Getting Data In

Discussions

Thread Info

Splunk and Overlay Transport Virtualization (OTV) Network between Data Centers?

Has anyone implemented Splunk over OTV? Is there any flaws or merits to this approach? The forwarders will be on a...

by SplunkTrust in

There was an error retrieving the configuration, can not process this page. After upgrade to Splunk6

I upgraded a Windows 2008 R2 instance of Splunk 5.05 to Splunk 6 over the weekend. Prior to that I had been working o...

by Explorer in

Is there any way to tell Splunk to read a file(csv) in a particular period of time ?

Is there any way to tell Splunk to read a file(csv) in a particular period of time ? Splunk should read a file onl...

by Explorer in

How can I find the difference in days between two timestamps in this format?

Hi, I would like to find out the difference in days between two timestamps however the time format is a little wei...

by New Member in

How to Update a Lookup Table

Hi, I wonder whether someone may be able to help me please. I'm using the query below to successfully create a 'lo...

by Motivator in

Splunk having issues with offsetting TZ for epochtime

I'm trying to set a TZ for epoch time but Splunk is not accepting it. Is there an issue with offsetting using epoch t...

by Champion in

Index query question (latest event from each source type by host)

I have been having a lot of problems with our Windows 2008 R2 Domain Controllers falling behind in just the security ...

by Explorer in

Help with LINE_BREAKING

hI, I have a file that appears to break correctly in the data preview, but after I index it, it's not appearing co...

by Champion in

Why is Splunk not getting all Windows security events from some Active Directory servers?

I have the universal forwarder installed on three Active Directory servers and I have a dashboard with a panel that s...

by Communicator in

Error event time (one more year)

Hi all, In DB Input of DB CONNECT, inside PARAMETERS, I configured to CHOOSE COLUMN on timestamp, instead default ...

by Explorer in

Anonymize multiple occurrences on the same log event

Hi, I am able to anonymize data in Splunk using props.conf and transforms.conf but not able to anonymize multiple ...

by Communicator in

Can the Splunk universal forwarder forward Sybase audit logs to Splunk?

Hi, Can the Splunk Universal Forwarder forward Sybase audit logs to Splunk? thanks

by Engager in

Splunk forwarder accept files from remote server

Hi Team, We are installing forwarder on one server and would require to connect to a remote server for getting the...

by Path Finder in

How to copy the field values of one event to another event of different sources by comparing with IP and MAC ?

I tried to extract fields form different sources by comparing two IPs. I want to copy the fields of location and stat...

by Explorer in

Add a field to a sourcetype with a static value

I wanted to add a field to a specific sourcetype basically nocmessage="ignore this server" Seemed easy eno...

by Builder in

Log4j events line-break not consistent

I'm bringing in alfresco logs, in this case share.log and for the most part the events are broken up by line correctl...

by Communicator in

Searching across clustered and standalone indexers

Hi, I've been reading related questions on this topic but I fear they're outdated as of 6.3. Can I configure a se...

by Path Finder in

Anonymize only Child Nodes

Hello, I was wondering could anyone help me figure out the sed script required and regex to Anonymize child nodes fro...

by Explorer in

How to extract a key and value from the Raw data?

While I understand the regex command and click based extraction of data fields. How do I extract both of them via the...

by Communicator in

Why are my Splunk 6.3.1 AIX forwarders only forwarding _internal data, not the file being monitored?

I have several AIX forwarders that are not liking what I think is a simple monitor. We are looking for 1 file to inge...

by Path Finder in

How to over ride sourcetype using curl command for Http event collector?

Hi, I configured Http Event collector(EC) in my local through GUI (generated token,created index and source type) ...

by Explorer in

TCP Routing and Anonymizing data

Hi, I am trying to anonymize data at the forwarder level (or deployment-server) before forwarding the data to the ...

by Communicator in

Need SailPoint data in Splunk

SailPoint is our new Identity Governance application. I need to access SailPoint data from within Splunk. I'm not a S...

by Path Finder in

Splitting fields with slashes

Anyone else having trouble or have guidance to split fields backslashes such as with file paths? The field value i...

by New Member in

Create new index without restarting Splunk indexer?

I understand that in the year 2013 it may be possible to create a new index without having to restart the indexer? If...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk and Overlay Transport Virtualization (OTV) Network between Data Centers?

There was an error retrieving the configuration, can not process this page. After upgrade to Splunk6

Is there any way to tell Splunk to read a file(csv) in a particular period of time ?

How can I find the difference in days between two timestamps in this format?

How to Update a Lookup Table

Splunk having issues with offsetting TZ for epochtime

Index query question (latest event from each source type by host)

Help with LINE_BREAKING

Why is Splunk not getting all Windows security events from some Active Directory servers?

Error event time (one more year)

Anonymize multiple occurrences on the same log event

Can the Splunk universal forwarder forward Sybase audit logs to Splunk?

Splunk forwarder accept files from remote server

How to copy the field values of one event to another event of different sources by comparing with IP and MAC ?

Add a field to a sourcetype with a static value

Log4j events line-break not consistent

Searching across clustered and standalone indexers

Anonymize only Child Nodes

How to extract a key and value from the Raw data?

Why are my Splunk 6.3.1 AIX forwarders only forwarding _internal data, not the file being monitored?

How to over ride sourcetype using curl command for Http event collector?

TCP Routing and Anonymizing data

Need SailPoint data in Splunk

Splitting fields with slashes

Create new index without restarting Splunk indexer?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions