Getting Data In

Community Activity

Why is the host name I set in a monitor stanza on a universal forwarder not showing as expected for indexed events? I have an rsyslog server aggregating syslog streams from switches and firewalls. The rsyslog server writes log files ... by ejwade Contributor in Getting Data In 09-26-2016 1 4	1	4
VMware ESXi vmkernel error search Hi Splunkers. A year ago we had a hardware issue that disabled our operation for 24 hours. The VMware vmkernel error... by HCadmins Communicator in Getting Data In 09-26-2016 0 5	0	5
Can i have splunk forward data to an external system? Is it possible to have splunk forward data to another 3rd party system that is expecting syslog? by Erik_Swan Splunk Employee in Getting Data In 09-26-2016 3 2	3	2
Is it possible to prevent indexing part of a line in a log file? I know it is possible to skip lines in an input, however, I have the case where I want to skip part of a line. For e... by machiel Path Finder in Getting Data In 09-26-2016 0 3	0	3
A very singular use case (I think) in indexing XML files. I think I have a very particular scenario using XML files. At least I did not find somebody having the same issue her... by tcmarquesi Explorer in Getting Data In 09-26-2016 0 2	0	2
How to configure logs capture in Splunk Hi, I am a newbie to splunk and I have a requirement like below. We are using Weblogic em console to see and downloa... by thambijoseph New Member in Getting Data In 09-26-2016 0 6	0	6
easiest way to detect if splunk forwarder is running on 150 servers Hey There, I am new to splunk(Please go easy on my knowledge :)). We have 150 servers that has splunk forwarders on i... by Raghav2384 Motivator in Getting Data In 09-25-2016 0 15	0	15
How to index the correct timestamp from a log that has two dates? Hi guys, I have a log file that occasionally logs an event which contains two dates. For example, like this: 2014-10... by doubleIQ Engager in Getting Data In 09-24-2016 1 6	1	6
How to configure props.conf to set the universal forwarder's server time as the event timestamp? I'm trying to solve the following problem: in our client's environment, the clocks on different servers can vary grea... by arkadyz1 Builder in Getting Data In 09-24-2016 0 5	0	5
Why are some forwarded Windows events getting dropped and I get error "Failed to get the (record id, publisher name, level id) from event..."? Hi, We have Splunk reading forwarded Windows events, and it appears to dropping events. Looking at the logs, I see t... by a212830 Champion in Getting Data In 09-23-2016 0 1	0	1
How to blackhole unwanted server logs by configuring props.conf and transforms.conf? Our main syslog server just forwards everything to Splunk. We have exclusions in syslog for certain applications but... by erinaldo Explorer in Getting Data In 09-23-2016 0 8	0	8
I have source data and i have inputlookup data, now i need to match them with column, but column name in source is Student and Column name in Inputlookup is Roll_Number. How can i match them? I have source data and i have inputlookup data, now i need to match them with column, but column name in source is St... by kdoma Explorer in Getting Data In 09-23-2016 1 2	1	2
How do I monitor Forwarded Events logs on Windows? I'm trying to monitor Forwarded Events logs on Windows (not application, system, etc.)? My inputs.conf stanza looks ... by ericlarsen Path Finder in Getting Data In 09-23-2016 0 7	0	7
Why is Powershell generated CSV data that is monitored only getting indexed once and is not indexed again until a Splunk restart? I've got an extremely frustrating problem here, at my wit's end and finally coming here. I've got CSV files being ge... by jamesklassen Path Finder in Getting Data In 09-23-2016 0 1	0	1
Extracting multi-level host name I would like to extract both directory and subdirectory information while importing data. So basically the directory... by smhsplunk Communicator in Getting Data In 09-23-2016 0 2	0	2
Timestamp format What could be the TIME_FORMAT=? for the below timestamp in event 2015-03-18 14:18:17 0.175 by merp96 Path Finder in Getting Data In 09-23-2016 0 4	0	4
After fixing props.conf, how to re-index the same files using the new settings? I accidentally imported some files into Splunk and the default line-breaking didn't work correctly. Now I want to rep... by Justin_Grant Contributor in Getting Data In 09-22-2016 13 7	13	7
How to enable and disable scheduled searches using Splunk REST API in Powershell? I have a requirement to disable scheduled search (specific ones) during a specific window and when a data load runs, ... by vivekriyer Explorer in Getting Data In 09-22-2016 0 1	0	1
Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder? We have a syslog server where there are many logs going to the indexer. Can we configure the Linux Universal Forward... by HackerHurricane Engager in Getting Data In 09-22-2016 0 1	0	1
Multiple index join with different formatted data JSON and RAW is not working I have esbetalog in JSON format and etaprd in RAW format and outer joined as with CUSTOMER_ORDER_NUMBER column both h... by ppanchal Path Finder in Getting Data In 09-22-2016 1 4	1	4
Can forwarder be configured to monitor more than one folder on Windows servers? I installed and configured the forwarder on windows. in the monitoring folder, I have multiple folders. can the for... by btran Explorer in Getting Data In 09-22-2016 0 4	0	4
How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider? I'm attempting to configure SSO for Splunk with ADFS as the IdP. I have mapped an Active Directory group to the admi... by justinb82 Engager in Getting Data In 09-22-2016 0 4	0	4
Forwardeing and Indexing on an Heavy Forwarder Hi at all, I have a Splunk instance indexing some logs. I'd like to continue to use the server for its old job but, a... by gcusello SplunkTrust in Getting Data In 09-22-2016 0 12	0	12
how do i get splunk to recognise timestamp of my log I have a time stamp logged into my my SNMP log like the below [6844 0502 083830508 SNMP] BAXSnmpSTTWorker::HandleSys... by deepthi5 Path Finder in Getting Data In 09-22-2016 0 4	0	4
Use script to format file while uploading Hi, I have a python script which formats the json file and create a new file in another location. My splunk instance... by harshal_chakran Builder in Getting Data In 09-22-2016 0 2	0	2

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Getting Data In

Why is the host name I set in a monitor stanza on a universal forwarder not showing as expected for indexed events?

VMware ESXi vmkernel error search

Can i have splunk forward data to an external system?

Is it possible to prevent indexing part of a line in a log file?

A very singular use case (I think) in indexing XML files.

How to configure logs capture in Splunk

easiest way to detect if splunk forwarder is running on 150 servers

How to index the correct timestamp from a log that has two dates?

How to configure props.conf to set the universal forwarder's server time as the event timestamp?

Why are some forwarded Windows events getting dropped and I get error "Failed to get the (record id, publisher name, level id) from event..."?

How to blackhole unwanted server logs by configuring props.conf and transforms.conf?

I have source data and i have inputlookup data, now i need to match them with column, but column name in source is Student and Column name in Inputlookup is Roll_Number. How can i match them?

How do I monitor Forwarded Events logs on Windows?

Why is Powershell generated CSV data that is monitored only getting indexed once and is not indexed again until a Splunk restart?

Extracting multi-level host name

Timestamp format

After fixing props.conf, how to re-index the same files using the new settings?

How to enable and disable scheduled searches using Splunk REST API in Powershell?

Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder?

Multiple index join with different formatted data JSON and RAW is not working

Can forwarder be configured to monitor more than one folder on Windows servers?

How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider?

Forwardeing and Indexing on an Heavy Forwarder

how do i get splunk to recognise timestamp of my log

Use script to format file while uploading

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation