Getting Data In

Thread Info

Where do INDEXED_EXTRACTIONS happen?

I have a Universal Forwarder reading data in a Tab Separated format. I want to apply the INDEXED_EXTRACTIONS = TSV to...

by Path Finder in

Why are my props and transforms.conf not filtering data on the heavy forwarder?

I have a Heavy Forwarder installed which sends the logs to Splunk Cloud. Here's the workflow, please shed some light ...

by Builder in

Why does "add monitor" via CLI not create new sourcetype in Splunk Light?

I have this file in location: /Users/myuser/path/firewall3.log Thu Mar 6 11:33:49 EST 2014 src_ip=1.1.1.1 Thu Mar...

by Explorer in

Transforms and props files on splunk universal forwarder?

we have splunk main and four splunk universal forwarders.I do not have access to physical box of splunk main which wa...

by Path Finder in

Why is splunk indexing two hostnames from one server?

Backstory: I'm running several instances in which they terminate nightly. These instances are automatically re-creat...

by New Member in

Possible explanations for Index not being refreshed automatically?

Hi. I created a new index with along with a fresh install on a Win7 system a few days ago. It should be pointing ...

by Communicator in

Field alias for all indexed data

I am creating some field aliases that I want to apply to multiple sourcetypes. I was hoping to do something like this...

by Path Finder in

No data logged during log rotation. How to configure Splunk to create the new log file and write data to it while compressing the previous day's log file?

Hello, My company uses splunk. Our splunk logs reach size in excess of 50+ GB. At midnight splunk compresses this ...

by New Member in

Why is the monitoring of 350GB of gzip files via a batch job running slow, with the forwarder sending data at only 1MB/s?

I am trying to monitor via a batch job, approx 300 gzip files and each file uncompressed is about 4GB. and it was abo...

by Path Finder in

How to customize the sourcetype in java?

Hi guys I got a trouble on getting data to Splunk by java and I really need your help! I followed the instructions of...

by Communicator in

JSON logs are being indexed in Splunk, but why are fields not parsed automatically unless I use the spath command in a search?

I have some simple, correctly designed, JSON logs being sent to Splunk. However, Splunk is not automatically pars...

by Path Finder in

How do Splunk indexers perform indexing without a parser or connector?

Hi All, Well, I am new to Splunk, but I have been working on other SIEM tools like RSA SA and QRadar. I just start...

by New Member in

サーチ時に表示するタイムゾーンを変更したい

JSTでデータ取込みを行っていますが、異なるタイムゾーンからデータ参照する場合には、それぞれのタイムゾーンの時刻に変換してイベント表示を行いたいです。どのように実現できるでしょうか？

by Explorer in

How to list all indexes that shows Time, Index Name, Size and NumOfEvents for each index?

Hi, I'd like to get a list of all indexes that shows the data in the following format for a given time span such as l...

by Path Finder in

How do I configure props.conf to recognize the proper timestamp for my logs?

Hello, I have an issue where a small percentage of my logs are coming in dated 2011. I tracked it down to a field...

by Builder in

What will happen if I blacklist text files in a folder, but whitelist text files in a subfolder?

Hi, Since I cannot find a way to test this with a large amount of data, I was wondering what will happen if I want...

by New Member in

Why is Splunk log line breaking not working as expected for my multiline events?

Hello I have some multiline events along with normal single line events in a log that is being monitored by Splunk...

by Builder in

How to remove a field from data before indexing?

Hi All; I have an interesting issue. Currently, I have data free flowing into a port on in Splunk, and one of the ...

by Path Finder in

How to turn on WinEventLog:Security logs only for certain Domain Controller(s)

Due to license limitations, I cannot turn on the security logs for all the Windows Domain Controllers, except for som...

by Contributor in

Can we change the cron schedule of a saved search through REST call?

I've tried something like below with no luck. curl -k -u admin:thepassword https://splunk_server:8089/servicesNS/a...

by Influencer in

How do I generate a report listing x sample events for each Windows event code?

I need to generate a report showing X entries for each type of Windows event code I have. The report would look somet...

by New Member in

After upgrading my indexer and search head to Splunk 6.3, why is the search peer reporting a Powershell script exited abnormally

I just updated my Splunk indexer and search head to version 6.3, and now I keep getting this error: Search peer ha...

by Engager in

Why do I get a timeout when trying to package my app?

I've created an app and wanted to package it before shipping it to another splunk instance. From the console, I enter...

by SplunkTrust in

If two cluster peers in an indexer cluster are getting close to capacity, how do we stop replicating buckets to these cluster peers?

We are using Splunk Indexer Clustering and have four Cluster Peers (old) + two Cluster Peers (new) . We are running c...

by Communicator in

What is the best practice for importing SQL data in Splunk Cloud?

Hi everyone, Splunk noob here and I'm trying to import song logging data that I want to correlate with data from a...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Where do INDEXED_EXTRACTIONS happen?

Why are my props and transforms.conf not filtering data on the heavy forwarder?

Why does "add monitor" via CLI not create new sourcetype in Splunk Light?

Transforms and props files on splunk universal forwarder?

Why is splunk indexing two hostnames from one server?

Possible explanations for Index not being refreshed automatically?

Field alias for all indexed data

No data logged during log rotation. How to configure Splunk to create the new log file and write data to it while compressing the previous day's log file?

Why is the monitoring of 350GB of gzip files via a batch job running slow, with the forwarder sending data at only 1MB/s?

How to customize the sourcetype in java?

JSON logs are being indexed in Splunk, but why are fields not parsed automatically unless I use the spath command in a search?

How do Splunk indexers perform indexing without a parser or connector?

サーチ時に表示するタイムゾーンを変更したい

How to list all indexes that shows Time, Index Name, Size and NumOfEvents for each index?

How do I configure props.conf to recognize the proper timestamp for my logs?

What will happen if I blacklist text files in a folder, but whitelist text files in a subfolder?

Why is Splunk log line breaking not working as expected for my multiline events?

How to remove a field from data before indexing?

How to turn on WinEventLog:Security logs only for certain Domain Controller(s)

Can we change the cron schedule of a saved search through REST call?

How do I generate a report listing x sample events for each Windows event code?

After upgrading my indexer and search head to Splunk 6.3, why is the search peer reporting a Powershell script exited abnormally

Why do I get a timeout when trying to package my app?

If two cluster peers in an indexer cluster are getting close to capacity, how do we stop replicating buckets to these cluster peers?

What is the best practice for importing SQL data in Splunk Cloud?

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions