Getting Data In

Community Activity

What is the best way to display a payload with line breaks for better readability in Splunk Web? I want to display the payload with line breaks for better readability on Splunk Web. Splunk receives the payload a... by ram_85 Explorer in Getting Data In 11-01-2016 0 4	0	4
How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app? I have a deployment server app that makes changes on the target client. Part of the process requires closing another ... by rjthibod Champion in Getting Data In 11-01-2016 0 17	0	17
How to configure Splunk to properly parse logs that contain one or more values with double quotes? Hello Splunk community, Currently I am doing research as an intern at a government agency if their Windows services ... by msboers Engager in Getting Data In 11-01-2016 0 6	0	6
Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed? Hi, I am installing the universal forwarder (6.2) on redhat. I am running into several issues with the SSL setup. I ... by wouterr Explorer in Getting Data In 11-01-2016 1 5	1	5
Why are my sourcetypes constantly changing, and how do I prevent this? I have a small LAN with a couple dozen servers all running Solaris. They are sending into a single instance of Splunk... by Michael Contributor in Getting Data In 10-31-2016 0 4	0	4
Deployment Server flooded with SSL handshake errors from forwarders. How to configure forwarders to use TLS 1.2 We've recently locked down everything to use TLS 1.2 and I think i've fixed just about everything, however, my deploy... by johnpof Path Finder in Getting Data In 10-30-2016 0 3	0	3
What is the best way to index old data with fixed dates? Hi all. I have a set of logs without a timestamp field, so, this value is taken from "Current time" on each sourcety... by changux Builder in Getting Data In 10-30-2016 0 14	0	14
Why are we not seeing expected behavior for maxTotalDataSizeMB in indexes.conf? I'm seeing a sudden spike in data coming from our firewalls (edge and internal). On average an increase of 202% daily... by Admiral_Marith Explorer in Getting Data In 10-29-2016 0 3	0	3
Why is copy-truncate a low-quality log-rotation strategy? I've been told that the copy-truncate pattern is a poor choice for log rotation, and that it should only be used when... by jrodman Splunk Employee in Getting Data In 10-29-2016 6 5	6	5
Log rotation best practices We have a couple of files, that are rotated by copying and then truncating the original file (so no new inode is crea... by chris Motivator in Getting Data In 10-29-2016 4 8	4	8
How can we improve universal forwarder performance? Hi, We have a proxy server where multiple log files get uploaded. The average is about 15 million events per day. C... by dbcase Motivator in Getting Data In 10-28-2016 0 4	0	4
How can I define props.conf with respective source types? i have text file with some data below. how can i define my props.conf file with respective sourcetypes? file 1 of so... by sravankaripe Communicator in Getting Data In 10-28-2016 0 2	0	2
How to edit my inputs.conf to whitelist selected events from Windows Security logs? Hello I have to get only the selected events from Windows Security logs, so I have added the whitelist in inputs.con... by kiran331 Builder in Getting Data In 10-28-2016 1 2	1	2
How to edit my monitor stanza with wildcards to monitor a file with subfolders? I need help with setting these wild cards, it seems like Splunk is not picking up the file in the sub folders. Logs a... by sbattista09 Contributor in Getting Data In 10-28-2016 0 3	0	3
Why is c# logging to HTTP Event Collector not working? I am trying to send events from my Windows server .NET app to Splunk index via HTTP Event Collector. I was able to s... by rvencu Path Finder in Getting Data In 10-28-2016 1 4	1	4
How to split a log into multiple sourcetypes on a heavy forwarder? Hi, I seem to be struggling in splitting log data from the heavy forwarder into several sourcetypes in an index. I h... by cdstealer Contributor in Getting Data In 10-28-2016 0 8	0	8
Splunk UF crashing frequently 6.3 Hi All, UF is crashing frequently . I didn't find any details in the splunkd logs VERSION=6.3.0 BUILD=aa7d4b1ccb80... by rsathish47 Contributor in Getting Data In 10-27-2016 0 2	0	2
How to disable Splunk Web on a universal forwarder? I use Nessus to scan for SSL issues, and the Splunk Web interface is being flagged due to the self signed certs. I ha... by andylee53 New Member in Getting Data In 10-27-2016 0 2	0	2
How to refine our sourcetype configuration for proper line breaking of events that contain multiple date values? We are having problems parsing lines with timestamps at the beginning of the line but then there are other fields tha... by burwell SplunkTrust in Getting Data In 10-27-2016 0 1	0	1
How should you specify the script file for PowerShell Modular Inputs The documentation for the PowerShell Modular Input states When you specify a script file (.ps1), prepend the script n... by martinho Explorer in Getting Data In 10-27-2016 0 4	0	4
What cron expression is supported for the PowerShell Modular Input schedule When using Splunk Web to configure a new Powershell v3 Modular Input the hint for the Cron Schedule the hint text sta... by martinho Explorer in Getting Data In 10-27-2016 0 2	0	2
After installing a forwarder on Windows to send data to a Splunk Cloud trial, why do I not see the forwarder in the Add Data page? I'm new to Splunk and setting up Splunk Cloud trial verison. Have installed a Splunk forwarder on Win 2008 R2 64X ma... by adminimv New Member in Getting Data In 10-27-2016 0 4	0	4
After creating an index for the Search app, why is my indexes.conf file missing from C:\Program Files\Splunk\etc\apps\search? Hello, I have trial version of Splunk Enterprise with me. I created an index for the search and reporting app, but w... by jesmi_harindran New Member in Getting Data In 10-27-2016 0 5	0	5
Why am I receiving "UniversalForwarder Setup Wizard ended prematurely because of an error" when trying to upgrade my server to 6.4.1? Hi, There are a few servers throwing the error while installing Agent: "UniversalForwarder Setup Wizard ended premat... by Dharanesha New Member in Getting Data In 10-27-2016 0 9	0	9
Parsing fields from json logs Hi Splunkers. I'm attempting to search based on fields in a JSON log file For example I am trying to search based on ... by splunk_svc Path Finder in Getting Data In 10-26-2016 0 9	0	9

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers, So you searched, “what is the name of the usb key inserted by bob smith?” Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Getting Data In

What is the best way to display a payload with line breaks for better readability in Splunk Web?

How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app?

How to configure Splunk to properly parse logs that contain one or more values with double quotes?

Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed?

Why are my sourcetypes constantly changing, and how do I prevent this?

Deployment Server flooded with SSL handshake errors from forwarders. How to configure forwarders to use TLS 1.2

What is the best way to index old data with fixed dates?

Why are we not seeing expected behavior for maxTotalDataSizeMB in indexes.conf?

Why is copy-truncate a low-quality log-rotation strategy?

Log rotation best practices

How can we improve universal forwarder performance?

How can I define props.conf with respective source types?

How to edit my inputs.conf to whitelist selected events from Windows Security logs?

How to edit my monitor stanza with wildcards to monitor a file with subfolders?

Why is c# logging to HTTP Event Collector not working?

How to split a log into multiple sourcetypes on a heavy forwarder?

Splunk UF crashing frequently 6.3

How to disable Splunk Web on a universal forwarder?

How to refine our sourcetype configuration for proper line breaking of events that contain multiple date values?

How should you specify the script file for PowerShell Modular Inputs

What cron expression is supported for the PowerShell Modular Input schedule

After installing a forwarder on Windows to send data to a Splunk Cloud trial, why do I not see the forwarder in the Add Data page?

After creating an index for the Search app, why is my indexes.conf file missing from C:\Program Files\Splunk\etc\apps\search?

Why am I receiving "UniversalForwarder Setup Wizard ended prematurely because of an error" when trying to upgrade my server to 6.4.1?

Parsing fields from json logs

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation