Getting Data In

Community Activity

Reading Apache server-status output Has anyone tried to have splunk parse the output of the machine readable apache server-status page, e.g http://$apach... by mhouts001 Engager in Getting Data In 10-20-2016 1 6	1	6
Should I configure a universal forwarder to forward data to the master node in an indexer cluster? Setting up a Splunk indexer cluster consists of the following: idx01 : indexer mode: master idx02 : indexer mode: sl... by makincerdas Explorer in Getting Data In 10-20-2016 0 6	0	6
Export all panel results as different csv's on single button click Hi, I would like to export the csv's of all the panel results with a single button click. So far, I am able to search... by harshal_chakran Builder in Getting Data In 10-20-2016 0 1	0	1
How is categorization of messages (ERROR, WARNING, INFORMATION ETC) normally handled by a Splunk forwarder? I am a Splunk user (with no control of data collection) and have set up color coding for errors (red) warning etc in ... by bareisd Explorer in Getting Data In 10-19-2016 0 1	0	1
Is it possible to monitor and index files in a folder that has multiple periods in the name? Hi, I'm using Splunk 6.1.3 for Windows and have an issue with indexing files that reside in a folder that contains p... by Michael_Ekkert New Member in Getting Data In 10-19-2016 0 5	0	5
Is there a known issue with importing a large number of logs at once? Hi, I have setup a file/dir import input to look at a folder and injest the contents of the log files into splunk, t... by tonyparreiro Explorer in Getting Data In 10-19-2016 0 2	0	2
Using the Splunk HTTP Event Collector with log4j2, why are some message field keys not being parsed? Hello, I use Splunk HTTP Event Collector (splunk-library-javalogging-1.5.1.jar) with log4j2. Here is my (simplified)... by AlGon Engager in Getting Data In 10-19-2016 1 6	1	6
How to extract additional JSON objects from within my extracted JSON? Hello All, I was wondering how to go about extracting additional objects within my extracted JSON. For example here... by splunker1981 Path Finder in Getting Data In 10-19-2016 0 5	0	5
Can we set a time range from today 00:00:00 AM to real time now? Hello, I would like to set a search for the 24H of the current day: a time range from today 00:00:00 AM to real time... by chrbar01 Explorer in Getting Data In 10-19-2016 0 5	0	5
The header order changes in my monitored CSV file. Is there a way to have the forwarded data follow this order dynamically? I am monitoring a file that has comma separated values. For example: John, Smith, Maine The data is being for... by riotto Path Finder in Getting Data In 10-19-2016 0 2	0	2
Did Splunk 6.3.4 deprecate the function to send results as CSV or PDF attachments in alerts? Prior to upgrading to Splunk 6.3.4, there were check boxes when setting up email alerts to allow sending results as C... by Brian_Hopps New Member in Getting Data In 10-19-2016 0 2	0	2
can I safely turn off modular inputs on a forwarder? I'd like to turn off a couple modular inputs on a universal forwarder, such as WinPrintMon. Two questions: 1) If ther... by cphair Builder in Getting Data In 10-19-2016 0 5	0	5
How to control splunk logs splunkd_stderr.log & splunkd-utility.log filling up disk space Hi, I have installed Splunk having very limited space. I am able to manage other logs my modifying /etc/log.cfg file.... by anantdeshpande Path Finder in Getting Data In 10-19-2016 0 8	0	8
Bluecoat and websense Logs Hi Everyone, we have bluecoat and websense. we need to detec the user who is browsing some suspecious website. the t... by rashid47010 Communicator in Getting Data In 10-19-2016 0 1	0	1
How to deploy Check Point OPSEC LEA on several heavy fowarder servers? Hello, I have a couple of heavy forwaders running but only one with Checkpoint LEA 3.1 TA installed. Thus in case of... by sassens1 Path Finder in Getting Data In 10-19-2016 0 1	0	1
CIM: If I have an event that does not describe a relationship between two systems, should I use src_host or dest_host for the host field? in case I have an event which does not describe a relation between two systems, e.g. the size of an Oracle table spac... by FritzWittwer_ol Contributor in Getting Data In 10-19-2016 0 3	0	3
Why is one of my blacklists on inputs.conf not working to filter events from Windows Event Logs? Hi, So I am using Windows Universal forwarder (6.4.1) to forward data to indexers (6.5) I have a filter setup in inp... by fatemabwudel Path Finder in Getting Data In 10-18-2016 0 11	0	11
route data to custom index using source i have three different source 1. /var/log/auth.log 2. /var/log/syslog i want data to route my custom index source 1... by saifuddin9122 Path Finder in Getting Data In 10-18-2016 0 6	0	6
SEDCMD for MAC address that are missing leading zeroes between colons So, some companies in their infinite wisdom strip leading zeroes from the bytes WITHIN MAC addresses, so we end up wi... by craigkleen Communicator in Getting Data In 10-18-2016 0 2	0	2
How to use a delete command in splunk...? I cannot delete the events in splunk, i did append this search with delete command..I'm looking to delete the events ... by prakash007 Builder in Getting Data In 10-18-2016 0 13	0	13
How Do I Blacklist a specific file. I have a issue blacklisting a specific file "voipcall_wcas1.cdr.2016-10-12-17" the filename changes everyday as it f... by englishjohn New Member in Getting Data In 10-18-2016 0 2	0	2
Best place to filter out on field Hi, I have the following query to report on license utilization, and now want to filter out on specific slave indexe... by a212830 Champion in Getting Data In 10-18-2016 0 6	0	6
HTTP Event Collector: Why are double quotes not escaped for a properly formatted JSON string? A properly formatted JSON string will escape the double quotes. However the HEC does not translate that accordingly.... by unclethan Path Finder in Getting Data In 10-18-2016 2 2	2	2
Why is the term ‘auto tune’ used in indexes.conf documentation for auto ‘maxDataSize’? This may be misleading. Concern: The documentation here states: ‘maxDataSize = <positive integer>\|auto\|auto_high_volume * The maximum siz... by kgrigsby_splunk Splunk Employee in Getting Data In 10-17-2016 0 1	0	1
How do you identify if a box is an indexer or a search head? Hi, Splunk were installed on 2 boxes by previous admin. I can browse to port 8000 on both boxes, and get the 'Search... by makincerdas Explorer in Getting Data In 10-17-2016 0 12	0	12

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide Staying ahead in the fast-paced ...

Getting Data In

Reading Apache server-status output

Should I configure a universal forwarder to forward data to the master node in an indexer cluster?

Export all panel results as different csv's on single button click

How is categorization of messages (ERROR, WARNING, INFORMATION ETC) normally handled by a Splunk forwarder?

Is it possible to monitor and index files in a folder that has multiple periods in the name?

Is there a known issue with importing a large number of logs at once?

Using the Splunk HTTP Event Collector with log4j2, why are some message field keys not being parsed?

How to extract additional JSON objects from within my extracted JSON?

Can we set a time range from today 00:00:00 AM to real time now?

The header order changes in my monitored CSV file. Is there a way to have the forwarded data follow this order dynamically?

Did Splunk 6.3.4 deprecate the function to send results as CSV or PDF attachments in alerts?

can I safely turn off modular inputs on a forwarder?

How to control splunk logs splunkd_stderr.log & splunkd-utility.log filling up disk space

Bluecoat and websense Logs

How to deploy Check Point OPSEC LEA on several heavy fowarder servers?

CIM: If I have an event that does not describe a relationship between two systems, should I use src_host or dest_host for the host field?

Why is one of my blacklists on inputs.conf not working to filter events from Windows Event Logs?

route data to custom index using source

SEDCMD for MAC address that are missing leading zeroes between colons

How to use a delete command in splunk...?

How Do I Blacklist a specific file.

Best place to filter out on field

HTTP Event Collector: Why are double quotes not escaped for a properly formatted JSON string?

Why is the term ‘auto tune’ used in indexes.conf documentation for auto ‘maxDataSize’? This may be misleading.

How do you identify if a box is an indexer or a search head?

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation