Getting Data In

Discussions

Thread Info

How to remove data if I have already removed the index?

Hello Splunkers, I really need your help! I have a large amount data within one index. For remove the data, it should...

by Path Finder in

Getting logs in splunk using log location address

Hi! I am a new to Splunk. I have an application on a linux server that produces logs in log4j format. I want to recei...

by New Member in

Json extraction with optional embedded element

HI, I am tryig to get elements extracted from array which looks like this : { "Version": 2, "diagnostic": [ { "name":...

by Explorer in

Reading data from DBF files

Hi, How can DBF files from Windows Server 2008 be read into splunk?

by Explorer in

How to configure timestamp to recognize multiline timestamp?

I am a new Splunk user and I am having difficulties resolving this problem. I have an xml log file as an input struct...

by Engager in

Sourcetypes on UDP syslog data

When receiving syslog data via UDP:514, is there a way to specify the sourcetype based on the IP address of the devic...

by Communicator in

Why is Splunk not parsing the correct datetime?

I have logs that contain the following datetime format: 29-06-2016_00-08-17 The props contain: [odb] TIME_P...

by Communicator in

How to set the timestamp for events with TIME_PREFIX after sourcetype renaming?

Hi all, I have this kind of log from 1 source : DateLog=1459870479.000 ... TypeLog=Syslog ... Apr 5 17:34:37.6...

by Explorer in

Why is my universal forwarder not respecting my limits.conf config?

All, I am have a simple app which just has this config in /default/limits.conf [thruput] maxKBps = 0 How c...

by Builder in

High consumption POWERSHELL in Active Directory without related processes Splunk-Powershell.

Hi, everyone I have a simple PowerShell script that runs every 5 minutes grabbing data from a database. I have no...

by Explorer in

Migrating my current indexer cluster to a multisite cluster, if I add two new indexers, will old data be replicated?

Hi, I have cluster with two indexers (A,B), and a lot of indexed data. I want to add two new indexers (C,D), and d...

by Communicator in

How to configure Splunk to parse uppercase field values and make them lowercase?

I have an index that has some data entering written in uppercase and other data in lowercase, but they are about the ...

by Path Finder in

Powershell script in Heavy Forwarder consuming a lots of memory in Active Directory.

Hi, everyone I have a simple PowerShell script that runs every 5 minutes grabbing data from a database. I have no...

by Explorer in

Recursive monitoring of directories "..." not working in Splunk 6.2

I want to monitor /foo/log as well as /foo/bar/log and /foo/var/log. However, I am unable to using this our forwarder...

by Explorer in

Timestamp extraction from log

Hello, I am trying to extract time stamp from log file which will help me to use log TimeStamp instead of splunk time...

by Champion in

How to troubleshoot why Splunk isn't reading and indexing incoming syslog messages?

Hi, I'm trying to read and index messages that come from a Juniper Pulse device using syslog protocol. I used the ...

by Path Finder in

Can I use wildcards for IPs in inputs.conf?

Hey guys. Can I use wildcards for IPs in inputs.conf? I have: [udp://10.102.1.1:514] connection_host = ip s...

by Communicator in

Why is my field alias only applied for 1 of 2 fields specified in props.conf?

Hi, Trying to build a parser, but facing the below issue. I extracted two fields from my logs: action_failed an...

by Explorer in

Why is a text file with only one number not continuously read in Splunk 6.4.1 with my current inputs.conf?

Hi, I have set up batch files to count the number of documents in a folder. Splunk is running this batch file succ...

by Path Finder in

How to troubleshoot why splunkd keeps crashing every two days on Windows?

Dear all, I have Splunk which is installed on a Windows platform. I found it crashes every two days recently. May ...

by Explorer in

Events from multiple forwarders being dropped randomly.

We are experiencing random events dropping across multiple forwarders. We have a repro of the problem as we were doin...

by Explorer in

How to reset the password on one of my indexers?

I'm trying to reset the password on one of my indexers, but I do not see a passwd.bak file in the etc directory. All ...

by Path Finder in

Is there an easy way to get resource usage per Splunk process for a universal forwarder?

Hi, Is there an easy way to get resource usage for a universal forwarder? I don't see anything in the distributed ...

by Champion in

domaintools & Splunk ES Integration

Hello, I see in the ES Guide @ http://docs.splunk.com/Documentation/ES/latest/Install/AdvancedThreatdashboards ...

by Path Finder in

I installed a universal forwarder, but the system still indicates my forwarder is inactive. How do I activate it?

I'm trying to retrieve data from another server using a universal forwarder. I succeeded in installing the universal ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to remove data if I have already removed the index?

Getting logs in splunk using log location address

Json extraction with optional embedded element

Reading data from DBF files

How to configure timestamp to recognize multiline timestamp?

Sourcetypes on UDP syslog data

Why is Splunk not parsing the correct datetime?

How to set the timestamp for events with TIME_PREFIX after sourcetype renaming?

Why is my universal forwarder not respecting my limits.conf config?

High consumption POWERSHELL in Active Directory without related processes Splunk-Powershell.

Migrating my current indexer cluster to a multisite cluster, if I add two new indexers, will old data be replicated?

How to configure Splunk to parse uppercase field values and make them lowercase?

Powershell script in Heavy Forwarder consuming a lots of memory in Active Directory.

Recursive monitoring of directories "..." not working in Splunk 6.2

Timestamp extraction from log

How to troubleshoot why Splunk isn't reading and indexing incoming syslog messages?

Can I use wildcards for IPs in inputs.conf?

Why is my field alias only applied for 1 of 2 fields specified in props.conf?

Why is a text file with only one number not continuously read in Splunk 6.4.1 with my current inputs.conf?

How to troubleshoot why splunkd keeps crashing every two days on Windows?

Events from multiple forwarders being dropped randomly.

How to reset the password on one of my indexers?

Is there an easy way to get resource usage per Splunk process for a universal forwarder?

domaintools & Splunk ES Integration

I installed a universal forwarder, but the system still indicates my forwarder is inactive. How do I activate it?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions