Getting Data In

Thread Info

Breaking the logs with timestamp

Hi How to break following logs with time-stamp. Here the timestamp; "Jul 15 13:54:20" Jul 15 13:58:47 10.21.29...

by Builder in

Filtering out servers

I'm trying to filter out servers that aren't getting a lot of traffic. So, I'm wondering how to filter out servers th...

by Engager in

Splunk DB Connect 1: Using to_char and to_date functions with dbquery results in no results found

Hello and thank you in advance for any help . I am creating a dashboard for our customer service team, using a dbq...

by Explorer in

datetime.xml with european default

I have a difficult time stamp extraction in a source file. The date and time are split over two lines. I have tried m...

by Splunk Employee in

Firewall Open Port WMI

Hi Splunk community, I have just a little question, I have some servers in a DMZ. All ports are blocked inside to ...

by Explorer in

Windows で s-renewcerts.ps1 をPowerShell で実行すると CommandNotFoundException が発生し、証明書の更新ができません。

Windows OS の PowerShell より証明書更新用のスクリプト s-renewcerts.ps1 を実行すると下記のようにエラーメッセージが表示されてしまい、証明書の更新をすることができません。 PS C:\Pro...

by Communicator in

help in reading csv file

I want to monitor a csv file which generated through a script and producing output as below Below am having 4 colu...

by Communicator in

Why am I not getting data from the Splunk App for Stream using a universal forwarder with my current configuration?

My problem like this https://answers.splunk.com/answers/209017/why-am-i-not-getting-data-from-the-splunk-app-for.html...

by Path Finder in

help in reading my csv file

I want to monitor a csv file which generated through a script and producing output as below Below am having 4 colu...

by Communicator in

How can I remove input files if "splunk clean eventdata" didn't remove them?

I completely cleaned my index with "splunk clean eventdata" but my input files are still listed under Files and Direc...

by Engager in

Adding more forwarders when licenses are almost maxed out

If I have a 100GB licenses and my current indexing rate is around 90GB/day and I turned a forwarder on which had 15GB...

by SplunkTrust in

How to troubleshoot why data is only getting indexed in Splunk for 1 hour every day with no interval specified in inputs.conf?

Hi, We have an issue with Splunk getting data into indexes. We are getting data only during one hour (12.00 AM to ...

by Path Finder in

How to stop indexing a specific log for a particular switch in my production environment?

Hello, There is request from my client to stop indexing a specific log for a particular switch in my production. F...

by New Member in

Having trouble with Indexes and Monitors working together

Hello Splunk Community, I have finally reached a place where I know what I want to do and believe I know the right...

by New Member in

sslKeysfilePassword not working in a deployed forwarder app

I've created some certificates to use with our forwarders to secure forwarded traffic. I've created an indexer_discov...

by Path Finder in

How to get Access logs from RedCloud Security Appliance

Hi, As the question describes, I would like to know if there's a way to get the access logs from RedCloud Security...

by Path Finder in

Timestamp and line not properly break

I have this inputs.conf [ServerLogs] SHOULD_LINEMERGE = true TRUNCATE = 0 BREAK_ONLY_BEFORE = ^\d{6}\s+\d{2}\:\d{2...

by Path Finder in

Splunk configurations for SH, FWD and INDEXER

Posting on behalf of someone. I want to setup a Splunk clustered environment with 4SH (cluster), 4IDX (cluster), F...

by Communicator in

Why does splunkd_access.log burst events on our Unix universal forwarder for no reason, using up 17% CPU?

Hi, I've set up a Unix universal forwarder to monitor text-based files on a system. I always thought forwarders h...

by Motivator in

How do you add Perfmon:Process in universal forwarders?

Hi, How do you add Perfmon:Process into Splunk universal forwarders? I tried using the guides, but Splunk does not...

by Explorer in

Azure Active Directory is going to be rolling their signing key on a regular basis. Will Splunk handle the key rollover event automatically?

Azure Active Directory is going to be rolling their signing key shortly and does so on a regular basis. Will Splu...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Breaking the logs with timestamp

Filtering out servers

Splunk DB Connect 1: Using to_char and to_date functions with dbquery results in no results found

datetime.xml with european default

Firewall Open Port WMI

Windows で s-renewcerts.ps1 をPowerShell で実行すると CommandNotFoundException が発生し、証明書の更新ができません。

help in reading csv file

Why am I not getting data from the Splunk App for Stream using a universal forwarder with my current configuration?

help in reading my csv file

How can I remove input files if "splunk clean eventdata" didn't remove them?

Adding more forwarders when licenses are almost maxed out

How to troubleshoot why data is only getting indexed in Splunk for 1 hour every day with no interval specified in inputs.conf?

How to stop indexing a specific log for a particular switch in my production environment?

Having trouble with Indexes and Monitors working together

sslKeysfilePassword not working in a deployed forwarder app

How to get Access logs from RedCloud Security Appliance

Timestamp and line not properly break

Splunk configurations for SH, FWD and INDEXER

Why does splunkd_access.log burst events on our Unix universal forwarder for no reason, using up 17% CPU?

How do you add Perfmon:Process in universal forwarders?

Azure Active Directory is going to be rolling their signing key on a regular basis. Will Splunk handle the key rollover event automatically?

How to index only one day of data from a batch output?

Do heavy forwarders listen to data from devices or collect data by contacting them?

How to edit my props and transforms.conf on an indexer to filter out certain Windows event logs from being indexed?

How to configure Splunk preveing parsing multiline Imperva logs as separate events?

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions