Getting Data In

Thread Info

Is there a recommended configuration for syslog-ng log rotation and blacklist to prevent duplicate data?

Hello All, We have a Splunk server setup for monitoring our Cisco WSA server using "Cisco Web Security Advanced Re...

by New Member in

How to manage data models with REST endpoints?

Hello, I am trying to find the way to manage datamodels using REST endpoints: http://docs.splunk.com/Documentat...

by Influencer in

Trying to upgrade Windows universal forwarders from Splunk 5.0.3 to 6.4, why am I getting error "Wizard Ended Prematurely"?

I am trying to upgrade the collectors on a few Windows Servers because I had a security come back saying my version h...

by Engager in

How to configure Splunk to parse a custom date timestamp in a column of a CSV file?

I have a CSV file I need Splunk to consume every day that has a date time stamp in a column. I cannot figure out how ...

by Communicator in

How to troubleshoot why I'm missing log data in Splunk for one day?

Hi, I have logs coming into Splunk from our Mainframe server for a long time. I noticed that Splunk is suddenly no...

by Path Finder in

How to configure a heavy forwarder to route some of the data to syslog+nullqueue, and rest to index?

We are trying to configure a heavy forwarder to route some of the data to syslog+nullqueue, and index the rest of the...

by Communicator in

Why is Splunk marking a custom TA as deprecated

Hi Splunkers We have built a custom technical add-on for our BlueCoat Appliances. Now Splunk is marking this TA as...

by Motivator in

What the best strategy to discard all temporary data while testing on some forwarders?

We have a clustered environment that includes heavy forwarders, universal forwarders, and forwarders under Windows. T...

by Path Finder in

How to establish a connection with Spark to visualize the data in Splunk?

Hi All, Has anyone established any kind of connectivity with Spark? We need to visualize the data in Splunk. An...

by Path Finder in

We have "indexAndForward = false" configured, but why are heavy forwarders listed in results from license_usage.log and metrics.log?

Working on better alerting on indexing volume/license usage and the like and I've stumbled across something in-explic...

by SplunkTrust in

Why am I getting error "Failed to parse timestamp" with my current TIME_FORMAT?

This may have been asked before, but I can't find answer that solves my problem. First time using Splunk community...

by New Member in

Why is one of our Linux Splunk 6.x forwarders reporting "Detected system time adjusted backwards..."?

One of our Linux hosts running a Splunk 6.x forwarder is getting an excessive number of messages in splunkd.log: 0...

by Explorer in

Is there a current version of Splunk available for Windows Server 2003 32 bit?

Is there a current version available for this OS? Thanks, Antonio.

by New Member in

How do I remove STDOUT prefix from log4j on a server.log file?

I've got a log file that has some log4j entries like this: 2016-05-03 10:32:35,895 INFO [STDOUT] (http-0.0.0.0-81...

by New Member in

Is there a Splunk Universal Forwarder 6.1.10 for AIX 5.3?

I see you have Splunk 6.1.10 for AIX 5.3, does SplunkForwarder 6.1.10 exist? Trying to close the DROWN security vulne...

by Engager in

How do I create a Linux Splunk testing environment on VMware?

Hi, I am trying to create a testing environment for Splunk. I want to create an infrastructure of about 4 Linux en...

by New Member in

Change field names of indexed data

Hi, I've got a particular source type which I would like to modify the field names of so that they are CIM compliant....

by Communicator in

How to do asset dumping using Nessus data?

How to do asset dumping using Nessus data? Nessus is already feeding to Splunk and properly mapped to CIM.

by New Member in

Sending HTTP DELETE request using splunk's 'rest' command

Please let me know if there any way to send a HTTP request to splunk REST end point using splunk's rest (http://docs....

by Builder in

Questions regarding to the Splunk / Hunk Splunk Archiver dashboard

In the Archive dashboard, I see two panels for archiving via coldToFrozen by index, I've googled it and looked throug...

by Path Finder in

How to edit my log4j sourcetype configuration on my Splunk forwarder for proper line breaking?

I have a java app that writes to a log file... I have configured a Splunk forwarder to forward this log (using source...

by New Member in

Splunk thinks current timestamps are "outside of the acceptable time window"

I'm using the most recent version of Splunk Light Forwarder to forward .csv files to my main Splunk server (4.2, buil...

by Explorer in

How to convert a date field from YYYY-MM-DD to MM-DD-YYYY?

Hi, I have a field in a CSV file called CREATION_DATE and currently the value in the field is (example: 2015-4-5.4...

by Motivator in

For a clean installation of a Splunk forwarder, how do we retain a previous forwarder's search history to not reindex what was monitored?

Hey there, If we were to do a clean install of a Splunk forwarder (rip out previous version of forwarder), is ther...

by Path Finder in

Exporting SSNs to a CSV file trims leading zeros. How do we preserve them?

When we export Social Security Numbers to a csv file, the leading zeros of the SSN are being trimmed. We wonder how w...

by Ultra Champion in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is there a recommended configuration for syslog-ng log rotation and blacklist to prevent duplicate data?

How to manage data models with REST endpoints?

Trying to upgrade Windows universal forwarders from Splunk 5.0.3 to 6.4, why am I getting error "Wizard Ended Prematurely"?

How to configure Splunk to parse a custom date timestamp in a column of a CSV file?

How to troubleshoot why I'm missing log data in Splunk for one day?

How to configure a heavy forwarder to route some of the data to syslog+nullqueue, and rest to index?

Why is Splunk marking a custom TA as deprecated

What the best strategy to discard all temporary data while testing on some forwarders?

How to establish a connection with Spark to visualize the data in Splunk?

We have "indexAndForward = false" configured, but why are heavy forwarders listed in results from license_usage.log and metrics.log?

Why am I getting error "Failed to parse timestamp" with my current TIME_FORMAT?

Why is one of our Linux Splunk 6.x forwarders reporting "Detected system time adjusted backwards..."?

Is there a current version of Splunk available for Windows Server 2003 32 bit?

How do I remove STDOUT prefix from log4j on a server.log file?

Is there a Splunk Universal Forwarder 6.1.10 for AIX 5.3?

How do I create a Linux Splunk testing environment on VMware?

Change field names of indexed data

How to do asset dumping using Nessus data?

Sending HTTP DELETE request using splunk's 'rest' command

Questions regarding to the Splunk / Hunk Splunk Archiver dashboard

How to edit my log4j sourcetype configuration on my Splunk forwarder for proper line breaking?

Splunk thinks current timestamps are "outside of the acceptable time window"

How to convert a date field from YYYY-MM-DD to MM-DD-YYYY?

For a clean installation of a Splunk forwarder, how do we retain a previous forwarder's search history to not reindex what was monitored?

Exporting SSNs to a CSV file trims leading zeros. How do we preserve them?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions