Getting Data In

Thread Info

How do I configure proper line breaking for my sample multiline event in Splunk 6.4?

Hi... I am using a Mainframe log which has different type of events. I am only trying to split the lines of events...

by Path Finder in

How to limit the maximum daily indexing volume

I had installed a Enterprise trial license which was going well for me with searching and reporting.But after install...

by New Member in

How to send Splunk data to a 3rd party Tomcat server?

Hello, I am new to Splunk, using Splunk Enterprise 6.3.3. User entered input data stored as record (in a dictionar...

by New Member in

How to whitelist or blacklist log files in Zip Archives?

Hi there, I'm trying to monitor log files in zip archives, that contain additional data files, which I mustn't mon...

by Path Finder in

How to index logs in Splunk 6.4 from a Box folder?

Hi Splunker, Looking forward to onboarding logs from a Box folder. Not the Box access logs, it's a custom log fil...

by Motivator in

Parsing a field, how can I tell if the value is an IP or a hostname (string)?

If I parse out a field, how can I tell if the value is an IP or a hostname? timestamp host error: Auth fail user1 ...

by Builder in

Microsoft-Windows-PrintService/Operational Logs

I want to monitor who is printing to which printer on my remote print server. Eventually I only want to see event ID ...

by Explorer in

What configuration file contains app version numbers so I can propagate version numbers from GitHub to Splunk?

Hi, firstly my apologies if this isn't the correct forum, but I wonder whether you may be able to help me please. ...

by Motivator in

We would like to use a Linux search head with a Windows indexer cluster. Is there documentation on cross OS platforms compatibility?

https://answers.splunk.com/answers/24099/indexers-on-windows-and-linux-for-same-environment.html http://docs.splunk.c...

by Path Finder in

Windows Universal Forwarder default scripted inputs do not respect "disabled=" parameter.

I have been trying to disable the disable the default scripted inputs from a Windows Universal Forward (version 6.2.1...

by Contributor in

Split event into multiple events

I am indexing syslog traps stored to a file. I am building a transaction based on that where if the value of a partic...

by Path Finder in

Why is _time different between apps for the same data in Splunk Cloud?

Hi, For whatever reason, I have data in Splunk Cloud which has a different _time value depending on which app you...

by Communicator in

Running Splunk in Azure (or any cloud environment)

Wondering if there are any best practices (or reference architectures) for running Splunk against an Azure (or anothe...

by Engager in

How can I access the logs which are available in a MySQL database on a remote server?

How can I access the logs which are available in My SQL database in my remote server? Hi i am having two servers i...

by New Member in

What configuration file do I need to edit on a Windows universal forwarder to exclude performance monitoring?

Brand new to Splunk. Installed the universal forwarder on a Windows Server and see the logs populating on my Splunk L...

by Path Finder in

How to handle SSL certificate verification for REST API calls from a Splunk app/add-on?

I'm developing a Splunk Add-on, and use the REST API in a couple of places to do stuff like look up config values and...

by Explorer in

Splunk Universal Forwarder and TCP Data: What exactly is Splunk looking for to determine EOF?

According to the doc here: http://docs.splunk.com/Documentation/Splunk/6.3.3/Forwarding/Setuploadbalancingd I...

by Path Finder in

Can anyone provide guidance on my plan to configure cold storage in indexes.conf?

So, I got the 150TB cold, but they are mounted into /mnt/splunk1/cold and /mnt/splunk2/cold. I figured that may cause...

by Builder in

How to configure inputs.conf on a Splunk forwarder to only read a file once?

Hello, Is there a way to tell the Splunk forwarder not to keep monitoring a file after it's been indexed once? We ...

by Builder in

Why does monitoring for a log file keep stopping and getting error "BatchReader - Removed from queue..."?

Hello I have a monitor on a log file that is continuously written to. It seems that the monitor keeps stopping and...

by Builder in

How to configure file monitoring to make the full content of a file as one event?

I have Login files in a folder that are overwritten each time a person logs in. I would like to read in the entire fi...

by Motivator in

How to configure transforms.conf on a heavy forwarder to combine sourcetype and host into one host key?

I'm exporting events from a Heavy Forwarder to syslog without indexing (throwing to nullQueue after syslog output). ...

by Contributor in

Why were logs indexed at a time when Splunk was not running on the host?

Splunk was running on the time period 00:00 07:00. and stopped at 07:00, but few logs were captured at the time 08:15...

by Path Finder in

Should we install universal forwarders at each of our branch locations to forward data directly to Splunk Cloud?

We are looking at leveraging Splunk Cloud and we have branch locations all over the country in which we will need to ...

by New Member in

How do we calculate the RAM usage by applications on different servers?

I am trying to figure out how much RAM an app on a Windows server is consuming for a given index.

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How do I configure proper line breaking for my sample multiline event in Splunk 6.4?

How to limit the maximum daily indexing volume

How to send Splunk data to a 3rd party Tomcat server?

How to whitelist or blacklist log files in Zip Archives?

How to index logs in Splunk 6.4 from a Box folder?

Parsing a field, how can I tell if the value is an IP or a hostname (string)?

Microsoft-Windows-PrintService/Operational Logs

What configuration file contains app version numbers so I can propagate version numbers from GitHub to Splunk?

We would like to use a Linux search head with a Windows indexer cluster. Is there documentation on cross OS platforms compatibility?

Windows Universal Forwarder default scripted inputs do not respect "disabled=" parameter.

Split event into multiple events

Why is _time different between apps for the same data in Splunk Cloud?

Running Splunk in Azure (or any cloud environment)

How can I access the logs which are available in a MySQL database on a remote server?

What configuration file do I need to edit on a Windows universal forwarder to exclude performance monitoring?

How to handle SSL certificate verification for REST API calls from a Splunk app/add-on?

Splunk Universal Forwarder and TCP Data: What exactly is Splunk looking for to determine EOF?

Can anyone provide guidance on my plan to configure cold storage in indexes.conf?

How to configure inputs.conf on a Splunk forwarder to only read a file once?

Why does monitoring for a log file keep stopping and getting error "BatchReader - Removed from queue..."?

How to configure file monitoring to make the full content of a file as one event?

How to configure transforms.conf on a heavy forwarder to combine sourcetype and host into one host key?

Why were logs indexed at a time when Splunk was not running on the host?

Should we install universal forwarders at each of our branch locations to forward data directly to Splunk Cloud?

How do we calculate the RAM usage by applications on different servers?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions