Getting Data In

Thread Info

How to configure a forwarder to listen on tcp/udp for syslog for Splunk Light cloud service?

Hey, I'm new to Splunk, so I may be missing something... However, I can't seem to configure a forwarder to listen...

by New Member in

If compressing tsidx files in frozen archives, is it possible to ressurect frozen data without uncompressing?

In the sample cold to frozen script $SPLUNK_HOME/bin/compressedExport.sh.example, Splunk's tsidx files are gzipped du...

by Splunk Employee in

How do I configure a universal forwarder to send data to the Splunk Cloud free trial?

Hi, I recently started using the Splunk Cloud free trial. I installed a universal forwarder locally and authorized...

by Explorer in

On a Splunk 6.4.x system -- Unable to see remote inputs from Settings / Data Inputs / .. get 404 NOT found

I have run into this issue a couple of times, where an end user is unable to access the remote inputs on e.g. remo...

by Splunk Employee in

I don't want to monitor or forward the Apache log files to Splunk server anymore. Is there any solution to stop it or delete it?

sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2 I don't want to...

by New Member in

Why is Splunk line breaking a single IDS Alert event into two events?

Splunk is breaking ids single event into two events, such as: 4/11/16 2:42:46.152 PM 04/11-14:42:46.152985 00:05:...

by Explorer in

How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log

I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslo...

by New Member in

Upgrading a Splunk 5.0.5 Heavy Forwarder to a 6.x Universal Forwarder, how do we prevent reindexing of all events during migration?

Migrating from a Splunk 5.0.5 Heavy Forwarder to 6.x Universal Forwarder, we want to take over current checkpoints to...

by Splunk Employee in

How to configure outputs.conf on a forwarder to route logs to different sets of indexers?

We have single server where we installed a Splunk forwarder and we want to configure outputs.conf such a way that cer...

by New Member in

Upgrading a univeral forwarder to a heavy weight forwarder

I need to upgrade a forwarder from a universal to a heavy weight one. Now I could just blow away my instance and star...

by Path Finder in

How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time?

Hello everybody, I have JSON data that I generate from a Python script. It looks like this: { "leaderboard"...

by Explorer in

How do I figure out why custom conf files are not being imported?

I am in the process of moving my indexer to a new server, and in the process, I thought it would be a good idea to co...

by New Member in

How to ingest more than 1000 events using the monitor setting from the WUI

Hello all, My question is that I have a cvs file that is being updated every hour or so lets say its called test.csv...

by Path Finder in

How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector?

Yes, this question has been asked a hundred times. I have looked at all of the examples, but my grasp of the differen...

by Communicator in

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files?

We are processing CSV files to index in Splunk, but the Splunk forwarder is always forwarding files twice. Can you pl...

by Builder in

Why am I getting "Login failed" trying to add a Splunk universal forwarder?

I am using Splunk Enterprise (Amazon Market Place AMI) I have added Forwarding receiving port 9997 Installed universa...

by Explorer in

Where Is Timezone Offset Information on Universal Forwarder?

Trying to determine why some of my forwarders sending in data from Windows virtual desktop instances are having their...

by Path Finder in

Scripted Input and not working well with linux "Find" Command

Hi Guys, Am i not sure if anyone has a solution for this. But I am not able to get any output when i run the linux fi...

by New Member in

Why am I unable to disable a Deployment Client using a "splunk" user account?

Hello Guys, I have installed a Splunk Universal Forwarder in my environment and set the deployment server. I also ...

by Path Finder in

about Splunk Backend?

Hello, I have several questions about splunk's backend to which I was unable to find a clear answer : 1) What i...

by Explorer in

How to use a Splunk forwarder directory name (segment) as an event tag?

Hello! I was wondering how to use a directory name (segment) as an event tag. For example: C:\bin\code\python\t...

by New Member in

TcpOutputProc - Cooked connection to ip=timed out

Im getting below error on my heavy forwarder logs, 6 indexers are connect that HF , 4 indexers are working fine. Only...

by Path Finder in

Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf?

Hey there, We have a distributed Splunk environment... so, we have universal forwarders sending data to a heavy f...

by Communicator in

How to use strptime for a time field in the format hhmm?

In my new data set, the time comes in the format 1652 as it relates to 4:52pm. However, when it is before 1AM it come...

by Path Finder in

Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers?

Is there a process I can use with Splunk to pull audit logs on how, who, when, and where directories are being create...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to configure a forwarder to listen on tcp/udp for syslog for Splunk Light cloud service?

If compressing tsidx files in frozen archives, is it possible to ressurect frozen data without uncompressing?

How do I configure a universal forwarder to send data to the Splunk Cloud free trial?

On a Splunk 6.4.x system -- Unable to see remote inputs from Settings / Data Inputs / .. get 404 NOT found

I don't want to monitor or forward the Apache log files to Splunk server anymore. Is there any solution to stop it or delete it?

Why is Splunk line breaking a single IDS Alert event into two events?

How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log

Upgrading a Splunk 5.0.5 Heavy Forwarder to a 6.x Universal Forwarder, how do we prevent reindexing of all events during migration?

How to configure outputs.conf on a forwarder to route logs to different sets of indexers?

Upgrading a univeral forwarder to a heavy weight forwarder

How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time?

How do I figure out why custom conf files are not being imported?

How to ingest more than 1000 events using the monitor setting from the WUI

How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector?

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files?

Why am I getting "Login failed" trying to add a Splunk universal forwarder?

Where Is Timezone Offset Information on Universal Forwarder?

Scripted Input and not working well with linux "Find" Command

Why am I unable to disable a Deployment Client using a "splunk" user account?

about Splunk Backend?

How to use a Splunk forwarder directory name (segment) as an event tag?

TcpOutputProc - Cooked connection to ip=timed out

Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf?

How to use strptime for a time field in the format hhmm?

Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions