Getting Data In

Thread Info

User list from Active directory

Hi How to get the user details from the Active directory with OU name using ldapsearch?

by Builder in

Transpose CSV column headers to row

Hello, Is Splunk able to, before or after indexing, transpose column and rows in this way: original file: has col...

by Path Finder in

After disabling default port 8089 due to app conflict, why is our universal forwarder unable to contact the deployment server?

We found that we have a new server type with a new internal application that is using port 8089 and would not allow t...

by Explorer in

Splunkweb crashes with "Bad file descriptor"

Splunk 4.1.4 on Win2008 R2, splunkweb is repeatedly terminating with "Bad file descriptor" error shown in web_serivce...

by Explorer in

Timezone conversion issue on HF

We have a HF in UTC timezone that is received log events from an Universal Forwarder running on EDT timezone. The log...

by Contributor in

Editing an indexed log

We made a mistake and logged a few 1000 fields in an event with a wrong format. Is there any way that we could edit t...

by Engager in

How to monitor and index html reports generated daily, even if there are no changes?

Hey. My antivirus generates 4 html reports every day in a folder, but I see a different number of events every tim...

by Communicator in

Highly Available (Double) Data-Source (Syslog)

Hi all, I'm currently experiencing this challenge. At a customer site we have two identical syslog servers rece...

by Path Finder in

How To Alert if SourceType is Not Logging?

I have a forwarder which is configured to monitor 5 directories. Each directory has it's own sourcetype and one of th...

by SplunkTrust in

How to split incomming traffic through UDP 514 ?

Dear All, I'm totally new to the business, I've never dealt with regex, logs or Splunk, etc. Some answers can be f...

by New Member in

Displaying specific text from logs

I have a table on my dashboard that displays particular information from logs but I am trying to add an event name to...

by Path Finder in

How to create an index in an indexer cluster and pull firewall logs to store in that index?

I want to create an index in an indexer cluster and pull firewall logs to store in that index.

by Engager in

After indexing logs in Splunk, where can I find the specific path where it is stored?

I have a server which transfers logs to the Splunk server, but I don't know where it is stored in Splunk. Can someone...

by Engager in

Why does license usage differ between the number found using RolloverSummary versus Usage from the license_usage.log file?

I did the two following searches using the same license_usage.log file and got different results for yesterday's tota...

by Path Finder in

Troubleshoot - Linux Universal Forwarder is not forwarding all files

We have a UF on RHEL that forwards some files fine but one that is not being forwarded. I recently added a file to fo...

by Explorer in

How do I redirect data to a different set of indexers via my heavy forwarder?

All, I want to set aside a handful of indexers to store important data. I have a heavy forwarder setup. So should...

by Builder in

How do i make stored logs be parsed according to a diffrent sourcetype?

I have a logs stored in splunk and they are of sourcetype=test, but I recently found this app that parses these type ...

by Explorer in

understanding search time vs index time

Despite having recently finished the Splunk Admin course, I'm still fuzzy on the terms "index-time" and "search-time"...

by Contributor in

How to see if two different hosts have failure event records?

I need to return a "yes" if (host=A has events > 0 and host=B has events > 0) else '"no"

by Path Finder in

Splunk Universal Forwarder On AIX Fails To Start After Upgrade To Spunk 6.4.x

After upgrading Splunk Universal Forwarder to version 6.4.0 or above, Splunk will no longer start and the following e...

by Splunk Employee in

Is it possible to set up a Splunk deployment with just 1 indexer and 1 search head?

Is it possible to set up Splunk with Just 1 Indexer, and 1 Search head? I began to attempt this through the Distribut...

by Builder in

Trying to set up forwarder for Splunk Light - Download Universal Forwarder Credentials link returns 404

I am trying to set up a universal forwarder (Windows) to send data to our new Splunk Light trial account. I am follow...

by Explorer in

How to index data which is forwarded to DNS?

Hello I am using DNS lists for load balancing. I am pointing my forwarders to send data to my DNS, but I was wonde...

by Path Finder in

what if indexer is unavailable when using DNS list load balancing

a universal forwarder will request to resolve XXXXXX (DNS) and it may get an IP address of the indexer that is no lon...

by Path Finder in

How filter by source name and keep only the last version

We use splunk to generate reports and provide them to an external application (Tableau). The data source are csv file...

by Observer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

User list from Active directory

Transpose CSV column headers to row

After disabling default port 8089 due to app conflict, why is our universal forwarder unable to contact the deployment server?

Splunkweb crashes with "Bad file descriptor"

Timezone conversion issue on HF

Editing an indexed log

How to monitor and index html reports generated daily, even if there are no changes?

Highly Available (Double) Data-Source (Syslog)

How To Alert if SourceType is Not Logging?

How to split incomming traffic through UDP 514 ?

Displaying specific text from logs

How to create an index in an indexer cluster and pull firewall logs to store in that index?

After indexing logs in Splunk, where can I find the specific path where it is stored?

Why does license usage differ between the number found using RolloverSummary versus Usage from the license_usage.log file?

Troubleshoot - Linux Universal Forwarder is not forwarding all files

How do I redirect data to a different set of indexers via my heavy forwarder?

How do i make stored logs be parsed according to a diffrent sourcetype?

understanding search time vs index time

How to see if two different hosts have failure event records?

Splunk Universal Forwarder On AIX Fails To Start After Upgrade To Spunk 6.4.x

Is it possible to set up a Splunk deployment with just 1 indexer and 1 search head?

Trying to set up forwarder for Splunk Light - Download Universal Forwarder Credentials link returns 404

How to index data which is forwarded to DNS?

what if indexer is unavailable when using DNS list load balancing

How filter by source name and keep only the last version

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions