Getting Data In

Community Activity

Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener? I have a similar, but not the same inconsistency issue with inputs.conf on distributed setup. I have udp listener on... by strangelaw Explorer in Getting Data In 04-05-2016 0 5	0	5
How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer? Hi guys! How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer? I need to coll... by jfeitosa Path Finder in Getting Data In 04-05-2016 0 2	0	2
Can I override two keys in one transforms stanza? My current situation is that a bunch of files are all being dumped into one directory for the forwarder to monitor a... by lyndac Contributor in Getting Data In 04-05-2016 0 4	0	4
Can I forward some logs from Splunk Light Free to a third party syslog server? Can Splunk Light Free forward some logs to a third party server? Ex. I have Splunk Light free monitoring some log fi... by DotTest37 Path Finder in Getting Data In 04-05-2016 0 2	0	2
tarAndChecksum error for deployed app inputs.conf Hi, I'm trying to send configuration through an app to one of my the universal forwarders. The app consists of an in... by andrewdidone Path Finder in Getting Data In 04-05-2016 2 5	2	5
Distributed Search Environment: Do accelerated data models reside on the indexer or search head? I have an app with an accelerated data model. The data model is defined in a JSON file while the acceleration is enab... by helge Builder in Getting Data In 04-05-2016 2 4	2	4
How can i change the permissions of dynamically created Tags through REST API ? Searched for answers, but couldn't figure it out. The closest answer was: how-to-change-sharing-and-permissions-for-a... by kartik13 Communicator in Getting Data In 04-05-2016 0 8	0	8
How to get a default value and assign all values to "All" in a drop-down from a CSV file input? Hi, I am getting 2 issues when I am creating a dashboard. I have 2 multiselect drop-downs. If I select a value fro... by Laya123 Communicator in Getting Data In 04-05-2016 0 6	0	6
How to configure outputs.conf on an OSSEC server to forward logs to a Splunk indexer? I am trying to get a forwarder using the outputs.conf file on an ossec server to forward the logs to a splunk server.... by kkingsland Engager in Getting Data In 04-05-2016 1 2	1	2
When I uploaded a document, I am getting the error "Parameter name: Path must be absolute". What could be the reason? by vijaymythili New Member in Getting Data In 04-05-2016 0 7	0	7
Indexer Tuning Best Practices: How to decide which apps or add-ons are not needed? I want to clean up the indexers and remove unnecessary Apps that could be using up unnecessary CPU and memory. I have... by hartfoml Motivator in Getting Data In 04-04-2016 0 1	0	1
I am using third party forwarding from Splunk to QRadar but the events are not being displayed correctly. How can I correct this? My Splunk setup is a UF sending to an indexer. That indexer is then forwarding everything to QRadar. When I look at t... by DerekB Splunk Employee in Getting Data In 04-04-2016 4 7	4	7
How to link fields with different names across sources? I have two types of transactions, one coming from a mobile app when a push notification is sent, looks approx like th... by bnash_splunk Splunk Employee in Getting Data In 04-04-2016 1 7	1	7
Best possible way to to create sourcetypes - Server role, place and config file? Forgive me if this has been answered before but my googling has failed me - I have a forwarder that batches log file... by thisissplunk Builder in Getting Data In 04-04-2016 0 4	0	4
Why is LINE_BREAKER not always separating? I have a log that starts each event by a new line starting with a timestamp followed by a space and pipe, like the fo... by meburbo New Member in Getting Data In 04-04-2016 0 3	0	3
Splunk Add-on for Microsoft Azure We are looking at using the new splunk add-on for Microsoft azure, but am not sure if can cover all our requirements.... by peppco New Member in Getting Data In 04-04-2016 0 1	0	1
I created a new index, but why am I not able to access it via REST API to post data to the new index? I created a new index called perftestresults and I am able to see it when I search using the below Splunk command, bu... by sh0stat_25 Engager in Getting Data In 04-04-2016 0 10	0	10
How to control how much data is sent from a forwarder to be indexed? We have allowed specific type of data, but someone changed the debug level and allowed events to increase from 50 to ... by anantadeshpande New Member in Getting Data In 04-04-2016 0 1	0	1
sourcetype isn't parsing DHCP data correctlyon indexer but does when I manually add on search head I am attempting to parse windows DHCP data, for those who aren't familiar with the format, the logs have a descriptio... by rusty009 Path Finder in Getting Data In 04-04-2016 0 2	0	2
How did logs from a heavy forwarder get indexed when Splunk was not running? Splunk was running on a heavy forwarder during the time period 00:00 to 00:20. Related logs also have been found in s... by Madhan45 Path Finder in Getting Data In 04-04-2016 0 3	0	3
Is it the forwarder or indexer that unzips monitored zip files? I understand that Splunk first uncompresses the monitored zip files and only then indexes them. Where does the uncomp... by reggie_123 Explorer in Getting Data In 04-03-2016 0 2	0	2
How to append in a csv file only records which are unique from a certain point of time? Hi, I need to append in a csv file only records which are unique from a certain date/time. The aim is to have only ... by skender27 Contributor in Getting Data In 04-02-2016 0 2	0	2
Props.conf stanza matching hosts with literal pipe in name? I would like to build a props stanza for hosts that have a literal pipe in their name. I have tried a few different f... by muebel SplunkTrust in Getting Data In 04-01-2016 0 1	0	1
Splunk and Overlay Transport Virtualization (OTV) Network between Data Centers? Has anyone implemented Splunk over OTV? Is there any flaws or merits to this approach? The forwarders will be on a m... by muebel SplunkTrust in Getting Data In 04-01-2016 2 1	2	1
There was an error retrieving the configuration, can not process this page. After upgrade to Splunk6 I upgraded a Windows 2008 R2 instance of Splunk 5.05 to Splunk 6 over the weekend. Prior to that I had been working ... by chaoslodge Explorer in Getting Data In 04-01-2016 1 11	1	11

Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community, What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Getting Data In

Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener?

How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?

Can I override two keys in one transforms stanza?

Can I forward some logs from Splunk Light Free to a third party syslog server?

tarAndChecksum error for deployed app inputs.conf

Distributed Search Environment: Do accelerated data models reside on the indexer or search head?

How can i change the permissions of dynamically created Tags through REST API ?

How to get a default value and assign all values to "All" in a drop-down from a CSV file input?

How to configure outputs.conf on an OSSEC server to forward logs to a Splunk indexer?

When I uploaded a document, I am getting the error "Parameter name: Path must be absolute". What could be the reason?

Indexer Tuning Best Practices: How to decide which apps or add-ons are not needed?

I am using third party forwarding from Splunk to QRadar but the events are not being displayed correctly. How can I correct this?

How to link fields with different names across sources?

Best possible way to to create sourcetypes - Server role, place and config file?

Why is LINE_BREAKER not always separating?

Splunk Add-on for Microsoft Azure

I created a new index, but why am I not able to access it via REST API to post data to the new index?

How to control how much data is sent from a forwarder to be indexed?

sourcetype isn't parsing DHCP data correctlyon indexer but does when I manually add on search head

How did logs from a heavy forwarder get indexed when Splunk was not running?

Is it the forwarder or indexer that unzips monitored zip files?

How to append in a csv file only records which are unique from a certain point of time?

Props.conf stanza matching hosts with literal pipe in name?

Splunk and Overlay Transport Virtualization (OTV) Network between Data Centers?

There was an error retrieving the configuration, can not process this page. After upgrade to Splunk6

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Bug? Logical Disk Performance counter ingest NULL ...

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?