Getting Data In

Community Activity

How to collect Windows event logs that are not from .evtx or .evt files? I'm trying to collect Windows events. Specifically, I'm trying to collect: \\Applications and Service Logs\Microsof... by stcrispan Communicator in Getting Data In 01-25-2017 3 9	3	9
Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations? Is there a feature in Splunk (like Dropbox) to drop all types of logs from different applications ? Where can i drop... by sai_john New Member in Getting Data In 01-25-2017 0 11	0	11
Permission denied I am running Splunk enterprise 6.3.1 and universal forwarder. We deploy the universal forwarder onto a Linux machine... by tattersp Explorer in Getting Data In 01-25-2017 0 4	0	4
Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs? I was indexing a years worth of logs (200+GB) from one source path. Data was indexed, but I am trying to understand ... by CaptainHook Communicator in Getting Data In 01-25-2017 0 4	0	4
How to add Data Sources from different devices to Splunk? How to Add Data Sources from the following devices: No\| Data Type \| No’s of devices \| Lo... by fazilhussain Explorer in Getting Data In 01-25-2017 1 3	1	3
How to configure Splunk to not index a line before it is finished writing? We are writing out to a log for which splunk is indexing for most lines okay, but some times splunk indexes before th... by BrendanMcE Path Finder in Getting Data In 01-24-2017 1 5	1	5
Is it possible to define a custom location for universal forwarder local configurations? My Splunk Forwarder is installed on a share, which can be mapped to all the servers in my environment. Therefore, I ... by marlog Explorer in Getting Data In 01-24-2017 0 1	0	1
Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."? My attempts to install a Splunk forwarder on Windows 2008 fails and is rolled back. In this case, the application ev... by wilsonchua New Member in Getting Data In 01-24-2017 0 1	0	1
What is best way to use sourcetype with HTTP Event Collector to categorize data? From the HTTP Event Collector setting page: Source type The source type is one of the default fields that Splunk as... by simpkins1958 Contributor in Getting Data In 01-24-2017 0 7	0	7
HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2? Hello, all I have infrastructure like this 1stHF => 2ndHF => Indexer On the first Heavy Forwarder, I clone some set... by andrey2007 Contributor in Getting Data In 01-24-2017 3 5	3	5
How to configure line breaking on ADmanagerplus log? I am working on ingesting ADmanagerplus logs. I am having difficulty linebreaking the following log which represents ... by wliu_ondeck Explorer in Getting Data In 01-24-2017 0 1	0	1
Is it possible to disable SSL v3 on the universal forwarder? Is there a way to disable SSL v3 on the UFW? I'm getting flagged by security. by a212830 Champion in Getting Data In 01-24-2017 1 5	1	5
What is function of DEST_KEY in transforms.conf I am little bit confused by the explanation given for DEST_KEY IN TRANSFORMS.CONF. May I know what is the exact funct... by ankithreddy777 Contributor in Getting Data In 01-24-2017 1 4	1	4
Why some of our indexers stop listening on port 9997? Yesterday we realized that three of our six production indexers stop listening on port 9997. We bounced them and all ... by ddrillic Ultra Champion in Getting Data In 01-24-2017 1 2	1	2
Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype? Wasn't able to find a solid answer on this one, but I am using Splunk 6.x, and was wondering if I could have a source... by paimonsoror Builder in Getting Data In 01-24-2017 1 2	1	2
How to edit inputs.conf to monitor logs on Windows machine? To monitor a file on Windows machine with names like : access.2016_09_23_00_00_00 I wrote the following stanza in in... by joydeep741 Path Finder in Getting Data In 01-24-2017 0 6	0	6
how to get the timezone of the logs set in props file Hi team, I have catalina logs ocming to splunk from Central timezone But my splunk server is installed and configure... by deepthi5 Path Finder in Getting Data In 01-24-2017 0 1	0	1
Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない SplunkWeb にログインし、Data inputsから１つのUDP port 514 インプットを設定することはできます。しかし、追加でもう一つ UDP port 514 インプットを設定すると下記のエラーが出てしまい設定するこ... by CurryPan Communicator in Getting Data In 01-24-2017 0 1	0	1
Maximum number of attribute $n in transforms.conf Hello, the FORMAT option in transforms.conf can use $n to specify the output of each REGEX match. (https://docs.splun... by CurryPan Communicator in Getting Data In 01-24-2017 1 1	1	1
Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers? I'm running error script on a bunch of AIX servers but have encountered the "SOFTWARE PROGRAM ERROR" on few of the se... by MousumiChowdhur Contributor in Getting Data In 01-24-2017 4 1	4	1
How can I learn to use PowerShell in Splunk? I am new to PowerShell and Splunk. I want to learn PowerShell in Splunk, so how can i? Where can I find PowerShell in... by maneeshsimhadri Engager in Getting Data In 01-23-2017 0 7	0	7
How to make multivalue fields parse in props.conf and transforms.conf? So I've gotten stuck trying to get multivalue field working. I have, in general, two type of events. The first: Ja... by reswob4 Builder in Getting Data In 01-23-2017 0 4	0	4
How can I increase the output count limit for the command.script component? Hi, I have a search that is using the "script" command but this search is exceeding a limit as you can see: Is the... by ctaf Contributor in Getting Data In 01-23-2017 0 6	0	6
Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error? Hi, Splunk forwarder crashed few times in the last two days after onboarding few new customers. Please find below c... by amoldesai Explorer in Getting Data In 01-23-2017 0 3	0	3
How to receive data from forwarders in the trial version of Splunk installed on my personal laptop? How to receive data from forwarders in a Splunk trial/free version instance installed on my personal laptop? by xbbj3nj Path Finder in Getting Data In 01-22-2017 0 1	0	1

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Getting Data In

How to collect Windows event logs that are not from .evtx or .evt files?

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Permission denied

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

How to add Data Sources from different devices to Splunk?

How to configure Splunk to not index a line before it is finished writing?

Is it possible to define a custom location for universal forwarder local configurations?

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

What is best way to use sourcetype with HTTP Event Collector to categorize data?

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

How to configure line breaking on ADmanagerplus log?

Is it possible to disable SSL v3 on the universal forwarder?

What is function of DEST_KEY in transforms.conf

Why some of our indexers stop listening on port 9997?

Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype?

How to edit inputs.conf to monitor logs on Windows machine?

how to get the timezone of the logs set in props file

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

Maximum number of attribute $n in transforms.conf

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

How can I learn to use PowerShell in Splunk?

How to make multivalue fields parse in props.conf and transforms.conf?

How can I increase the output count limit for the command.script component?

Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error?

How to receive data from forwarders in the trial version of Splunk installed on my personal laptop?

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation