Getting Data In

Community Activity

	How can we make sure the appropriate key-value pairs from different web application logs are indexed in Splunk? We have multiple web applications that have different information being recorded to make sure the appropriate informa... by akhilchhugani New Member in Getting Data In 05-25-2016 0 7	0	7
	How to configure props.conf to line break data in json format? I have events that are coming in 'kinda' json format. I can't get KV_MODE=json to work so I was going to try and do t... by jedatt01 Builder in Getting Data In 05-25-2016 0 4	0	4
	Why are only the first two lines of my CSV file getting indexed? Trying to index a CSV, but only the first two lines are indexing. I want to skip the first line and start indexing ... by fredkaiser Path Finder in Getting Data In 05-24-2016 0 5	0	5
	If we have multiple logs from various web applications with different key value pairs and different formats how can we extract different information from each type of log I do not understand how the indexing in splunk works, if there are multiple types of log files and we want only certa... by ac123 New Member in Getting Data In 05-24-2016 0 1	0	1
	Can a 6.3.3 standalone Search Head connect to a 6.4.1 indexer in an indexer cluster? Hi, We've set up our dev environment to use 6.4.1, and are testing it with some customers. When they try to add the ... by a212830 Champion in Getting Data In 05-24-2016 0 1	0	1
	Does anyone have experience with how indexing latency affects accelerated data models and how to handle this? Has anyone had any experience on how indexing lag affects accelerated data models and ways to mitigate the issue? Th... by romedome Path Finder in Getting Data In 05-24-2016 0 4	0	4
	Why does Splunk seem to have more than 90 days of data with our frozenTimePeriodInSecs setting? We changed frozenTimePeriodInSecs = 10368000 (120 days from 90 days) for the layer7 index 30 days ago. It shows the... by ddrillic Ultra Champion in Getting Data In 05-24-2016 0 3	0	3
	Why am I still seeing data older than my frozenTimePeriodInSecs retention setting? I have set the values to maxDataSize = 1024 maxHotIdleSecs = 86400 maxWarmDBCount = 30 frozenTimePeriodInSecs = 6480... by neelamsantosh Path Finder in Getting Data In 05-24-2016 0 2	0	2
	Why is the timezone for DNS logs from multiple regions not getting localized? Hi, I have DNS logs coming from multiple geographies -Australia, India etc. My whole Splunk infrastructure is in UTC... by lohitkidu Path Finder in Getting Data In 05-24-2016 0 3	0	3
	Data is currently indexed with past and future dates. How to configure Splunk to only index data using the System Date/Time? What is needed to change Splunk to only index using the System Date/Time? I have data indexed today with a date of 20... by ezajac Path Finder in Getting Data In 05-24-2016 0 1	0	1
	How to measure the amount of data getting into Splunk heavy forwarders from a certain source? There are two heavy forwarders with F5 load balancer placed behind these servers to manage the load (syslog) and thes... by Hemnaath Motivator in Getting Data In 05-24-2016 0 3	0	3
	How can a specific time period of logs be recovered from one Splunk indexer, then restored into another indexer? For example, if I needed the logs dated from January 1, 2016 - January 31, 2016 moved to a different indexer. How can... by cmcdole Path Finder in Getting Data In 05-24-2016 0 5	0	5
	Is Python the only supported language, or can I create a custom command or macro via Ruby? All, A vendor just sent me this script to decode their vendor message table. It's not just a simple lookup, but a c... by daniel333 Builder in Getting Data In 05-24-2016 0 1	0	1
	Why is line breaking not working as expected for my XML data when I edit .conf files directly? Hi everyone, Can someone please explain why these steps won't work? XML file that I input in Splunk are one event, l... by gagi76 New Member in Getting Data In 05-23-2016 0 3	0	3
	How to set default values for new sourcetypes? How can I set up several sourcetypes to inherit the values from one place so I don't have to edit 10 different ones t... by dougmartin Path Finder in Getting Data In 05-23-2016 0 2	0	2
	crcSalt question - index all I already know that without crcSalt Splunk checks the first 256 characters, and the crcSalt = the Splunk checks the... by renanprado96 Path Finder in Getting Data In 05-23-2016 0 6	0	6
	Is there anyway to fetch the logs of Live HTTP/HTTPs traffic? Is there anyway to fetch the logs of Live HTTP/HTTPs traffic (Web traffic)? For E.G : I am searching multiple sit... by umang_solanki New Member in Getting Data In 05-23-2016 0 3	0	3
	How to troubleshoot why splunkd isn't starting on one indexer in an indexer cluster? Hi all, I have an issue with one indexer in a clustered environment. It went down due to some server issue and the s... by kiran331 Builder in Getting Data In 05-23-2016 0 1	0	1
	WinEventLog:Security events got reindexed after a disaster recovery event. How do we prevent this reindexing from happening? For our office Disaster Recovery plan, we use Hyper-V replication to replicate our servers offsite. Yesterday we had ... by jwinderDDS Path Finder in Getting Data In 05-23-2016 0 2	0	2
	How to send certain indexed data to a syslog server? I want to send indexed data to a syslog server. I created "syslog1", and I want to send this indexed data only to th... by srisahitya_v Communicator in Getting Data In 05-23-2016 0 1	0	1
	How can I Filter search results to only show sequential time buckets? I have the need to filter the results of my search to only show 30 minutes of consecutive 5 minute time buckets. In o... by jedatt01 Builder in Getting Data In 05-23-2016 0 6	0	6
	Can I expand the length of a drop-down input field to display the whole string for values? I have the situation where I'm using a lookup to populate a drop-down input, and in one of my dashboards, many of the... by caulfiel005 Explorer in Getting Data In 05-23-2016 0 3	0	3
	pre-trained source types Hi, I have a question regarding best practices for sourcetypes and how pre-trained sourcetypes work. I had some jav... by a212830 Champion in Getting Data In 05-22-2016 0 1	0	1
	How to use splunk to monitor my own router for event analysis? Hello guys, I am very new to splunk enterprise so please bear with me... Just want some advice or getting started ... by csevilla New Member in Getting Data In 05-22-2016 0 6	0	6
	How to configure both CLEAN_KEYS=false in transforms.conf and KV_MODE=auto in props.conf? My logs contain many kv pairs, and some field names contain hyphens characters as well: timestamp="PST 2015-12-01 11... by splunkIT Splunk Employee in Getting Data In 05-21-2016 0 4	0	4

Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale" You know Splunk. You know Cisco. But have you seen ...

Getting Data In

How can we make sure the appropriate key-value pairs from different web application logs are indexed in Splunk?

How to configure props.conf to line break data in json format?

Why are only the first two lines of my CSV file getting indexed?

If we have multiple logs from various web applications with different key value pairs and different formats how can we extract different information from each type of log

Can a 6.3.3 standalone Search Head connect to a 6.4.1 indexer in an indexer cluster?

Does anyone have experience with how indexing latency affects accelerated data models and how to handle this?

Why does Splunk seem to have more than 90 days of data with our frozenTimePeriodInSecs setting?

Why am I still seeing data older than my frozenTimePeriodInSecs retention setting?

Why is the timezone for DNS logs from multiple regions not getting localized?

Data is currently indexed with past and future dates. How to configure Splunk to only index data using the System Date/Time?

How to measure the amount of data getting into Splunk heavy forwarders from a certain source?

How can a specific time period of logs be recovered from one Splunk indexer, then restored into another indexer?

Is Python the only supported language, or can I create a custom command or macro via Ruby?

Why is line breaking not working as expected for my XML data when I edit .conf files directly?

How to set default values for new sourcetypes?

crcSalt question - index all

Is there anyway to fetch the logs of Live HTTP/HTTPs traffic?

How to troubleshoot why splunkd isn't starting on one indexer in an indexer cluster?

WinEventLog:Security events got reindexed after a disaster recovery event. How do we prevent this reindexing from happening?

How to send certain indexed data to a syslog server?

How can I Filter search results to only show sequential time buckets?

Can I expand the length of a drop-down input field to display the whole string for values?

pre-trained source types

How to use splunk to monitor my own router for event analysis?

How to configure both CLEAN_KEYS=false in transforms.conf and KV_MODE=auto in props.conf?

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

How to Integrate and ingest the audit logs of Cymu...

Clarity on metrics license usage and how the data ...

ServiceNow Technical Add-on for CMDB Pull

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Getting Data In

Join the Conversation