Getting Data In

Discussions

Thread Info

Newbie soure type question (SLF4J)

Hi, We are importing a file that is in SLF4J into Splunk (cloud version). Is the log4j source type equivalent? Or ...

by Motivator in

Is it possible to use a deployed app on a UF to add local configuration files for a separate app?

I'm considering using the deployment server to distribute an app per UF with settings specific to that UF. One app be...

by Explorer in

INPUTS.CONF

HI, Beginner at splunk here, can I add custom stanzas to windows -add -on to collect server roles data, or should ...

by Engager in

Help with extracting and filtering header preambles

Hi, We have an ugly custom log file, and we'd like to filter out the beginning of the file. We'd like to start fro...

by Champion in

Monitor Active Directory With Linux Indexer

Hello, I'm trying to capture Active Directory information from an AD server. I installed an universal forwarder in...

by Explorer in

Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class?

I'm evaluating Splunk Light for purchase and running in to some issues collecting Windows Event Logs from multiple se...

by Explorer in

Indexer stops receiving data from forwarders

This is less of a question and more of a record on Splunk Answers of an issue we ran into. Symptoms: You are on Re...

by Path Finder in

Remote installtion of U FWDs on Windows - Specify the deployment server

HI We need to remotely install U FWD on thousands of Linux and WIndows systems. On Linux systems, in the insta...

by Explorer in

Time formatting from a single field

I have a field where time format in: 20020523135537Z which is 05/23/2002 13:53:37 GMT . How can I convert to human re...

by Communicator in

Indexing distributed data - distributed indexes or Forward?

Hello. I'm a new Splunk user, and I'm quite uncertain about how to index some distributed data. I have one SH and mul...

by Builder in

How to troubleshoot why 1 indexer in a Splunk indexer cluster crashed and won't restart with a "Bad Decrypt" error?

HI, I have inherited a clustered Splunk setup and I noticed that 1 of my 2 indexers had crashed a couple of days a...

by Engager in

How do I extract syslog code to carry out a lookup and create new indexed fields for syslog facility and severity?

Hi I'm running Splunk 5.0.4. In the environment I have 2 servers deploy/heavy forwarder Search head/indexer. On...

by New Member in

Can you query the REST API with a non-local account?

Hi, I have a customer who is trying to query the Splunk REST API using an established AD service account, which ha...

by Champion in

Can forwarder read first few lines, then split logs into different indexes?

Folks…gotta question here: I have two websites flowing access_combined into the same directory. Each site nee...

by Splunk Employee in

troubleshooting filtering at Heavy Forwarder with Props.conf / Transform.conf

I am currently passing all logs through a Heavy Forwarder so I can filter out "noisy" logs before they are indexed. I...

by Path Finder in

Timestamp parsing Failing !!! pls help

Hi All, All of a sudden, Timestamp parsing doesn't work in splunk when I index a file manually into the system. It...

by Path Finder in

Anyone bringing NetScout data into Splunk?

Anyone bringing NetScout data into Splunk? If so, how are you achieving this?

by Motivator in

So can you use INDEXED_EXTRACTIONS = w3c with something other than the sourcetype of iis?

If I add INDEXED_EXTRACTIONS = w3c using a sourcetype other than iis, it does not work for defining the field names. ...

by Path Finder in

How to filter out certain events from checkpoint data?

Hi everyone, I need help to create a better regex in my transforms.conf. I am filtering checkpoint data in my Splu...

by Communicator in

データ入力にて指定したパスの "/" が "%2F"と表示される

Splunk version 6.3.2 を使用した際に、データ入力画面でログファイルのパスを指定した際に、"/" が "%2F" と表示されてしまうことが頻繁にあります。正しく、"/" と表示させる方法はありますでしょうか。 ...

by Communicator in

batch stanza in inputs.conf with nullQueue not processing

Hi, I have a batch stanza in my inputs.conf file of my application. I would like to use it to remove old files fro...

by Path Finder in

Indexing of data that does not have timestamp but just date

How do we index a data file which is an aggregated data for a given day. The data does not contain timestamp. Splunk ...

by Path Finder in

SNMP Polling natively supported?

Does Splunk supports SNMP Polling natively or the only way to achieve this is by a third party app? If it is suppo...

by Communicator in

Duplicate labels causing conflict when importing Data from CSV for Dropdown Menu

Hello, I am attempting to import data from a CSV file into a dropdown menu. In the CSV there is duplicate entries ...

by New Member in

How to filter Windows Security Event Logs Output?

Hello, I understand this question had been ask before in varies variations, but I am a newbie and I’m trying to filte...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Newbie soure type question (SLF4J)

Is it possible to use a deployed app on a UF to add local configuration files for a separate app?

INPUTS.CONF

Help with extracting and filtering header preambles

Monitor Active Directory With Linux Indexer

Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class?

Indexer stops receiving data from forwarders

Remote installtion of U FWDs on Windows - Specify the deployment server

Time formatting from a single field

Indexing distributed data - distributed indexes or Forward?

How to troubleshoot why 1 indexer in a Splunk indexer cluster crashed and won't restart with a "Bad Decrypt" error?

How do I extract syslog code to carry out a lookup and create new indexed fields for syslog facility and severity?

Can you query the REST API with a non-local account?

Can forwarder read first few lines, then split logs into different indexes?

troubleshooting filtering at Heavy Forwarder with Props.conf / Transform.conf

Timestamp parsing Failing !!! pls help

Anyone bringing NetScout data into Splunk?

So can you use INDEXED_EXTRACTIONS = w3c with something other than the sourcetype of iis?

How to filter out certain events from checkpoint data?

データ入力にて指定したパスの "/" が "%2F"と表示される

batch stanza in inputs.conf with nullQueue not processing

Indexing of data that does not have timestamp but just date

SNMP Polling natively supported?

Duplicate labels causing conflict when importing Data from CSV for Dropdown Menu

How to filter Windows Security Event Logs Output?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions