Getting Data In

Community Activity

Are my props.conf and transforms.conf correct in setting metadata from TCP input? So... I am attempting to setup a TCP input, which will automatically set metadata, from the event. The _Raw looks li... by ericmck2000 Explorer in Getting Data In 02-01-2017 0 2	0	2
Is there any way to list all the saved searches in Splunk? Hi Splunkers, Is there any way to list all the saved searches in Splunk? I want to export the saved searches details... by praveenbandi Explorer in Getting Data In 02-01-2017 1 2	1	2
How to edit props.conf to use the "last modified" time of the file as the timestamp for each event? I have configured monitoring for a set of files. I have configured the props.conf to use the 'last modified' time of ... by aholzer Motivator in Getting Data In 02-01-2017 0 7	0	7
Split MV into new table rows I have rows where data looks like.. Value1^Value2^Value3Value4^Value5Value6Value7^Value8 My query (below)... searc... by ereed18 Engager in Getting Data In 02-01-2017 0 2	0	2
Splunk Universal Forwarder 6.4.1 and all Versions younger than 6.2 cannot be installed to 7 of our systems The Error Message on the screen isenter code here: "UniversalForwarder Setup ended prematurely" Versions older tha... by christopherr_sp Splunk Employee in Getting Data In 02-01-2017 4 1	4	1
Why doesn't the CLI command create a stanza in inputs.conf? Or to restate the question : Why is Splunk Web reflecting the results of the CLI command, but inputs.conf file doesn'... by msutfin1 Explorer in Getting Data In 01-31-2017 1 5	1	5
static csv file (uploaded only once in a day) issue I have a csv file kept in a central path which is only uploaded once in a day. The moment i search the data on my sea... by simon21 Path Finder in Getting Data In 01-31-2017 0 1	0	1
Trying to parse my Json into a table this is the format: {<!-- --> "epoch": "1485892851.94944", "id": "3952418", "name": "WMI Performance... by dperry Communicator in Getting Data In 01-31-2017 0 3	0	3
How to resolve "error getting attributes of path "C:\pagefile.sys"" after pushing configurations to servers? I have pushed configurations to at least 15 servers. 12 servers out of these 15 are returning with these errors, wher... by vr2312 Builder in Getting Data In 01-31-2017 0 5	0	5
How to get Splunk to index a small 1.5KB CSV file? I am trying to make Splunk read/index a CSV that is of 1.5KB. I have used the traditional CRCSALT=>SOURCE> tag in t... by vr2312 Builder in Getting Data In 01-31-2017 1 11	1	11
I have Windows Universal Forwarder that is sending thousands of blank Windows events and duplicating events On the Windows client server (splunkforwarder-6.2.1-245427-x64-release.msi) the inputs.conf file contains: [WinEvent... by andrewcg Path Finder in Getting Data In 01-31-2017 0 8	0	8
TIME_FORMAT regex help 12/02/2015 12:00:00 AM, Execute time: 0150 looking to extract the date and the 24hr time pls by Esky73 Builder in Getting Data In 01-31-2017 0 6	0	6
How to configure line breaking on TCP events separated with null character ('\x00')? My log source generates events ended with null-character ('\x00') and sends them to Splunk via TCP in chunks every 10... by vsilchev Explorer in Getting Data In 01-31-2017 0 7	0	7
How to configure props.conf and transforms.conf to process the timestamps in my data? Have data that Splunk is struggling with and needs props.conf and transforms.conf. The year/month/date followed by t... by smudge797 Path Finder in Getting Data In 01-30-2017 0 3	0	3
Missing Index Even Specifying Index in inputs.conf Hi, The architect of the deployment is UF(Windows)->HF->Indexer->SH, only UF is installed in Windows platform and all... by jimmyzhangau New Member in Getting Data In 01-30-2017 0 2	0	2
Need help with what should be a simple precedence issue regarding props.conf and aliases. Simple scenario app_a/default/props.conf 25_app_a/default/props.conf The 25_app_a is an exact copy aside from the c... by leonphelps_s Path Finder in Getting Data In 01-30-2017 4 11	4	11
How to index W3C IISlog from a Universal forwarder I am new to Splunk, so please forgive me if the answer to the question is obvious.... I am trying to index W3C IISlo... by meskildsen New Member in Getting Data In 01-30-2017 0 11	0	11
How do I debug inbound syslog that isn't getting indexed by Splunk? Hi I currently have tried a lot of things but can't seem to get the data into Splunk. I have a server sending syslog... by danfein New Member in Getting Data In 01-30-2017 0 3	0	3
mvcombine ignores specified delimiter We're indexing /var/log/secure, as one does, and I have a request to list users who've logged in in a comma-delimted ... by mcomfurf Path Finder in Getting Data In 01-30-2017 0 4	0	4
Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe". Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe". splunkd.log shows: WARN IndexerSe... by dshakespeare_sp Splunk Employee in Getting Data In 01-30-2017 1 2	1	2
Socket not supported error while installing universal forwarder on Bash (Virtual machine on windows) Hi, I am trying to install a universal forwarder on Bash(Virtual Linux terminal on windows). Step 1: Install Splun... by deepak02 Path Finder in Getting Data In 01-29-2017 0 2	0	2
Extracting data from complicated JSON, match a value I have JSON in the following format: [ { "nameValues": [], "offeringId": "a" }, { "n... by CanadianTrevorS New Member in Getting Data In 01-28-2017 0 4	0	4
How to prevent numeric values from turning into a string using the REST API? I'm trying to do a summation of different fields doing a CURL call using the Splunk REST API. Here's what I have: c... by momori Explorer in Getting Data In 01-28-2017 0 3	0	3
Where do I configure the host in Splunk Light to collect data from a socket of an external device? I am evaluating Splunk Light. I want to collect data from a socket port on an external device. I was hoping that by c... by PepePelotas New Member in Getting Data In 01-28-2017 0 2	0	2
Why am I getting duplicate saved search results after copying an app? I have two apps which have the same saved searches defined in their own savedsearches.conf files, however, rather tha... by wyfwa4 Communicator in Getting Data In 01-27-2017 0 3	0	3

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Getting Data In

Are my props.conf and transforms.conf correct in setting metadata from TCP input?

Is there any way to list all the saved searches in Splunk?

How to edit props.conf to use the "last modified" time of the file as the timestamp for each event?

Split MV into new table rows

Splunk Universal Forwarder 6.4.1 and all Versions younger than 6.2 cannot be installed to 7 of our systems

Why doesn't the CLI command create a stanza in inputs.conf?

static csv file (uploaded only once in a day) issue

Trying to parse my Json into a table

How to resolve "error getting attributes of path "C:\pagefile.sys"" after pushing configurations to servers?

How to get Splunk to index a small 1.5KB CSV file?

I have Windows Universal Forwarder that is sending thousands of blank Windows events and duplicating events

TIME_FORMAT regex help

How to configure line breaking on TCP events separated with null character ('\x00')?

How to configure props.conf and transforms.conf to process the timestamps in my data?

Missing Index Even Specifying Index in inputs.conf

Need help with what should be a simple precedence issue regarding props.conf and aliases.

How to index W3C IISlog from a Universal forwarder

How do I debug inbound syslog that isn't getting indexed by Splunk?

mvcombine ignores specified delimiter

Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe".

Socket not supported error while installing universal forwarder on Bash (Virtual machine on windows)

Extracting data from complicated JSON, match a value

How to prevent numeric values from turning into a string using the REST API?

Where do I configure the host in Splunk Light to collect data from a socket of an external device?

Why am I getting duplicate saved search results after copying an app?

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation