Getting Data In

Community Activity

When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"? I see a lot of documentation for black listing by index name in outputs.conf, but I am a bit confused as to the varia... by sbattista09 Contributor in Getting Data In 02-29-2016 0 5	0	5
How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps? I've read through a number of answers, but none quite gives what I want. I have daily tests that run and my dashboa... by bowesmana SplunkTrust in Getting Data In 02-29-2016 0 4	0	4
Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce? We are using Hunk with MapR. There is a dispatch directory that Hunk uses for the reduce of the map reduce. /mapr/tmp... by splunkIT Splunk Employee in Getting Data In 02-26-2016 0 3	0	3
Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used? I am interested in forwarding syslog and Windows events from a DMZ to Indexers which reside inside our network. We a... by adamblock2 Path Finder in Getting Data In 02-26-2016 0 4	0	4
How do you group field values based upon user, and then filter users that have only one type of value? Each user can have two values of type: movement and check-in. There are some users that only have movement and never... by kellihall New Member in Getting Data In 02-26-2016 0 1	0	1
How to set up an environment with an indexer on one machine and a search head on another? Dears, May I know please if it's possible to have a setup in which I will have only two machines: one of them will a... by ahmedhassanean Explorer in Getting Data In 02-26-2016 0 1	0	1
Missing Netflow from Cisco ASA5505 All, The documentation is scattered in various places and not one place. Help. This should be simple and not ha... by michaelslab New Member in Getting Data In 02-25-2016 0 6	0	6
How to route locally indexed events (from the perspective of an indexer) to another environment? All -- I'm seeking any advice I can get at this point. A little background. I manage two different user communities ... by w531t4 Path Finder in Getting Data In 02-25-2016 0 5	0	5
How to search a list of forwarders and what indexes they are sending data to? How to search a list of forwarders sending data to a single index or multiple indexes? ie: forwarder (A) sending to ... by patrickcope New Member in Getting Data In 02-25-2016 0 1	0	1
Why does fullEvent=true not working in my fschange config in inputs.conf? I need to monitor file changes and I want to know which changes were made. inputs.conf [fschange:///etc/passwd] d... by kalianov Path Finder in Getting Data In 02-25-2016 0 1	0	1
How do I filter data with upper case and lower case sensitive scenarios? Is there a way to restrict this search with upper case and lower case scenarios? index=aap_prod sourcetype="HDP:PROD... by athorat Communicator in Getting Data In 02-25-2016 0 1	0	1
Why does my Splunk indexer keep running out of space with my current indexes.conf? The indexer pauses indexing when free space goes under 5GB on the main partition. This is caused by too many warm buc... by gozulin Communicator in Getting Data In 02-25-2016 0 6	0	6
What is the best practice for configuring a Splunk Forwarder 5.0.3 for custom fields to be appended to the source? Hi all, I'm looking to add some custom fields to the Splunk Forwarder, but am struggling to find the a way of achiev... by JKnightSplunk Engager in Getting Data In 02-25-2016 0 3	0	3
How to remove and prevent error "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on my heavy forwarder? I keep getting the "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on one of my heavy forward... by sbattista09 Contributor in Getting Data In 02-25-2016 0 2	0	2
Is there a way to delete data on an indexer from Splunk Web to free up disk space? Hi , We are about to reach the maximum size of the disk on our Indexer server. Please suggest if there is any way to... by Abilan1 Path Finder in Getting Data In 02-25-2016 0 7	0	7
How to route data to certain indexes based on host, sourcetype, and index? Hi. I have a requirement to route events to index based on the fields host, sourcetype, and index. Field host form... by mahesh_ravji1 Explorer in Getting Data In 02-25-2016 1 5	1	5
How do I set up a Splunk forwarder to monitor and forward log files within a certain path? We are wanting to modify our Splunk forwarders on workstations to look at other log files and I am curious how to go ... by hastrike New Member in Getting Data In 02-25-2016 0 10	0	10
Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)? Hi, Can I enable the SSL for the universal forwarder that will access it through the public ip, but not the forwarde... by arbabnazar New Member in Getting Data In 02-24-2016 0 1	0	1
Why is the monit process sometimes restarting I have Linux servers with Splunk, and the process monit to check my processed. But sometimes I see an issue where mo... by mataharry Communicator in Getting Data In 02-24-2016 2 2	2	2
Total number of indexed volume per day Hi, Currently I have a splunk server receiving logs from few servers. I will like to do a search that is scheduled ... by apro Path Finder in Getting Data In 02-24-2016 0 7	0	7
If an identical input is specified in inputs.conf for multiple apps on a universal forwarder, will this result in duplicate data? If an input is specified identically in the inputs.conf file of multiple apps running on a Universal forwarder, will ... by JdeFalconr Explorer in Getting Data In 02-24-2016 0 2	0	2
How to filter Windows Security events by changing inputs conf I have made the following changes in my inputs.conf. However no luck Could anyone help me with this? [WinEventLog:S... by splunkn Communicator in Getting Data In 02-24-2016 0 5	0	5
How to use inputlookup to filter Hi, I have multiple queries that I use to do daily report on errors in our production Splunk. I would like to filte... by Hung_Nguyen Path Finder in Getting Data In 02-24-2016 0 7	0	7
Does Splunk process events before sending to nullqueue? We have configured a default null queue to discard all events that we don't want to allow to be indexed without autho... by dsmc_adv Path Finder in Getting Data In 02-24-2016 0 3	0	3
What are recommended specs for a virtual host for our multisite sandbox environment? Hi there, I've been tasked with building a Splunk Enterprise 6.3 multisite virtual environment sandbox. The environ... by avisram Path Finder in Getting Data In 02-24-2016 0 3	0	3

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"?

How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps?

Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce?

Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used?

How do you group field values based upon user, and then filter users that have only one type of value?

How to set up an environment with an indexer on one machine and a search head on another?

Missing Netflow from Cisco ASA5505

How to route locally indexed events (from the perspective of an indexer) to another environment?

How to search a list of forwarders and what indexes they are sending data to?

Why does fullEvent=true not working in my fschange config in inputs.conf?

How do I filter data with upper case and lower case sensitive scenarios?

Why does my Splunk indexer keep running out of space with my current indexes.conf?

What is the best practice for configuring a Splunk Forwarder 5.0.3 for custom fields to be appended to the source?

How to remove and prevent error "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on my heavy forwarder?

Is there a way to delete data on an indexer from Splunk Web to free up disk space?

How to route data to certain indexes based on host, sourcetype, and index?

How do I set up a Splunk forwarder to monitor and forward log files within a certain path?

Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)?

Why is the monit process sometimes restarting

Total number of indexed volume per day

If an identical input is specified in inputs.conf for multiple apps on a universal forwarder, will this result in duplicate data?

How to filter Windows Security events by changing inputs conf

How to use inputlookup to filter

Does Splunk process events before sending to nullqueue?

What are recommended specs for a virtual host for our multisite sandbox environment?

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

What's the difference between ingesting TCP as TCP...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation