Getting Data In

Thread Info

Can move_policy actually move things?

Hi all, I'd like to move a batch input after reading. Except not to /dev/null. The manual is pretty clear: mov...

by Communicator in

How to load 122K unique records in a dropdown menu?

In simple XML, when I am attempting to load 122K unique records in the dropdown menu, my whole page freezes for a whi...

by Explorer in

Password Spraying alert from Windows Event Logs

I am attempting to set an alert to monitor for possible password spraying in my AD environment. I am using windows...

by Explorer in

Checkpoint opsec lea 4.0 error with Checkpoint R80

Hi, I am using Checkpoint OPSEC LEA 4.0 On running search i am getting this error message. Error 'Could not fin...

by Communicator in

As a Splunk Cloud customer, should I contact Support to configure props.conf to enable event breaking to my specifications?

Hello All I just have question may be you guys can get me in the right direction . Looks like Splunk event breaking h...

by Explorer in

How far back can be go when rebuilding the forwarders' assets?

Based on the interface of the DMC, it appears that we can go back only 24 hours when rebuilding the forwarder assets....

by Ultra Champion in

How can I merge multiple mail log lines into one event

Hi I want to examine my mail server logfile. The logfile has many lines per logsession. Each line starts with a ti...

by Explorer in

After uploading a local log file into Splunk, where does the local data reside?

Hi Team, I've recently downloaded Splunk Enterprise 6.4.4 trial version for Windows 7. I've uploaded a local log f...

by New Member in

Why is my license host blank?

Hi, I ran the following search to get a license usage report by idx, sourcetype and host. One of the hosts is comi...

by Champion in

How to fix time_format in props.conf to properly line break?

Hi somehow the date is not being picked up properly by splunk. the props.conf has %d/%H:%M:%S.3N but its not work...

by Communicator in

What is the best way display events from 2 indexes in chronological order, filtering by IP?

I have two indexes and I want to display events from both indexes in chronological order, filtering by a specific IP....

by Path Finder in

Is there a way to get a list of heavy forwarders via rest?

Hi, Is there a way to get a list of heavy forwarders via REST? We are creating our own HFW health page, since the ...

by Champion in

Check Point opsec lea upgrade v3.1 to v4.1

Hello, I'm actually using the TA version 3.1 with one CMA. The TA is installed on a forwarder node. I'd like to up...

by Path Finder in

Create a new field based on source and apply to all the events from that source at index time

I have Splunk looking at specific directories for our Geb Unit test reports where reports for each browsers (Chrome, ...

by New Member in

How do I request HTTP Event Collector and REST Endpoint to be enabled on a Cloud instance?

I've been made aware that HTTP Event Collector and REST Endpoint is not enabled by default for Cloud instances. This ...

by New Member in

Splunk unix app not receiving inputs

Hi, I've enabled some of the inputs for the unix app via its configuration page.After selecting those inputs to be...

by Contributor in

How to monitor a folder to index each new text file every day?

Hi, I have a search head and I need to monitor a folder that has a text file in which every day there is a new fil...

by Explorer in

How can I send logs from one universal forwarder to two different indexers depending on the logs type?

I am planning to send the logs to multiple Splunk indexers (location) based on the logs type from one universal forwa...

by Communicator in

Configure delay in batch input? time_to_close does not work (v6.0.5)

Batch configured inputs are getting deleted before they can be indexed. I tried configuring time_to_close in inputs.c...

by Champion in

Redirecting data through two heavy forwarders, is it possible to reprocess already cooked data with props.conf and transforms.conf?

All, I have data flowing through a heavy forwarder. Security wants a SECOND heavy forwarder that they manage to S...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can move_policy actually move things?

How to load 122K unique records in a dropdown menu?

Password Spraying alert from Windows Event Logs

Checkpoint opsec lea 4.0 error with Checkpoint R80

As a Splunk Cloud customer, should I contact Support to configure props.conf to enable event breaking to my specifications?

How far back can be go when rebuilding the forwarders' assets?

How can I merge multiple mail log lines into one event

After uploading a local log file into Splunk, where does the local data reside?

Why is my license host blank?

How to fix time_format in props.conf to properly line break?

What is the best way display events from 2 indexes in chronological order, filtering by IP?

Is there a way to get a list of heavy forwarders via rest?

Check Point opsec lea upgrade v3.1 to v4.1

Create a new field based on source and apply to all the events from that source at index time

How do I request HTTP Event Collector and REST Endpoint to be enabled on a Cloud instance?

Splunk unix app not receiving inputs

How to monitor a folder to index each new text file every day?

How can I send logs from one universal forwarder to two different indexers depending on the logs type?

Configure delay in batch input? time_to_close does not work (v6.0.5)

Redirecting data through two heavy forwarders, is it possible to reprocess already cooked data with props.conf and transforms.conf?

What is the best way to check for hostname consistency in Linux and Windows UF deployments?

Reading Apache server-status output

Should I configure a universal forwarder to forward data to the master node in an indexer cluster?

Export all panel results as different csv's on single button click

How is categorization of messages (ERROR, WARNING, INFORMATION ETC) normally handled by a Splunk forwarder?

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions