Getting Data In

Ask a Question

Discussions

Thread Info

input.conf whitelist for windows eventlogs

We are trying to capture failed logons from our AD server but only want to capture specific event logs. We are usi...

by Engager in

Is it possible to add an item to the whitelist in just one specific client in a server class?

I have a server class (wineventlog) that has a whitelist in the inputs.conf. It looks like this: [WinEventLog://Se...

by New Member in

On startup, Splunk reports issues with the default prefs.conf file (invalid keys)

When I startup Splunk (v6.3.0 for Linux), I've notices warning message when Splunk is Checking conf files for problem...

by Path Finder in

data indexing on rapid7 app for Splunk enterprise

Hi, I am planning to install Splunk app for Rapid7 Nexpose. We use Nexpose Enterprise edition. While checking the ...

by Builder in

Why are some Windows event logs indexed in Splunk with a future timestamp?

Hi all I have a search like this: index=\* earliest=+1m latest=+30h sourcetype="WinEventLog:Sys*" Message=\*Upg...

by Path Finder in

With indexAndForward=true on a heavy forwarder, how do we route data to an index with a different name on the target indexer?

Hi Team, We are planning to migrate our existing indexed data to a new Enterprise Server which is up and running, ...

by Contributor in

Is anyone else getting "Splunk could not get the description..." after a Windows update using Splunk 6.3.2?

Not so much a question, but an observation looking for confirmation. If true, looking to spread the word. Recently...

by Explorer in

How to input data from perl script to splunk?

Hello guys, I am new to splunk and I am trying to input data from a perl script. Script is very simple, a hellowor...

by Engager in

How to troubleshoot why security events from one domain controller are getting indexed with a delay of 5 hours?

Good day, We have one domain controller that is always about 5 hours behind in having the logs available in Splunk...

by New Member in

Why am I getting "Error occurred attempting to remove CPU Data...required arguments are missing: app_name..." trying to remove a data input?

I'm trying to delete a data input, but I'm getting this message: Error occurred attempting to remove CPU Data: In ...

by New Member in

How to extract sum totals for data in a nested JSON object?

Hi there, I have the following log line format (slightly edited for anonymity), 2013-08-14T08:54:10.098+0100 [I...

by Engager in

What is the default retention time in Splunk Cloud and what is the cost of extending it?

Hi, I've started looking into Splunk Cloud for some customers. At the official Splunk website it says that the Spl...

by Builder in

Punct... good god y'all - what is it good for?

Early on in our Splunk deployment we set ANNOTATE_PUNCT to false on our indexers, both to save space and for performa...

by Influencer in

How does load balacing work when forwarding to Splunk Cloud?

Hi, I'm wondering how load balancing in Splunk Cloud work. When i install the splunkcloud.uf app on a local for...

by Builder in

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

After deploying a search head cluster, I have a problem with searching anything. SHcluster status is up, but when I l...

by New Member in

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

I installed a Splunk Universal Forwarder on a Windows Server 2012R2 using following command: msiexec.exe /i splun...

by New Member in

What happens if I restart the universal forwarder while it is processing a file?

Here's my setup: 1 search head, 4 indexers, 1 universal forwarder The UF is trying to index a large file (2G), I'm...

by Contributor in

Windows scripted input using output from splunk openssl command?

Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like...

by Motivator in

Why can't I delete knowledge objects as admin?

Looking at my saved searches, about 99% of them do not have the "delete" action listed. There are one or two that do ...

by Communicator in

How to search the average time between two timestamps?

Hello, I am trying to find the difference between two time stamps using the below search: index=abc | eval aver...

by Builder in

Only latest results from a constantly human updated CSV?

I have a use case where a CSV in a shared location is being updated daily by project manager(s). I'm attempting to bu...

by Path Finder in

Run a script on UF from SHC

Hi, I have a few scheduled alerts setup on my SHC. The output is the list of hosts (UFs) that fall in the alert cr...

by Communicator in

configuring TIME_FORMAT

Hello, our logs have ISO 8601 date format with shorted year (YY instead of YYYY): "12-08-06 04:42:10". It is 6 of Aug...

by New Member in

Unable to fetch REST endpoint

I am getting the warning message "Unable to fetch REST endpoint '/services/search/jobs' from 'https://127.0.0.1:8089'...

by Path Finder in

Is there a Splunk Universal Forwarder version for HP-UX 11.00?

Hi, I have a few HP UX version 11.00 servers that I need logs sent to Splunk. I have successfully installed the f...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

input.conf whitelist for windows eventlogs

Is it possible to add an item to the whitelist in just one specific client in a server class?

On startup, Splunk reports issues with the default prefs.conf file (invalid keys)

data indexing on rapid7 app for Splunk enterprise

Why are some Windows event logs indexed in Splunk with a future timestamp?

With indexAndForward=true on a heavy forwarder, how do we route data to an index with a different name on the target indexer?

Is anyone else getting "Splunk could not get the description..." after a Windows update using Splunk 6.3.2?

How to input data from perl script to splunk?

How to troubleshoot why security events from one domain controller are getting indexed with a delay of 5 hours?

Why am I getting "Error occurred attempting to remove CPU Data...required arguments are missing: app_name..." trying to remove a data input?

How to extract sum totals for data in a nested JSON object?

What is the default retention time in Splunk Cloud and what is the cost of extending it?

Punct... good god y'all - what is it good for?

How does load balacing work when forwarding to Splunk Cloud?

After deploying a search head clustering, why is authentication to my two indexers failing and am unable to search?

How to troubleshoot why a Universal Forwarder is not sending data to the Deployment Server?

What happens if I restart the universal forwarder while it is processing a file?

Windows scripted input using output from splunk openssl command?

Why can't I delete knowledge objects as admin?

How to search the average time between two timestamps?

Only latest results from a constantly human updated CSV?

Run a script on UF from SHC

configuring TIME_FORMAT

Unable to fetch REST endpoint

Is there a Splunk Universal Forwarder version for HP-UX 11.00?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions