Getting Data In

Community Activity

How to edit my inputs.conf to whitelist selected events from Windows Security logs? Hello I have to get only the selected events from Windows Security logs, so I have added the whitelist in inputs.con... by kiran331 Builder in Getting Data In 10-28-2016 1 2	1	2
How to edit my monitor stanza with wildcards to monitor a file with subfolders? I need help with setting these wild cards, it seems like Splunk is not picking up the file in the sub folders. Logs a... by sbattista09 Contributor in Getting Data In 10-28-2016 0 3	0	3
Why is c# logging to HTTP Event Collector not working? I am trying to send events from my Windows server .NET app to Splunk index via HTTP Event Collector. I was able to s... by rvencu Path Finder in Getting Data In 10-28-2016 1 4	1	4
How to split a log into multiple sourcetypes on a heavy forwarder? Hi, I seem to be struggling in splitting log data from the heavy forwarder into several sourcetypes in an index. I h... by cdstealer Contributor in Getting Data In 10-28-2016 0 8	0	8
Splunk UF crashing frequently 6.3 Hi All, UF is crashing frequently . I didn't find any details in the splunkd logs VERSION=6.3.0 BUILD=aa7d4b1ccb80... by rsathish47 Contributor in Getting Data In 10-27-2016 0 2	0	2
How to disable Splunk Web on a universal forwarder? I use Nessus to scan for SSL issues, and the Splunk Web interface is being flagged due to the self signed certs. I ha... by andylee53 New Member in Getting Data In 10-27-2016 0 2	0	2
How to refine our sourcetype configuration for proper line breaking of events that contain multiple date values? We are having problems parsing lines with timestamps at the beginning of the line but then there are other fields tha... by burwell SplunkTrust in Getting Data In 10-27-2016 0 1	0	1
How should you specify the script file for PowerShell Modular Inputs The documentation for the PowerShell Modular Input states When you specify a script file (.ps1), prepend the script n... by martinho Explorer in Getting Data In 10-27-2016 0 4	0	4
What cron expression is supported for the PowerShell Modular Input schedule When using Splunk Web to configure a new Powershell v3 Modular Input the hint for the Cron Schedule the hint text sta... by martinho Explorer in Getting Data In 10-27-2016 0 2	0	2
After installing a forwarder on Windows to send data to a Splunk Cloud trial, why do I not see the forwarder in the Add Data page? I'm new to Splunk and setting up Splunk Cloud trial verison. Have installed a Splunk forwarder on Win 2008 R2 64X ma... by adminimv New Member in Getting Data In 10-27-2016 0 4	0	4
After creating an index for the Search app, why is my indexes.conf file missing from C:\Program Files\Splunk\etc\apps\search? Hello, I have trial version of Splunk Enterprise with me. I created an index for the search and reporting app, but w... by jesmi_harindran New Member in Getting Data In 10-27-2016 0 5	0	5
Why am I receiving "UniversalForwarder Setup Wizard ended prematurely because of an error" when trying to upgrade my server to 6.4.1? Hi, There are a few servers throwing the error while installing Agent: "UniversalForwarder Setup Wizard ended premat... by Dharanesha New Member in Getting Data In 10-27-2016 0 9	0	9
Parsing fields from json logs Hi Splunkers. I'm attempting to search based on fields in a JSON log file For example I am trying to search based on ... by splunk_svc Path Finder in Getting Data In 10-26-2016 0 9	0	9
How do I redirect to another indexer using wildcards in my props.conf? All, I have the following props.conf / transforms.conf setup. Trying to set aside PCI into it's own set of indexers... by daniel333 Builder in Getting Data In 10-26-2016 0 3	0	3
How to line break my XML file by using LINE_BREAKER or editing props.conf? Hi Guys, I am trying to breaks the events for my sample XML file. Below is the sample. I need to break this on tag. ... by abhishekdharga Engager in Getting Data In 10-26-2016 0 8	0	8
Why is indexing volume not matching license usage? Following some runaway license violations, I am looking to find the offending host but in running the queries that I ... by leonards1 Explorer in Getting Data In 10-26-2016 0 1	0	1
How to configure universal forwarders (deployment clients) on Windows machines to send logs to Splunk Light? Complete Splunk beginner here. I am learning to use Splunk. We have a bunch of Windows machines that we want to pull... by tejasplunk Engager in Getting Data In 10-26-2016 1 2	1	2
draw a splunk chart depicting no of occurrences for different strings? 0 down vote favorite I want to draw a splunk chart and I have following strings in my logs: "Request id: 552" "Reque... by eleena1994 New Member in Getting Data In 10-26-2016 0 4	0	4
Field extractions are not coming up on splunk. My field extractions are not coming up on splunk. - i added the extractions in props.conf (tested them b4 adding). - ... by joydeep741 Path Finder in Getting Data In 10-26-2016 0 5	0	5
How to exclude certain fields in json logs from being displayed on UI OR being indexed? Hi All, Is there a way to exclude certain fields from my JSON data? For example: I have the below JSON Format event ... by saranya_fmr Communicator in Getting Data In 10-26-2016 1 4	1	4
How to get a list of indexers reporting into our license manager via REST API? Hi, I want to get a list of indexers reporting into our license manager via REST API. Many of these we do not manage... by a212830 Champion in Getting Data In 10-26-2016 0 8	0	8
How to audit access to the Windows Event logs? Hello, I've been asked to audit the access to the Windows Event logs themselves... this might be more of a Windows S... by guarisma Contributor in Getting Data In 10-26-2016 0 4	0	4
Numerous messages WARN LineBreakingProcessor Truncating for remote_searches.log I am seeing numerous WARN messages in the splunkd.log "09-08-2016 13:56:07.802 +0000 WARN LineBreakingProcessor - Tr... by babcolee Path Finder in Getting Data In 10-26-2016 3 4	3	4
Difference between \| rest and \| metadata? Hello, could you tell me what is the difference between results from \| rest and \| metadata when trying to find, for ... by splunkreal Motivator in Getting Data In 10-26-2016 0 1	0	1
Permissions on indexes and sourcetypes Hey, I know that you can set read/write permissions on views. Is it possible to set read permissions on indexes and... by Ant1D Motivator in Getting Data In 10-26-2016 1 7	1	7

Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars Sometimes, you just need to see the code. For those looking for a ...

Getting Data In

How to edit my inputs.conf to whitelist selected events from Windows Security logs?

How to edit my monitor stanza with wildcards to monitor a file with subfolders?

Why is c# logging to HTTP Event Collector not working?

How to split a log into multiple sourcetypes on a heavy forwarder?

Splunk UF crashing frequently 6.3

How to disable Splunk Web on a universal forwarder?

How to refine our sourcetype configuration for proper line breaking of events that contain multiple date values?

How should you specify the script file for PowerShell Modular Inputs

What cron expression is supported for the PowerShell Modular Input schedule

After installing a forwarder on Windows to send data to a Splunk Cloud trial, why do I not see the forwarder in the Add Data page?

After creating an index for the Search app, why is my indexes.conf file missing from C:\Program Files\Splunk\etc\apps\search?

Why am I receiving "UniversalForwarder Setup Wizard ended prematurely because of an error" when trying to upgrade my server to 6.4.1?

Parsing fields from json logs

How do I redirect to another indexer using wildcards in my props.conf?

How to line break my XML file by using LINE_BREAKER or editing props.conf?

Why is indexing volume not matching license usage?

How to configure universal forwarders (deployment clients) on Windows machines to send logs to Splunk Light?

draw a splunk chart depicting no of occurrences for different strings?

Field extractions are not coming up on splunk.

How to exclude certain fields in json logs from being displayed on UI OR being indexed?

How to get a list of indexers reporting into our license manager via REST API?

How to audit access to the Windows Event logs?

Numerous messages WARN LineBreakingProcessor Truncating for remote_searches.log

Difference between | rest and | metadata?

Permissions on indexes and sourcetypes

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

How to Integrate and ingest the audit logs of Cymu...

Clarity on metrics license usage and how the data ...

ServiceNow Technical Add-on for CMDB Pull

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Getting Data In

Join the Conversation