Getting Data In

Community Activity

Splunk Reindexes File that gets a new first line when closed Hello, My problem is simple to explain: I have an app that generates logs that are written whenever a new action is ... by TiagoMatos Path Finder in Getting Data In 04-24-2016 0 31	0	31
Why are IIS logs not being indexed from Windows Share? I have a universal forwarder (6.3.3 x64) installed on Windows Server 2012 R2 that is supposed to index IIS logs that ... by seanbarbour New Member in Getting Data In 04-24-2016 0 3	0	3
How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events? Hello, I'm trying to accept TCP input from a device which wraps each transmission into STX/ETX pair (ASCII 002/003), ... by arkadyz1 Builder in Getting Data In 04-22-2016 0 13	0	13
get source files not updated in last 1 hour I want to get source files not updated in last 1 hour in specific host. Like in host java123 there are 2 logs /logs/a... by nani2rahul New Member in Getting Data In 04-22-2016 0 1	0	1
Hourly CPU spike on indexers Hey, Is there some internal scheduled event on an indexer than runs every hour? We're seeing our average CPU go fro... by Kindred Path Finder in Getting Data In 04-22-2016 0 9	0	9
Why is the Splunk Python SDK not returning formatted numbers in the JSON response? Splunk Python SDK does not return formatted numbers in the JSON response. Example: \|eval var1=tonumber(var2)\| table... by lpolo Motivator in Getting Data In 04-22-2016 0 2	0	2
universal forwarder on windows: installation directory must be on a local hard drive I've installed the universal forwarder on two of my domain controllers without issue. For some reason, on the remain... by vistek New Member in Getting Data In 04-22-2016 0 5	0	5
Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields? Splunk inherently has host and source fields to log the host (forwarder) and source (log file) for each event. Howeve... by thisissplunk Builder in Getting Data In 04-21-2016 0 4	0	4
setup.xml: still magic for beginners - how can I realize an "I agree" confirmation? we have two problems with setting up a setup.xml file: 1) actually we want to use the setup.xml file to just infor... by DrFedtke Explorer in Getting Data In 04-21-2016 3 1	3	1
Is there a parser that will convert Windows SDDL or ACE format strings into human readable content? Hi, Is anyone aware of an existing parser that will convert windows SDDL format or ACE format strings into human re... by javiergn Super Champion in Getting Data In 04-21-2016 0 1	0	1
What is the endpoint to access splunk-launch.conf via REST API? I am trying to access splunk-launch.conf from REST API. I've been through the REST API documentation and still can't ... by panovattack Communicator in Getting Data In 04-20-2016 0 1	0	1
How can I create a Dashboard to display only those domain User Accounts for which the contents of a specific AD attribute has changed? Specifically, if an AD user account attribute "employeeType" changes from "NULL" to "Contractor", how can I detect/fi... by untieshoe Path Finder in Getting Data In 04-20-2016 0 24	0	24
How to configure props.conf for a Unix timestamp in a JSON log file? All, I have a json log file we're bringing in. Its time is logged as: "start":"1461191869.576” Any idea on whe... by daniel333 Builder in Getting Data In 04-20-2016 0 1	0	1
Why am I unable to delete Splunk from an Ubuntu server? I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I r... by splunkfly New Member in Getting Data In 04-20-2016 0 4	0	4
REST api no results from sid Splunk 6.1.0 (build 206881) Mac OSX input: curl -u admin:splunker -k https://localhost:8089/services/search/jobs -d'... by bleung93 Path Finder in Getting Data In 04-20-2016 0 3	0	3
How to configure inputs.conf to monitor files which get created automatically after reaching a certain size? I have file called console.log. When its size reaches to 512MB, another file gets created with the name console_serve... by chandra61446 New Member in Getting Data In 04-20-2016 0 2	0	2
I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web? HI, I am new to Splunk. Apologies if the same question was asked earlier. I am posting here as I couldn't find the ... by murthychitturi New Member in Getting Data In 04-20-2016 0 4	0	4
How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe? Hi, my events have a field with epochtime which I want to use in the very first pipe to filter the search Of course ... by HeinzWaescher Motivator in Getting Data In 04-20-2016 0 4	0	4
Change tag permission via REST API (cURL) I have a curl statement which is sent to the rest api of my search head to add some tags based upon some criteria, af... by LewisWheeler Communicator in Getting Data In 04-20-2016 0 9	0	9
Find line number of search string in multiline event I have multiline events and I need to identify which line number a search string appears in. Preferred would be a sol... by snoobzilla Builder in Getting Data In 04-20-2016 0 2	0	2
After rebuilding a Splunk server, is there way to centrally tell all my forwarders to resend all logs prior to the system going down? Recently I had to rebuild our Splunk server. Luckily we had the config files so was able to get everything back up an... by erickopp Engager in Getting Data In 04-19-2016 0 1	0	1
Why is Windows event log message data being truncated and only the first 2 lines are getting forwarded? Hi I am having a strange issue where some of the message or 'EventData' is missing from the forwarded Windows event ... by andrefriedmann New Member in Getting Data In 04-19-2016 0 9	0	9
When I try to add or delete port 9997, why do I get the same "Error occurred attempting to remove 9997...Could not find config id for port"? When I try deleting port 9997, I get the following problem: Error occurred attempting to remove 9997: In handler 'co... by alexlit Explorer in Getting Data In 04-18-2016 1 4	1	4
Why is Splunk indexing two hostnames when I only have one set in inputs.conf? I am monitoring two files: /var/log/secure and /var/log/messages In the Data Summary Hosts tab, I have two hosts: my... by sureshsala Explorer in Getting Data In 04-18-2016 0 1	0	1
Is it possible to prioritize what data is forwarded from a heavy forwarder? (ex: security data first, then non-security data) Hi everybody, I'm new in Splunk, so be gentle, please. So that's the scenario: I have a Splunk Heavy forwarder, an... by dkeck Influencer in Getting Data In 04-18-2016 3 5	3	5

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them. As ...

Index This | What has goals but no motivation?

June 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Getting Data In

Splunk Reindexes File that gets a new first line when closed

Why are IIS logs not being indexed from Windows Share?

How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events?

get source files not updated in last 1 hour

Hourly CPU spike on indexers

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

universal forwarder on windows: installation directory must be on a local hard drive

Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields?

setup.xml: still magic for beginners - how can I realize an "I agree" confirmation?

Is there a parser that will convert Windows SDDL or ACE format strings into human readable content?

What is the endpoint to access splunk-launch.conf via REST API?

How can I create a Dashboard to display only those domain User Accounts for which the contents of a specific AD attribute has changed?

How to configure props.conf for a Unix timestamp in a JSON log file?

Why am I unable to delete Splunk from an Ubuntu server?

REST api no results from sid

How to configure inputs.conf to monitor files which get created automatically after reaching a certain size?

I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web?

How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?

Change tag permission via REST API (cURL)

Find line number of search string in multiline event

After rebuilding a Splunk server, is there way to centrally tell all my forwarders to resend all logs prior to the system going down?

Why is Windows event log message data being truncated and only the first 2 lines are getting forwarded?

When I try to add or delete port 9997, why do I get the same "Error occurred attempting to remove 9997...Could not find config id for port"?

Why is Splunk indexing two hostnames when I only have one set in inputs.conf?

Is it possible to prioritize what data is forwarded from a heavy forwarder? (ex: security data first, then non-security data)

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

Index This | What has goals but no motivation?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

ClamAV 'Last Scanned' and 'Definition Date' not po...

CiscoSecurityCloud TA 3.6.7 -eStreamer ingestion f...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation