Getting Data In

Thread Info

Is it possible to create an event type field within a source type?

Hi, I was wondering if it was possible to create a field within the source type that would show the event type. ...

by New Member in

How to create a consolidated report?

I have 5 input CSV files received everyday. How can they be appended and stored everyday as one report when received?...

by New Member in

Why is there a 2 hour difference between _time and the actual events' timestamp for data on my receiver?

I configured a 6.2 forwarder to send data to one of my receivers also running 6.2. Data is getting into the receivers...

by Explorer in

Blacklisting Windows EventCode

Hello, I have Heavy forwarders windows in 6.2 version who's collecting the event from many universal forwarder. ...

by New Member in

Matching key word in CSV with other data

Hi, I have data in a CSV file which I am pulling in a search. For example: |inputlookup data.csv descript...

by Explorer in

Quick sanity check on my indexes.conf config?

All, Can you do a quick peer review of my index config here? My expectation is we can save as much as we want...

by Builder in

Does anyone have installation and configuration instructions for the HyTrust CloudControl app?

Does anyone have install/config instruction for the HyTrust CloudControl App? I have downloaded and installed it ...

by Path Finder in

How to manage Splunk forwarders from a Splunk deployment server installed on a different VM?

So, I have Splunk Enterprise installed on a VM and it runs fine, but so far I have been upgrading the Splunk forwarde...

by New Member in

Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?

Hello, We have configured a number of our Cherwell servers to send data to Splunk on our Management port 89 ( defa...

by Explorer in

How to configure three servers to each serve as a member and peer in both a search head and indexer cluster?

We have been challenged to spin up a small Splunk Enterprise environment, I would like to have three servers and c...

by Contributor in

Create user and grant him search privilege on a specific index with cURL

Hi guys, I'm trying to create a user and only grant him search privileges on a specific index using cURL. So far I...

by Explorer in

How to edit my inputs.conf on a Windows universal forwarder to forward NPS/IAS logs to my Linux indexer?

Hi all, I'm new to Splunk and I'm having a problem getting the Universal Forwarder on Windows to forward Microsof...

by New Member in

Collect logfiles

I want to collect logfiles in Splunk through the Universal Forwarder. I've set up a forward for the logs of the event...

by New Member in

httpd.conf configuration for logging recommendation?

All, We have legacy servers going years back and newer ones etc. Basically, we have ended up with about 30 differ...

by Builder in

Adding a new CSV file every day as a new index, how do I configure Splunk to use a field in the file as the event timestamp?

Hi - I am currently adding a new CSV file every day as a new index in Splunk for some requirement. Issue is: The e...

by Champion in

How to drop incoming deny logs from firewall logs

I am trying to filter out all inbound deny syslog that the firewall is sending I have a props.conf like this [srx_...

by Motivator in

Upgrading Splunk from 6.2. to 6.4 on Windows, why does it hang on "Please wait while the Setup Wizard installs Splunk Enterprise"?

I'm currently trying to upgrade from 6.2 to 6.4 on Windows and ran into an issue. I ran the MSI file and most of ...

by SplunkTrust in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is it possible to create an event type field within a source type?

How to create a consolidated report?

Why is there a 2 hour difference between _time and the actual events' timestamp for data on my receiver?

Blacklisting Windows EventCode

Matching key word in CSV with other data

Quick sanity check on my indexes.conf config?

Does anyone have installation and configuration instructions for the HyTrust CloudControl app?

How to manage Splunk forwarders from a Splunk deployment server installed on a different VM?

Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?

How to configure three servers to each serve as a member and peer in both a search head and indexer cluster?

Create user and grant him search privilege on a specific index with cURL

How to edit my inputs.conf on a Windows universal forwarder to forward NPS/IAS logs to my Linux indexer?

Collect logfiles

httpd.conf configuration for logging recommendation?

Adding a new CSV file every day as a new index, how do I configure Splunk to use a field in the file as the event timestamp?

How to drop incoming deny logs from firewall logs

Upgrading Splunk from 6.2. to 6.4 on Windows, why does it hang on "Please wait while the Setup Wizard installs Splunk Enterprise"?

Archival on Indexer

Why does inputs.conf does not respect the use of a wildcard (batch*) in my monitor stanza?

How to edit my current props and transforms.conf to eliminate the first 10 lines of my sample log?

Universal Forwarder Installation Fails While Installing RegMon Driver

Does the HTTP Event Collector API support events with arbitrary metadata?

Unable to add CIFS share as frozen path

Why does one serverclass appear via the REST API and the other doesn't?

Splunk Enterprise in a VM environment

The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...

Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25

Community Spotlight: A Splunk Expert's Journey

Power Platform audit logs

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions