Getting Data In

Discussions

Thread Info

How to set Source equal to filename in input.conf?

There are a lot of documentation on how to set Host equal to filename or directory name, however i couldn't find anyt...

by Path Finder in

Problem: Unable to send cooked data to two different Indexer ports

Hello Experts, I have an issue where I am unable to send cooked data to two different Indexer ports. My flow of...

by Path Finder in

learn splunk rest interface

I have tried multiple time to get my hands around this API. I have read through the tutorials multiple times and yes ...

by Explorer in

where can i see in the splunk internal logs when a forwarder successfully started forwarding the data?

Is there any specific search that i can pull out the connection established time and date?

by Builder in

getting errors from my splunk logs on monitor PC

Error 1 - ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine....

by Explorer in

Extract Hostname using inputs.conf

Hi, I have the below event and I'd like to extract the hostname (ccivirpxa0720) using inputs.conf (never have done...

by Motivator in

Splunk Universal Forwarder for "WindowsStorageServer2012R2"

Can Splunk Universal Forwarder be installed on WindowsStorageServer2012R2 ? Is Installer for WindowsStorageServer dif...

by New Member in

How to Edit saved search using Splunk REST ?

I want to edit the search of a Saved Search Report using REST in Python without any other change. But when i am using...

by Explorer in

how to collect log

I install splunk in my windows server 2008, collecting log from windows working fine. I need some help to collect log...

by Explorer in

Splunk shows duplicate events in search results when there are no duplicates in the source file.

When I run a search in Splunk, the results show some duplicate events. I have checked the source file and the events ...

by Motivator in

What is the size (in bytes) of various common IT data event sourcetypes

I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data even...

by Splunk Employee in

heterogenous sourcetype in log file

I have a log file that has multiple sourcetypes or entries defined by a different format. Each entry in the log has a...

by Path Finder in

What kind of log is this (from Proxy access logs)

Hi all, I'm trying to identify what this is in my access logs: POST http://123.123.123.123/open/1 Followed ...

by Path Finder in

universal forwarder delay - 8 minutes

Any ideas why I am seeing an 8 minute delay in the UF -> Index data? The UF is monitoring a logfile that is consis...

by Contributor in

How do I extract two different variations of a timestamp from the same sourcetype?

For one of our syslog devices, some events that come through only contain the syslog datetime format, while there are...

by Communicator in

Parse IIS logs (structured data) on Universal Forwarder

We are trying to parse or drop a number of fields on IIS Logs from our Exchange environment. I have done as much digg...

by Path Finder in

Why am I unable to start Splunk Universal Forwarder after installing on Isilon/Linux?

Got the universal forwarder installed on my Isilon. (/opt/Splunk/splunkforwarder/) Trying to follow the directions to...

by New Member in

REST API to push data into Splunk

We are trying to push the application real time data into Splunk as part of code base, Do we have any REST API to pus...

by Builder in

how can i configure my search head to get the data from a heavy forwarder?

I am aware of getting the data from an universal forwarder?. Can anyone explain me the process of getting data from a...

by Builder in

Monitor windows file using environment variable in the path

Hi All, Can we specify environment variables of windows in the monitor stanza. For example like below: [monitor...

by Contributor in

How to store or index data from multiple clients that have multiple servers?

Hello. First time I'm posting a question, and a relative new to Splunk so I apologize up front if this has alread...

by Explorer in

Is there any risk in load balancing universal forwarder to an intermediate forwarder using a dedicated load balancer?

Hello! Our setup consists of Universal Forwarders sending logs through a load balancer to Intermediate Forwarders ...

by New Member in

Splunk Reading a File we didn't tell it to per LSOF

All, I am trying to understand why Splunk it opening a file here. When I run LSOF I see Splunk looking at a r...

by Builder in

Does a multiple IPs hostname trigger Forwarder round robin?

When writing outputs.conf, setting several receivers to "server=" causes the forwarder to round robin through those r...

by Engager in

unable to read field names with space using mulikv

From log file , i have mixed data some wher i have student data as below bla bla... bla blaa.. list of the student...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to set Source equal to filename in input.conf?

Problem: Unable to send cooked data to two different Indexer ports

learn splunk rest interface

where can i see in the splunk internal logs when a forwarder successfully started forwarding the data?

getting errors from my splunk logs on monitor PC

Extract Hostname using inputs.conf

Splunk Universal Forwarder for "WindowsStorageServer2012R2"

How to Edit saved search using Splunk REST ?

how to collect log

Splunk shows duplicate events in search results when there are no duplicates in the source file.

What is the size (in bytes) of various common IT data event sourcetypes

heterogenous sourcetype in log file

What kind of log is this (from Proxy access logs)

universal forwarder delay - 8 minutes

How do I extract two different variations of a timestamp from the same sourcetype?

Parse IIS logs (structured data) on Universal Forwarder

Why am I unable to start Splunk Universal Forwarder after installing on Isilon/Linux?

REST API to push data into Splunk

how can i configure my search head to get the data from a heavy forwarder?

Monitor windows file using environment variable in the path

How to store or index data from multiple clients that have multiple servers?

Is there any risk in load balancing universal forwarder to an intermediate forwarder using a dedicated load balancer?

Splunk Reading a File we didn't tell it to per LSOF

Does a multiple IPs hostname trigger Forwarder round robin?

unable to read field names with space using mulikv

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions