Getting Data In

Discussions

Thread Info

what if indexer is unavailable when using DNS list load balancing

a universal forwarder will request to resolve XXXXXX (DNS) and it may get an IP address of the indexer that is no lon...

by Path Finder in

How filter by source name and keep only the last version

We use splunk to generate reports and provide them to an external application (Tableau). The data source are csv file...

by Observer in

Do WinEventLog blacklists use AND or OR for a list of eventcodes?

Hi, I am reading an Active Directory eventfeed, and it has an extensive blacklist (see below). Are these blacklist...

by Champion in

Need help with props on multiline event

We're bringing in syslog's from datapower units, and they have a rough log setup: Jul 22 09:00:20 10.214.8.104 [0x...

by Communicator in

Get dynamic json property names

I have some structured json logs that indicate some validation errors, and depending on the error, a different proper...

by New Member in

What system logs are needed to deploy Splunk effectively and cover the SANS top 20? Need to determine where to deploy forwarders

Hi I am deploying Splunk in an environment and would like to capture as many security aspects from the SANS top 2...

by New Member in

Events breaking on dates instead of the must break only on param

from btools prop list run on search head. The events still break on dates within the events rather than the "--------...

by Builder in

How to set up a license for a Heavy Forwarder that is also a Deployment Server?

Hi. I have an Indexer/SearchHead/Deploy server sitting on one zone, and a Heavy Forwarder/Deploy server sitting on...

by Path Finder in

Do you use Local or Default directories for your data inputs?

Always place your edits in local directors. (Removed the question because it was confusing)

by Builder in

Can we export saved search results to outputs.csv?

Hi, Is there a way we can upload all my saved search results to CSV file for scheduled search? Thanks

by Path Finder in

How would you manipulate the host name at index time based on serverclass?

What would a props/transform look like on an indexer that would append to the hostname field at index time based on t...

by Builder in

How to edit our forwarder inputs.conf for NetApp to forward data to our indexer?

We have moved some of our jobs over to a NetApp configuration on a brand new server, but I cannot get the data forwar...

by New Member in

New VMWare app

I saw the new VMWare app ath .conf2011. When will it be available for download?

by New Member in

How can I filter out HTTP 301 and 302 on a linux Heavy forwarder so that it doesn't forward those logs to the cloud indexer

I am new to Splunk and can see previous post for filtering out Security logs. Please would anyone be able to help wit...

by New Member in

Having some trouble with an infinite forwarding loop - Windows Event Logs

Hello I'm having a problem with Windows Event logs coming into Splunk. Windows Events log every time that the F...

by Path Finder in

Intermediate forwarder connections timeout

I have about 1300 hosts configured with uni forwarders sending data to a single heavy forwarder. The heavy forwarder ...

by Explorer in

Universal Forwarder not sending data - timed out

I've installed a universal forwarder on a linux box and configured it, but I'm getting the following errors. I'm runn...

by Path Finder in

CSV files with scientific notation fields

I have a folder monitored by Splunk where CSV files are uploaded and sucked into Splunk. Splunk reads them no sweat a...

by Explorer in

Parse multiple default or initial Values to Text form input

Hello Community, My Problem: I have a Dashboard, where I want to parse multiple default or initial Values to a ...

by New Member in

managing per index data retention

I need to retain data for 6 months with 400 GB of data max in warm and 5 tb in cold. Will the below work? I am confus...

by Communicator in

How to configure 90/180/366 days retention for an index?

We would like to enable frozenTimePeriodInSecs and enableTsidxReduction = true with timePeriodInSecBeforeTsidxReducti...

by New Member in

extracting timestamps from filenames - regex never matches

Hi, I'm new to splunk, and I know there have been a thousand questions on extracting timestamps out of filenames, and...

by Engager in

How to integrate unix script in splunk

Hi, I am very much comfortable in Unix Shell Scripting, I would like to know how it is possible to intergrate it w...

by Contributor in

UF - Route inputs to specific indexers based on the data's input

I have a UF running at version 6.0.4. I have configured an inputs.conf value to route to a different indexer. The UF ...

by Path Finder in

Static drop down menu for dashboard isn't working, need help.

I've created a dashboard which can read pageviews the number of users for an application the most frequent users. I'm...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

what if indexer is unavailable when using DNS list load balancing

How filter by source name and keep only the last version

Do WinEventLog blacklists use AND or OR for a list of eventcodes?

Need help with props on multiline event

Get dynamic json property names

What system logs are needed to deploy Splunk effectively and cover the SANS top 20? Need to determine where to deploy forwarders

Events breaking on dates instead of the must break only on param

How to set up a license for a Heavy Forwarder that is also a Deployment Server?

Do you use Local or Default directories for your data inputs?

Can we export saved search results to outputs.csv?

How would you manipulate the host name at index time based on serverclass?

How to edit our forwarder inputs.conf for NetApp to forward data to our indexer?

New VMWare app

How can I filter out HTTP 301 and 302 on a linux Heavy forwarder so that it doesn't forward those logs to the cloud indexer

Having some trouble with an infinite forwarding loop - Windows Event Logs

Intermediate forwarder connections timeout

Universal Forwarder not sending data - timed out

CSV files with scientific notation fields

Parse multiple default or initial Values to Text form input

managing per index data retention

How to configure 90/180/366 days retention for an index?

extracting timestamps from filenames - regex never matches

How to integrate unix script in splunk

UF - Route inputs to specific indexers based on the data's input

Static drop down menu for dashboard isn't working, need help.

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!