Getting Data In

Community Activity

Can we process the timestamp in an event sent to the HTTP event collector? The HTTP event collector supports an optional timestamp: { "time": "1426279439", "host": "localhost", "... by Jeremiah Motivator in Getting Data In 03-07-2016 3 9	3	9
How to configure multiple sourcetypes for a single monitored file? Hi. I have a single very huge file with different formats. So I decided to create 3 different sourcetypes for this ... by KVinodh New Member in Getting Data In 03-07-2016 0 3	0	3
How can i split a json array in mutiple events? Hello Im trying to split a json Array into multiple Events in the props.conf Whats the best way to do this? Here i... by Outek New Member in Getting Data In 03-07-2016 0 5	0	5
How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive? Hello, I am using the Optiv Threat Intel app, but my Splunk install is on a different drive. Found one .py file I h... by bworrellZP Communicator in Getting Data In 03-07-2016 0 2	0	2
Where on a Windows machine should I store logs generated from custom scripts for Splunk Universal Forwarder to forward? Running a log-generating script locally on a Windows machine with a Splunk UF, I am looking for best practices for wh... by landen99 Motivator in Getting Data In 03-07-2016 0 1	0	1
How to monitor multiple source types in same folder BlackBerry servers have many different .txt log files all created in the one folder. I have a universal forwarder ... by ilv2splunk Explorer in Getting Data In 03-07-2016 0 6	0	6
Why do I get "Unable to remove disabled indexes.." when trying to delete an index, but then get "deleted, cannot enable.." when I try to enable it? Hello, I was having a problem with an index created by an app, so I manually created one as a test. I went to delet... by jflaherty Path Finder in Getting Data In 03-07-2016 0 2	0	2
If I POST events to a heavy forwarder using the REST API receivers/simple web service, will the HF be able to parse and forward the data? If I POST events to a Heavy Forwarder using the receivers/simple web service, will the Forwarder then be able to pars... by csmartin New Member in Getting Data In 03-07-2016 0 2	0	2
Field names in lowercase, transforms.conf Hi! I have some different sourcetypes defined by me where I'm extracting some of the fields with stanzas in transfor... by gelica Communicator in Getting Data In 03-07-2016 0 11	0	11
How to troubleshoot why I received an alert saying "indexer is not reachable"? I am pretty new to Splunk. Guess what, the consultant has left and I was supposed to take care of Splunk. I got an al... by charlesguo_2 Engager in Getting Data In 03-06-2016 0 4	0	4
Why are my indexers reporting "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX..."? Anybody find a solution to this? I'm seeing this over lots of indexers! ERROR EAIOutParameters - invalid entry titl... by robf Path Finder in Getting Data In 03-06-2016 2 3	2	3
Syntax to update my scheduled search using REST? I'm trying to update the max_concurrent instances on my scheduled search from the default of 1 to 2. But the REST co... by the_wolverine Champion in Getting Data In 03-04-2016 0 3	0	3
Windows DNS Logs Using splunk 6.0.1 - trying to do some testing with Windows DNS logs to see if can get the data formatted and droppin... by caspertz Engager in Getting Data In 03-04-2016 0 5	0	5
How do I edit my configurations on the universal forwarder to split Windows event logs and SQL logs to different indexes? Hello, Our Windows servers have the universal forwarder installed and it is working just fine. However, we also have... by ryandg Communicator in Getting Data In 03-04-2016 1 4	1	4
Connection between Universial Forwarder and Deployment Server Hi, we are using self-signed certificates in our Splunk environment. In general everything works fine, but at a clos... by pilzi81 Explorer in Getting Data In 03-04-2016 0 3	0	3
How to index a CSV file from a local machine? Hi, I have 2 CSV files which are on the local machine. I would like to add these files and index them. I followed th... by shimikeri_a New Member in Getting Data In 03-04-2016 0 2	0	2
How to resend lost data between two splunk servers? Hi all, consider the following scenario: there are two splunk infrastructures. The first (A) collects data from sever... by marios_kstone Path Finder in Getting Data In 03-04-2016 0 4	0	4
How to configure props.conf and transforms.conf to replace host with FQDN in syslog events? Hello, New Splunk user here. I have a syslog input consuming messages from a bunch of different hosts. Most PTR rec... by _smp_ Builder in Getting Data In 03-04-2016 0 4	0	4
How to calculate port utilization via SNMP for all ports of a host using the delta command? Hello Splunk Community, I'm calculating the port Utilization with this search: sourcetype=snmp host="xyz" Interface... by JanOsterkamp New Member in Getting Data In 03-04-2016 0 1	0	1
How to index and forward all Windows Security events? I can't find anything that quite matches what I am trying to do. We have a security device that can ingest Windows Se... by agarrison Path Finder in Getting Data In 03-04-2016 0 9	0	9
Why isn't my JSON string breaking into events? Hello all! I'm trying to break this huge JSON string into multiple events into Splunk. For some reason, my props.con... by ashnet16 Path Finder in Getting Data In 03-03-2016 1 1	1	1
how to break the json data into events? Hello experts,below is the json data {"actions": [{"date": "2012-05-17 00:00:00", "action": "Read for the first tim... by chaseto Explorer in Getting Data In 03-03-2016 0 12	0	12
How do I measure the time taken to forward data from a universal forwarder to an indexer? Hi, I am using a universal forwarder to forward data to an indexer. How do I measure the time taken to forward the ... by amoldesai Explorer in Getting Data In 03-03-2016 0 3	0	3
Unable to receive events? We unable to receive events on splunk server as i have install the Universal receiver on other machine and configure ... by hamza101 New Member in Getting Data In 03-03-2016 0 2	0	2
How to calculate and troubleshoot indexing volume by _internal index. Hi , How to calculate indexing volume/disk space usage for _internal index /internal DB per day In GB? Any specifi... by thezero Path Finder in Getting Data In 03-03-2016 0 2	0	2

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

Can we process the timestamp in an event sent to the HTTP event collector?

How to configure multiple sourcetypes for a single monitored file?

How can i split a json array in mutiple events?

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Where on a Windows machine should I store logs generated from custom scripts for Splunk Universal Forwarder to forward?

How to monitor multiple source types in same folder

Why do I get "Unable to remove disabled indexes.." when trying to delete an index, but then get "deleted, cannot enable.." when I try to enable it?

If I POST events to a heavy forwarder using the REST API receivers/simple web service, will the HF be able to parse and forward the data?

Field names in lowercase, transforms.conf

How to troubleshoot why I received an alert saying "indexer is not reachable"?

Why are my indexers reporting "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX..."?

Syntax to update my scheduled search using REST?

Windows DNS Logs

How do I edit my configurations on the universal forwarder to split Windows event logs and SQL logs to different indexes?

Connection between Universial Forwarder and Deployment Server

How to index a CSV file from a local machine?

How to resend lost data between two splunk servers?

How to configure props.conf and transforms.conf to replace host with FQDN in syslog events?

How to calculate port utilization via SNMP for all ports of a host using the delta command?

How to index and forward all Windows Security events?

Why isn't my JSON string breaking into events?

how to break the json data into events?

How do I measure the time taken to forward data from a universal forwarder to an indexer?

Unable to receive events?

How to calculate and troubleshoot indexing volume by _internal index.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation