Getting Data In

Community Activity

How to enable and disable scheduled searches using Splunk REST API in Powershell? I have a requirement to disable scheduled search (specific ones) during a specific window and when a data load runs, ... by vivekriyer Explorer in Getting Data In 09-22-2016 0 1	0	1
Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder? We have a syslog server where there are many logs going to the indexer. Can we configure the Linux Universal Forward... by HackerHurricane Engager in Getting Data In 09-22-2016 0 1	0	1
Multiple index join with different formatted data JSON and RAW is not working I have esbetalog in JSON format and etaprd in RAW format and outer joined as with CUSTOMER_ORDER_NUMBER column both h... by ppanchal Path Finder in Getting Data In 09-22-2016 1 4	1	4
Can forwarder be configured to monitor more than one folder on Windows servers? I installed and configured the forwarder on windows. in the monitoring folder, I have multiple folders. can the for... by btran Explorer in Getting Data In 09-22-2016 0 4	0	4
How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider? I'm attempting to configure SSO for Splunk with ADFS as the IdP. I have mapped an Active Directory group to the admi... by justinb82 Engager in Getting Data In 09-22-2016 0 4	0	4
Forwardeing and Indexing on an Heavy Forwarder Hi at all, I have a Splunk instance indexing some logs. I'd like to continue to use the server for its old job but, a... by gcusello SplunkTrust in Getting Data In 09-22-2016 0 12	0	12
how do i get splunk to recognise timestamp of my log I have a time stamp logged into my my SNMP log like the below [6844 0502 083830508 SNMP] BAXSnmpSTTWorker::HandleSys... by deepthi5 Path Finder in Getting Data In 09-22-2016 0 4	0	4
Use script to format file while uploading Hi, I have a python script which formats the json file and create a new file in another location. My splunk instance... by harshal_chakran Builder in Getting Data In 09-22-2016 0 2	0	2
Why am I unable to use token authentication on a universal forwarder Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder. ... by mvidal31 Engager in Getting Data In 09-21-2016 0 3	0	3
Why am I unable to index contents of a text file being monitored by universal forwarder? Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk Forwa... by att35 Builder in Getting Data In 09-21-2016 0 9	0	9
How to configure srchFilter for a role to limit the results by indexer? I have a Splunk Enterprise setup, with a handful of main indexers and their own search head clusters, and a bunch of ... by brynsmith Explorer in Getting Data In 09-21-2016 0 6	0	6
Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers? Hi, I noticed that my io bandwidth is approaching 100% on my servers (though, my overall resources (cpu, mem) are fi... by a212830 Champion in Getting Data In 09-21-2016 0 8	0	8
Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder? Hi, I have a use case to forward Application logs from one universal forwarder server to particular folder of anothe... by sravankaripe Communicator in Getting Data In 09-21-2016 0 4	0	4
What is the best way to handle json data with nested arrays? I am having some trouble working with JSON events. I use Splunk Enterprise 6.4.1. I'm using KV_MODE=json in my pr... by lyndac Contributor in Getting Data In 09-21-2016 0 1	0	1
Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers) In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermedia... by sravankaripe Communicator in Getting Data In 09-21-2016 0 1	0	1
Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed? Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux s... by Ealderiso Explorer in Getting Data In 09-21-2016 0 20	0	20
How do I use syslogNG to replace Splunk TCP or UDP inputs? This is a question I have the answer to, I'm posting this answer because I spent a number of hours attempting to unde... by gjanders SplunkTrust in Getting Data In 09-20-2016 0 6	0	6
How to log Watchguard into Splunk? Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monitor... by calebra05 New Member in Getting Data In 09-20-2016 0 1	0	1
How to edit my props.conf for proper line breaking of a large event by the ∑ character? I am having trouble with being able to properly line break an event like the following: Here are the props I am us... by LiquidTension Path Finder in Getting Data In 09-20-2016 0 2	0	2
Importing Year/Month field I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splunk f... by bitfhacker New Member in Getting Data In 09-20-2016 0 3	0	3
When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza? From indexerA I am trying to forward Windows Event Logs and IIS Logs to indexerB. The Windows Event Logs are being fo... by jstacey_intuit Explorer in Getting Data In 09-20-2016 0 3	0	3
Use of double qoutes in rex command arguments fails alerts in windows environment. Set up an alert with the search command: source="C:\test\data\log1.txt" \| rex v="(?.*)" \| head 10 the alert has never... by xli_splunk Splunk Employee in Getting Data In 09-20-2016 0 3	0	3
Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs? Hello, I am trying to only capture EventIDs 400 and 800 inside the Windows PowerShell log (not the PowerShell Opera... by adayton20 Contributor in Getting Data In 09-20-2016 0 4	0	4
Indexing problem I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager v... by xiaoyuew Path Finder in Getting Data In 09-20-2016 0 2	0	2
How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder? We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Univ... by koshyk Super Champion in Getting Data In 09-19-2016 0 3	0	3

Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...

Getting Data In

How to enable and disable scheduled searches using Splunk REST API in Powershell?

Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder?

Multiple index join with different formatted data JSON and RAW is not working

Can forwarder be configured to monitor more than one folder on Windows servers?

How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider?

Forwardeing and Indexing on an Heavy Forwarder

how do i get splunk to recognise timestamp of my log

Use script to format file while uploading

Why am I unable to use token authentication on a universal forwarder

Why am I unable to index contents of a text file being monitored by universal forwarder?

How to configure srchFilter for a role to limit the results by indexer?

Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers?

Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder?

What is the best way to handle json data with nested arrays?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

How do I use syslogNG to replace Splunk TCP or UDP inputs?

How to log Watchguard into Splunk?

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

Importing Year/Month field

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

Use of double qoutes in rex command arguments fails alerts in windows environment.

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Indexing problem

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

How to Integrate and ingest the audit logs of Cymu...

Clarity on metrics license usage and how the data ...

ServiceNow Technical Add-on for CMDB Pull

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Getting Data In

Join the Conversation