Getting Data In

Thread Info

Why am I unable to forward logs from a FreeBSD machine to our managed Splunk Cloud instance?

Hi All, I'm trying to forward logs from a FreeBSD machine to our Splunk Cloud instance. I've downloaded the spl fi...

by Explorer in

How to edit my props.conf to extract the timestamp at the end of my sample syslog events?

I have the following syslog data and I need help extracting the timestamp field at the end of the event: Sep 6 06...

by Communicator in

Compare 2 field values from different sources.

Scenario We process emails looking for order numbers (ON). We need to be able to compare the order numbers we seen in...

by Communicator in

Using a Splunk Forwarder versus adding the data from a network drive

Hi, I am facing some performance challenges and hence wanted to get clarification on a few things. I have data sit...

by Path Finder in

How to restrict specific data to be indexed locally, not interrupting data being forwarded and indexed on remote servers?

I have a small scale Splunk Enterprise instance installed on one server which does not index the data locally. Data i...

by Explorer in

How to send all received traffic on a specific port from Heavy Forwarders to a clustered index?

Environment: 2x heavy forwarders (6.4.1) in a load balanced pool (sitting behind haproxy) and using indexer_discovery...

by Path Finder in

Maximum size of HTTP POST Request and receivers/stream endpoint

Hi community, I got a couple of questions regarding POST request to receivers/stream endpoint. I have used API ...

by Explorer in

How to alert when a forwarder is not sending logs by source type?

Hi How to alert when a host is not sending logs by source type? For now, I'm using the below search for hosts not...

by Builder in

how to parse json to extract multiple line event ?

i have one file json that contain many object like that : { "id": 1, "name": "toto", "price": 1.50, ...

by Contributor in

Cannot merge events MUST NOT BREAK BEFORE not sticking.

Hello! Our application creates a log file a day. In the log file, every line is divided into a separate event. I ...

by Engager in

Unable to merge multiple lines for a non json log file into a single event.

I have a log whose sample format is similar to below. There are some cases where not every line starts with a time st...

by New Member in

Does Splunk have something like Elastic's Sense plugin?

Hi, Does Splunk have anything like Elastic's Sense plugin, which is a gui for the REST API, with auto-fill-in, and...

by Champion in

Why am I not seeing any Windows security event logs after installing a universal forwarder on a remote Windows server?

I have a new standalone Splunk install that I want to test. It's installed on Windows. I want to monitor the Windo...

by Explorer in

For Splunk Enterprise, pre 6.3, default root certificates expire on July 21, 2016 - Universal Forwarder?

Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ? What is the expira...

by Engager in

Calculate weekdays assuming Saturday as 1/2 day

Hi. I want to calculate the weekdays in a month, using this: | gentimes start=11/01/16 end=11/31/16 | search start...

by Builder in

What scripts are available to run against splunk log files to identify error situations

There are such a variety of log files and I am uncertain what logs contain things that a splunk admin needs to addres...

by Explorer in

How to monitor all installed packages?

Hi, I am totally new to Splunk. Is there a way to monitor all installed packages? Best regards, nowami

by New Member in

Possible to run Splunk on Windows and Linux in the same environment?

Hi there, I would like to know if it's possible to have Splunk instances running on linux and windows in the same...

by Motivator in

How can I programmatically monitor data model acceleration progress?

I want to add some monitoring of data model acceleration to inform us when it is falling behind (as this can have qui...

by Builder in

Is there a CLI option to force the answer "no" during universal forwarder startup when asked if I want to change the port number to something else?

I am planning to do a silent install of a Splunk Universal Forwarder (v6.3.0) to several hundred Windows servers. Som...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why am I unable to forward logs from a FreeBSD machine to our managed Splunk Cloud instance?

How to edit my props.conf to extract the timestamp at the end of my sample syslog events?

Compare 2 field values from different sources.

Using a Splunk Forwarder versus adding the data from a network drive

How to restrict specific data to be indexed locally, not interrupting data being forwarded and indexed on remote servers?

How to send all received traffic on a specific port from Heavy Forwarders to a clustered index?

Maximum size of HTTP POST Request and receivers/stream endpoint

How to alert when a forwarder is not sending logs by source type?

how to parse json to extract multiple line event ?

Cannot merge events MUST NOT BREAK BEFORE not sticking.

Unable to merge multiple lines for a non json log file into a single event.

Does Splunk have something like Elastic's Sense plugin?

Why am I not seeing any Windows security event logs after installing a universal forwarder on a remote Windows server?

For Splunk Enterprise, pre 6.3, default root certificates expire on July 21, 2016 - Universal Forwarder?

Calculate weekdays assuming Saturday as 1/2 day

What scripts are available to run against splunk log files to identify error situations

How to monitor all installed packages?

Possible to run Splunk on Windows and Linux in the same environment?

How can I programmatically monitor data model acceleration progress?

Is there a CLI option to force the answer "no" during universal forwarder startup when asked if I want to change the port number to something else?

Could not send data to output queue (parsingQueue)

How to configure Splunk to parse and recognize key value pairs with brackets in my sample data?

How to add _meta Tags to modular inputs, i.e. Netapp Ontap App

Logs were not indexing in Splunk from a particular path

Per-event sourcetype overrides - not actually a lot of use?

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Observability Professionals: Build Resilience and Visibility with These .conf25 ...

See just what you’ve been missing | Observability tracks at Splunk University

Why is Splunk Universal Forwarder unable to interp...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions