Getting Data In

Discussions

Thread Info

inputs.conf wildcards don't work

=== Splunk 5.0.2 === I'd like to monitor these files, where "manydirs" is a wildcard: /my/path/manydirs/error/*...

by Path Finder in

Ingesting 3-party alerts using HTTP Event Collector problem

I'm trying to ingest 3-party alerts as Notable Events in IT Service Intelligence, and I'm following the steps in the ...

by Path Finder in

Splunk TA TypeError for multiple data inputs

Hey Splunk Community, I am in the process of creating a TA with Splunk Add-On Builder and I have run into a proble...

by Path Finder in

How to troubleshoot why our universal forwarder is not sending all events after a certain date?

Good afternoon Splunk team, please could you help us with this? We have this scenario: Splunk has been logging consta...

by Explorer in

What events are eligible for "dropClonedEventsOnQueueFull"?

I am doing some event duplication to a 3rd party and I want to make sure they if their receiver goes down it doesnt e...

by Motivator in

Monitor Splunk Indexer OS Logs - Port Conflicts?

I want to monitor /var/log on all of my Splunk Indexers. However, when I configured this, I was then getting issues c...

by Builder in

How to remove characters in my json raw data so it can be indexed in son formate?

{"ts":"11 03 2016 06:03:56.390","th":"sample-product","user":"apple","device":"iphone","errorCode":"","level":"INFO",...

by Path Finder in

Why are audittrail and splunkd sourcetypes eating up 1/5th of my allowed indexing?

So I was confused as to why the small amount I was indexing from my event logs every day was getting me so close to m...

by Path Finder in

When I add data in Splunk, why does "Preview data before indexing" result in error "The read operation timed out"?

HI, Since yesterday, when I add data into Splunk and choose "Preview data before indexing" this error message app...

by New Member in

How to only index events that contain specific fields?

Hello, all. I know that my question's not a unique, but I want to ask it  I have a netflow text log on a server w...

by Communicator in

TCP:9514 logs doesn't show in Splunk

Hi Team, I have configured a Cisco router to send syslogs to Splunk over TCP port 9514. But that doesn't show up i...

by New Member in

File integrity error

Hello, I get this error in the splunk server "File Integrity checks found 1 files that did not match the system-pr...

by Engager in

How to pick your local domain controller for event log SID translation?

Hi, We recently deployed the following config to 500 Windows Universal Forwarders: [WinEventLog://Security] dis...

by Super Champion in

How to troubleshoot why my scripted input on Solaris is not working?

All, Not really a SunOS guy, so might be missing something fundamental. I wrote the script I need, and it runs fi...

by Builder in

How to add parallelIngestionPipelines to server.conf in an indexer cluster?

Hi All, We have an indexer cluster and cluster master. we need to add the parameter below in the indexer cluster s...

by Contributor in

How to remove inner double quotes from json data??

Hello i am trying to remove inner double quotes from json data here is my sample data: {"msg": "the message...

by Path Finder in

Whats the best way to blacklist a Windows event code?

I have over 300 Universal forwarders and I'm getting several eventcode=5156 events errors. Is there a way to blacklis...

by Path Finder in

Splunk offline command and bucket replication

Reading through the "offline" documentation & "maintenance" mode documentation, I'm slighly confused, if we need to d...

by Super Champion in

Why is the Distributed Management Console unable to find forwarders?

I configured Forwarder Monitoring Setup of DMC function for monitoring status of forwarders, but the Distributed Mana...

by Explorer in

How to edit props.conf to line break a single line event into multiple lines?

I have a single line event as shown. I have to break it to multiple lines starting at {IBP_LKL . May I know what sett...

by Contributor in

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows ...

by Engager in

Can a custom app send data to the indexer via memory?

I wonder what would be an efficient way for a custom app to communicate with an indexer? Can the custom app write to ...

by Ultra Champion in

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Hi Experts, I got a situation. By mistake, I uploaded the same license that I used for Indexers and Master node. N...

by Builder in

Considerations for adjusting autoLBFrequency in outputs.conf

When using automatic load balancing of outputs from universal forwarders (UF), the default number of seconds a forwar...

by Builder in

Why are my nearly identically-named log files not being indexed by Splunk?

For our "ATA42_NETWORK" application we have indexed *.NCD files These files are located in an “input directory” monit...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

inputs.conf wildcards don't work

Ingesting 3-party alerts using HTTP Event Collector problem

Splunk TA TypeError for multiple data inputs

How to troubleshoot why our universal forwarder is not sending all events after a certain date?

What events are eligible for "dropClonedEventsOnQueueFull"?

Monitor Splunk Indexer OS Logs - Port Conflicts?

How to remove characters in my json raw data so it can be indexed in son formate?

Why are audittrail and splunkd sourcetypes eating up 1/5th of my allowed indexing?

When I add data in Splunk, why does "Preview data before indexing" result in error "The read operation timed out"?

How to only index events that contain specific fields?

TCP:9514 logs doesn't show in Splunk

File integrity error

How to pick your local domain controller for event log SID translation?

How to troubleshoot why my scripted input on Solaris is not working?

How to add parallelIngestionPipelines to server.conf in an indexer cluster?

How to remove inner double quotes from json data??

Whats the best way to blacklist a Windows event code?

Splunk offline command and bucket replication

Why is the Distributed Management Console unable to find forwarders?

How to edit props.conf to line break a single line event into multiple lines?

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

Can a custom app send data to the indexer via memory?

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Considerations for adjusting autoLBFrequency in outputs.conf

Why are my nearly identically-named log files not being indexed by Splunk?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions