Getting Data In

Discussions

Thread Info

Problem with 64-Bit SNMP OIDs

When polling DOCSIS 64-bits OIDs I noticed that I must add the OID instance value in order for data to be received fo...

by Explorer in

slow "command.search.kv" phase

I have slow searches on one particular index, which is receiving apache access.log files. When I inspect my jobs, I ...

by Explorer in

caching events to disk on Universal Forwarder

Hi! According to documentation on outputs.conf, maxQueueSize sets value for amount of RAM that queue can take when in...

by Explorer in

Is there a list of what Splunk Cloud API Access is available automatically on sign-up, which have to be requested, and which aren't allowed?

Greetings - With Splunk Cloud, there is a RESTful API available for use, however, many of these functions overlap wit...

by Explorer in

My "rex mode=sed" works in search, but why does it not work configuring with SEDCMD in props.conf?

Hello, I tried this index=s4 *Error* | rex mode=sed field=_raw "s/(\w+\tError\t\d\t[^\t]*\s\d{4}\-\d{2}\-\d{2}...

by Path Finder in

Distributed Management Console: How to monitor and alert if forwarders have not phoned home over 24 hours?

In the Distributed Management Console, there is a pre-built alert called "DMC Alert - Missing forwarders", and inside...

by Engager in

How to configure a universal forwarder to keep rotated log sizes to 25MB each?

I installed the Splunk universal forwarder (agents) on several clients, running several days. # pwd /opt/splunkfor...

by New Member in

How do I configure line breaking for this text file?

Hello Splunkers, I'm having an issue with my event break. I have a huge text file with no line breaks that looks s...

by Super Champion in

How to configure proper line breaking in props.conf on the universal forwarder for my sample data?

Hi beloved Splunkers, I'm currently trying to set up a data connection between one of our servers and my Splunk de...

by Motivator in

How to have dynamic form inputs/prompts reset their values to default upon selecting a new input of the Parent prompt?

HI All; I have and issue dealing with a dynamic prompt: I have 3 prompts. The first prompt selects the day an...

by Path Finder in

Sharepoint logs are coming in Hex

Attempting to Splunk Sharepoint 2010 logs but it's unreadable in the UI 0\x004\x00/\x001\x007\x00/\x002\x000\x001....

by Motivator in

Splunk php sdk error fopen (https://localhost:8089/services/auth/login): failed to open stream: operation failed

Getting started with the Splunk API using php and am encountering this issue. Curl works with -k as one would expect....

by New Member in

How to parse JSON data at search-time?

I am getting different types of data from source. It can be XML or JSON. For XML, I am just indexing whole file a...

by Explorer in

Using Asterisk's CDR stats from a CSV file, how can I create a report showing the sum of duration values per extension?

Hi all. I am working with asterisk's cdr stats from a CSV file. Sample content of CSV: accountcode, src, d...

by Builder in

Is it possible to get field values from metadata results?

I'm running a command to get a list of source types that haven't had data in 7 days, so in short, I'm looking for stu...

by Communicator in

How to process json array data inside an event

I have the following json array within an event: backupUsage: [ [-] { [-] archiveBytes: 813327...

by Path Finder in

How to troubleshoot the disk space issues on a Splunk indexer?

I need to know the step by step procedure to troubleshoot the disk space issues on an indexer.

by Explorer in

Why are my headers being indexed from my csv file?

I am trying to do a simple monitor data input of a csv file with the following format: Id,User,Action,_time,Comme...

by Contributor in

How to configure Splunk to keep _internal data longer than 30 days?

For some reason _internal is only available for the last 30 days even though it has not reached its max size limit st...

by Path Finder in

日本語の Windows OS で diagコマンドを実行した際に、UnicodeDecodeErrorが発生し、diag が作成できません。

Splunk ver.6.3.2 にて、日本語の Window 環境で diag を作成しようとした際に、下記のように、UnicodeDecodeError が発生して diag の作成に失敗します。英語環境では、発生しません。 ...

by Communicator in

How do disk space issues occur in Splunk indexers and what are the options to troubleshoot or prevent this from happening?

I was trying to figure it out how disk space issues occur in the indexers and what are the possible outcomes to get o...

by Explorer in

How to calculate maximum *nix heavy forwarder capacity/thruput based on memory & cores

Fellow Splunkers! I've spent a lot of time on both the answers and splunkbase sites but can't seem to find a simple f...

by Path Finder in

[ Changing the direction of a splunk query]

We ran into a somewhat strange issue recently: We have a complex search that needs to be run in the opposite order...

by Builder in

How to Re-Populate Summary Index?

I have a summary index set up to populate every hour. The forwarder that populated the summary index was down for a f...

by SplunkTrust in

Download link for 6.3.3 Mac universal forwarder is broken, kaput, non functional

Has anyone had any success downloading the 6.3.3 universal forwarder for Mac?

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Problem with 64-Bit SNMP OIDs

slow "command.search.kv" phase

caching events to disk on Universal Forwarder

Is there a list of what Splunk Cloud API Access is available automatically on sign-up, which have to be requested, and which aren't allowed?

My "rex mode=sed" works in search, but why does it not work configuring with SEDCMD in props.conf?

Distributed Management Console: How to monitor and alert if forwarders have not phoned home over 24 hours?

How to configure a universal forwarder to keep rotated log sizes to 25MB each?

How do I configure line breaking for this text file?

How to configure proper line breaking in props.conf on the universal forwarder for my sample data?

How to have dynamic form inputs/prompts reset their values to default upon selecting a new input of the Parent prompt?

Sharepoint logs are coming in Hex

Splunk php sdk error fopen (https://localhost:8089/services/auth/login): failed to open stream: operation failed

How to parse JSON data at search-time?

Using Asterisk's CDR stats from a CSV file, how can I create a report showing the sum of duration values per extension?

Is it possible to get field values from metadata results?

How to process json array data inside an event

How to troubleshoot the disk space issues on a Splunk indexer?

Why are my headers being indexed from my csv file?

How to configure Splunk to keep _internal data longer than 30 days?

日本語の Windows OS で diagコマンドを実行した際に、UnicodeDecodeErrorが発生し、diag が作成できません。

How do disk space issues occur in Splunk indexers and what are the options to troubleshoot or prevent this from happening?

How to calculate maximum *nix heavy forwarder capacity/thruput based on memory & cores

[ Changing the direction of a splunk query]

How to Re-Populate Summary Index?

Download link for 6.3.3 Mac universal forwarder is broken, kaput, non functional

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions