Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | We have a existing infrastructure of Splunk where events are passed from multiple Linux boxes to Splunk indexers. We... by sarthakb Explorer in Getting Data In 12-19-2016 0 6 | 0 | 6 | |
 | I have a saved search that is being run through my dashboard with a text input using the "$token$" operator. I would ... by _jgpm_ Communicator in Getting Data In 12-19-2016 0 2 | 0 | 2 | |
 | I would like to experiment with entries in which time is mentioned as 1,2,3, .... , n; where the nth entry is the lat... by akcyril New Member in Getting Data In 12-19-2016 0 1 | 0 | 1 | |
 |  i am getting 2 different errors on my Splunk server - please see attached for errors, unsure what is wrong thanks fo... by rsingh Explorer in Getting Data In 12-19-2016 0 5 | 0 | 5 | |
 | Hello, I have 2 Indexers along with 1 search head. Both the indexers are added under distributed search peer. From a... by princemanto2580 Path Finder in Getting Data In 12-18-2016 0 2 | 0 | 2 | |
| | I am indexing a log file which doesn't have a timestamp, but have a few events that have completion time (how much ti... by isha_rastogi Path Finder in Getting Data In 12-18-2016 0 2 | 0 | 2 | |
 | SSL Question: What is the difference between TcpOutputProc and TcpOutputFd? I am getting an error message on my forw... by nmensah Explorer in Getting Data In 12-18-2016 0 1 | 0 | 1 | |
| | I have set the sourcetype for access logs in inputs.conf + props.conf before, but on one host it is not recognizing t... by alange Explorer in Getting Data In 12-16-2016 0 3 | 0 | 3 | |
| | Should it really be like this? I think it is a bug. In /var/log I have lots of files and dirs. I want to monitor the... by elof Path Finder in Getting Data In 12-16-2016 0 3 | 0 | 3 | |
 | Hopefully a simple question. I can see that in props.conf you can use source, [source::.../dads_logs/*.log], to cont... by rrussellstscied Explorer in Getting Data In 12-16-2016 0 3 | 0 | 3 | |
| | We have large number of log files to ingest and the machine shows - $ ulimit -n 64000 How high can we set the max_... by ddrillic Ultra Champion in Getting Data In 12-16-2016 0 1 | 0 | 1 | |
| | Hello Everyone, We are trying to monitor log files on a server using the Splunk universal forwarder. The logs direct... by VipulPathak Explorer in Getting Data In 12-15-2016 0 14 | 0 | 14 | |
| | I am trying to do a groupby operation at index time on Ironport logs. I have looked in all the documents and posts an... by ananthkumar12 Explorer in Getting Data In 12-15-2016 0 4 | 0 | 4 | |
| | I've configured inputs.conf like below, but I can't see any data. (Other stanzas for [perfmon:// are all working perf... by 1500372 Explorer in Getting Data In 12-15-2016 0 4 | 0 | 4 | |
| | Hello all. Apologies in advance if the answer to these questions are documented elsewhere, but I've not been able to... by cbaiocchetti New Member in Getting Data In 12-15-2016 0 1 | 0 | 1 | |
| | i want to reduce the number in my indexes by filtering out common Windows events such as 4688 event Id. I thought it ... by andy_macn New Member in Getting Data In 12-15-2016 0 1 | 0 | 1 | |
 | I have a couple of hosts that have the same version of Windows (2012 R2) that one will produce perfmon:memory data, a... by cpetterborg SplunkTrust  in Getting Data In 12-15-2016 0 3 | 0 | 3 | |
| | Please excuse me for writing in Japanese. Splunk Freeで、分散サーチの機能を利用せずに、サーチヘッドとインデクサーを、 それぞれ別のサーバーへ配置することは可能でしょうか? また、... by amemiya New Member in Getting Data In 12-15-2016 0 2 | 0 | 2 | |
| | I am kind of new in Splunk and I am curious about something. When I install universal forwarder to a Windows server, ... by akif_kayapinar New Member in Getting Data In 12-14-2016 0 2 | 0 | 2 | |
| | The logs I've got only have log generation timestamps in them, and the timestamp in Splunk reflects the log generatio... by kalik Explorer in Getting Data In 12-14-2016 0 2 | 0 | 2 | |
| | We have a fairly large index in an indexer cluster of six indexers. What would be an easy way to remove this index fr... by ddrillic Ultra Champion in Getting Data In 12-14-2016 0 4 | 0 | 4 | |
| | We wonder whether [monitor:///<source>/logs/*.log] would monitor all log files in the <source>/logs directory and als... by ddrillic Ultra Champion in Getting Data In 12-14-2016 0 2 | 0 | 2 | |
| | Hello I have a number of devices logging to an index feeding Splunk via Syslog on 514/UDP. Now, I want to route logs... by j666gak Communicator in Getting Data In 12-14-2016 2 5 | 2 | 5 | |
| | I have following logs from a customer device: 0080101c40ba,10.10.1.2,1481421584,host1.labtest.com,error-message1,sev... by jgcsco Path Finder in Getting Data In 12-14-2016 1 8 | 1 | 8 | |
| | -health_checkin_date: 2016-10-30T09:45:28.824Z That is the line from a JSON event being sent into my Splunk instanc... by joshualarkins Explorer in Getting Data In 12-14-2016 1 3 | 1 | 3 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Top Labels
-
add-on
2 -
administration
12 -
AIX
1 -
audit
1 -
blacklist
92 -
CLI
1 -
configuration
32 -
CSV
208 -
data
474 -
development
5 -
encryption
1 -
eval
2 -
field extraction
552 -
fields
5 -
forwarder
1 -
forwarder management
3 -
heavy
1 -
heavy forwarder
939 -
host
155 -
HTTP Event Collector
437 -
index
539 -
indexer
704 -
indexing performance
1 -
inputs.conf
829 -
installation
5 -
intermediate forwarder
142 -
introduction
3 -
JSON
390 -
kvstore
1 -
Linux
453 -
login
1 -
Mac
30 -
metadata
1 -
metrics
2 -
modular input
189 -
monitor
308 -
monitoring console
1 -
other
49 -
proactive Splunk component monitoring
2 -
props.conf
975 -
regex
5 -
saved search
2 -
scripted input
242 -
search
1 -
search head
2 -
search job inspector
1 -
source
291 -
sourcetype
493 -
Splunk Enterprise
1 -
Splunk Investigate
1 -
splunk-assist
2 -
subsearch
1 -
syslog
317 -
time
204 -
transforms.conf
575 -
troubleshooting
15 -
universal forwarder
1,550 -
using Enterprise Security
3 -
using Splunk Cloud
4 -
using Splunk Enterprise
16 -
whitelist
60 -
Windows
587 -
XML
90
- « Previous
- Next »
Get Updates on the Splunk Community!
Index This | What is broken 80% of the time by February?
December 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...
Hello Splunk Community,
We're thrilled to share an exciting update that will help you manage your data more ...
Splunk MCP & Agentic AI: Machine Data Without Limits
Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...
