Getting Data In

Thread Info

Lost data after indexers had to rebuild in an indexer cluster. Is there a way to recover this?

I had to rebuild my two slave indexers, but the master is still intact. However, I lost all data prior to the rebuild...

by Communicator in

How to troubleshoot why I am not receiving data for two sources I created on a universal forwarder?

I have one forwarder that is working for 6+ sources. I created two sources today and no data is showing up. If I d...

by Explorer in

Generate SNMP trap from Splunk

I have a requirement to generate an SNMP trap and forward it to a monitoring tool whenever a particular log message i...

by Engager in

Splunk as a syslog server

Can Splunk be used as a syslog server receiving syslog messages directly from a firewall or is a separate syslog serv...

by Explorer in

How to assign a Splunk status result to a variable in a script?

hello I am working on a script for running Splunk. I want to check status of Splunk and assign the result of t...

by Path Finder in

Error encountered for connection from src=10.100.100.137:48221. Local side shutting down

I'm seeing this error in a heavy forwarder, but I couldn't find any information as to what it could mean. 07-26-20...

by Explorer in

Is there any negative impact deleting the .bundle files and files under /opt/splunk/var/run/searchpeers?

Hi all , Recently we had an issue with /opt as it is consuming 100% memory. We have gone through and checked .bund...

by Explorer in

What settings do we have to change to improve Splunk forwarder memory usage?

Hello , We have problem with Splunk forwarder usage. Will limiting the maxkbps=0 increase the speed of CPU usage ...

by Explorer in

Generating props.conf and transforms.conf from Splunk web

Hi all Since I'm quite new at this, I was wondering is it possible (on Windows) to generate props.conf and transfo...

by New Member in

Splunk Enterprise: index-time parsing configuration creating/ editing of "props.conf"

Hello, Based on Splunk recommendation the best path for this file"props.conf" is: $SPLUNK_HOME/etc/system/local If...

by New Member in

problems with time stamp extraction

I have been given a log file to ingest into Splunk as part of a Lab exercise, but Splunk it not extracting the time a...

by Splunk Employee in

Best way to get Symantec AV data - (reworking an old instance of Splunk)

Hello, I am new to Splunk and was recently given our organization's old Splunk project. Long story, but basically ...

by Explorer in

Collecting Windows eventlogs with whitelist based on word

Hi I need to collect all Windows security logs from my infrastructure with Splunk UF installed which include speci...

by Path Finder in

Taking over an old Splunk deployment, how should I get data forwarded to our Splunk indexer?

Hello, As I've said in a previous post, I am new to Splunk so please excuse the newb questions. I have been tas...

by Explorer in

Windows Forwarder - Unable to rotate/delete log file. Handle open by splunkd.exe?

Has anyone run into this before? I'm unable to rotate logs due to files being opened by the forwarder. The files have...

by Communicator in

Why are we missing data in Splunk after rsyslog?

Hello, I am missing data in my current setup (about 20 to 30%). Instance A is sending data to Instance B on por...

by Explorer in

Feroda logs

Hello. Does anyone have experience with what is reflected in the subject question (Journalctl logs)? I must copy...

by Communicator in

Restarting a universal forwarder on AIX, why do I get error "ulimit - Splunk may not work due to small data segment/resident memory limit"?

Hi, I get the following error when I restart our universal forwarder for AIX, 05-24-2016 18:06:26.872 +0800 I...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Lost data after indexers had to rebuild in an indexer cluster. Is there a way to recover this?

How to troubleshoot why I am not receiving data for two sources I created on a universal forwarder?

Generate SNMP trap from Splunk

Splunk as a syslog server

How to assign a Splunk status result to a variable in a script?

Error encountered for connection from src=10.100.100.137:48221. Local side shutting down

Is there any negative impact deleting the .bundle files and files under /opt/splunk/var/run/searchpeers?

What settings do we have to change to improve Splunk forwarder memory usage?

Generating props.conf and transforms.conf from Splunk web

Splunk Enterprise: index-time parsing configuration creating/ editing of "props.conf"

problems with time stamp extraction

Best way to get Symantec AV data - (reworking an old instance of Splunk)

Collecting Windows eventlogs with whitelist based on word

Taking over an old Splunk deployment, how should I get data forwarded to our Splunk indexer?

Windows Forwarder - Unable to rotate/delete log file. Handle open by splunkd.exe?

Why are we missing data in Splunk after rsyslog?

Feroda logs

Restarting a universal forwarder on AIX, why do I get error "ulimit - Splunk may not work due to small data segment/resident memory limit"?

Should a summary index be created on both Search Head and Indexer?

How can I parse events in transforms.conf and props.conf?

How do I configure Splunk to read events by timestamp?

eof error when reading file

Why is Splunk importing header fields from CSV files as events?

Importing data from a CSV file, how do I edit props.conf to assign a specific column to be parsed as _time?

How to search license usage by indexer server and top 10 host usage per indexer?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions