeds to the same port?

A Cisco Reference design doc specifies about 14 servers to index up to 2 TB/day, while other docs suggest I need 8 indexer servers per 150 Gb.day. Which is it?

Help in import of Numpy in Splunk

How to edit props.conf to override Splunk truncating JSON data?

search keywords from .csv file

Is there any way to execute SEDCMD after transforms are applied?

How to indexing single data to multiple index in one splunk server?

How to remove row1 row 2 after using transpose command .

Can we use single storage to archive index data from all indexers, or do we need separate storage for each indexer?

Is it possible to stop the forwarder instead of restarting it when deploying a new app?

How to configure multiple host names in a single inputs.conf file, and push this to all servers in a server class via deployment server?

strip fqdn from hostname field

How to install and configure a universal forwarder on servers that are running applications in a Docker container?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!