Getting Data In

Thread Info

How to write a query that will separate browser sections in a JSON array into separate events?

I'm currently trying to write a query that will let me separate the follow "browser" sections in this JSON array into...

by Path Finder in

How to monitor newly written log lines from a log file whose modtime is older than 12 hours?

Hi, Our monitor configuration is: [monitor:///opt/diags.log*] disabled = false host = $decideOnStartup sourcety...

by Influencer in

How to troubleshoot why we are seeing unexpected characters in Windows event logs in Splunk?

Hi, I have a serious problem with logs.. some events (below 0.01%) have strange characters. - such strange charac...

by Communicator in

Scripted input stops working: "Not added to run queue" in DEBUG ExecProcessor

I have a Python scripted input on a Splunk UF which calls a Kafka bin script (bin/kafka-consumer-groups.sh) and re-fo...

by Path Finder in

Windows Perfmon Collection Issue

Having some issues with collecting % Processor Time for processes. My inputs.conf is configured with the below stanza...

by Explorer in

REST API fired alerts php sdk

hi im using the splunk php sdk. And i cant find any functions in there to get the information i want from searches...

by New Member in

How to extract the nested array coordinates from JSON?

Hi !! I am new to Splunk and trying to extract the array coordinates from Json. {"type":"Feature","geometry":{"ty...

by Explorer in

After setting up Splunk to monitor a folder, why is only the first log file getting indexed?

Hi I have set up Splunk to monitor a particular folder for logs, but somehow it picks only the 1st log file added...

by New Member in

Monitor My application

Hello There, I wanted to monitor few parameters related to my application. Number of files in a specific direct...

by New Member in

Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying

Time Event 11/19/10 11:59:37.000 PM Nov 18 23:59:37 10.0.0.10 Nov 19 04:59:37 filterlog...

by New Member in

Successful dormant user logins

hello I am trying to write a query for Successful dormant user logins whereas the user has successfully logged in to...

by Communicator in

How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59?

I have PFsense sending logs to Splunk running on Ubuntu 14.04 server. When I check pfsense internal logs, everything ...

by New Member in

How to prevent a PID file from causing one of our universal forwarders to shut down?

Hi, I got an issue with one of the Universal Forwarder. It is automatically shutting down and when I restart, it ...

by Explorer in

How to troubleshoot why a Windows universal forwarder can forward permon data to Splunk Light 6.3, but not Windows event logs?

Hi to all, I'm a newbie with Splunk this week, and trying to configure a forwarder in W2008 in order to forward ev...

by New Member in

How to edit my scripted input to collect and index data from scripts installed on forwarders?

Hi, I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing. F...

by Communicator in

Does moving indexed data from one Splunk indexer to another count against license?

Hello, We want to move previously indexed data into a new Splunk instance and wanted to make sure that doesn't cou...

by Path Finder in

If we remove a corrupted peer in an indexer cluster, will hot and warm buckets from existing indexers populate to the new replacement peer?

We have 4 indexers, and if 1 peer is corrupted, we have 0 hot 0 cold 0 frozen now. If we remove the corrupted peer fr...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to write a query that will separate browser sections in a JSON array into separate events?

How to monitor newly written log lines from a log file whose modtime is older than 12 hours?

How to troubleshoot why we are seeing unexpected characters in Windows event logs in Splunk?

Scripted input stops working: "Not added to run queue" in DEBUG ExecProcessor

Windows Perfmon Collection Issue

REST API fired alerts php sdk

How to extract the nested array coordinates from JSON?

After setting up Splunk to monitor a folder, why is only the first log file getting indexed?

Monitor My application

Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying

Successful dormant user logins

How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59?

How to prevent a PID file from causing one of our universal forwarders to shut down?

How to troubleshoot why a Windows universal forwarder can forward permon data to Splunk Light 6.3, but not Windows event logs?

How to edit my scripted input to collect and index data from scripts installed on forwarders?

Does moving indexed data from one Splunk indexer to another count against license?

If we remove a corrupted peer in an indexer cluster, will hot and warm buckets from existing indexers populate to the new replacement peer?

Forwarder Management - Where to place configuration files to get updated?

How to edit props.conf in order to have JSON log events listed in chronological order?

After installing the Universal Forwarder using MSI, I am not receiving any data. How to edit my configuration?

Is there a better way to edit my current inputs.conf for sourcetypes defined by path?

How to edit my search to get total time of events (last-first) and sum by source, by host?

Index XML files

Monitor a File That's Being Purged Regularly

Is it possible to combine the two functionalities of Indexing and Heavy Forwarding on a single VM host?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions