Getting Data In

Thread Info

Is it possible to write external lookup scripts in Java?

Is it possible to write external lookup scripts in Java? If yes, how can it be done?

by Explorer in

How to redirect logs from a Universal Forwarder to a specific created index, not the main index?

Hi, I'm trying to redirect all logs from a folder in a forwarder to "just" a specific index that we created on th...

by New Member in

How to load Java objects into Splunk

Hi, We will get huge XML files from our client. I need to parse them and based on the nodes, I need to move the d...

by Explorer in

How to specify field names while loading the data using splunk java api

I would like to index the data using java api. How could i specify the field names while indexing the data.?

by Explorer in

Could I install a search head and an indexer on different operating systems?

Hello, I have one Splunk instance (Windows) and I would like to add a Linux search head for the indexer. Could I d...

by Communicator in

How to edit props.conf to collect gz.done files from Blue Coat's proxy FTP server?

How to edit props.conf to start collecting gz.done files from Blue Coat's proxy FTP server? Reporter change .gz files...

by Contributor in

What other logs should I be collecting from Domain Controllers besides the WinEventLog stanzas listed here?

What other logs should I be collecting from the Domain Controllers except for these ones, or are these all logs that ...

by Contributor in

anonymize before indexed_extractions

Hi, I have a CSV input and want to anonymize data, but with SEDCMD it only works for _raw field. The fields create...

by Communicator in

Why are Blue Coat logs not being forwarded to indexers from FTP servers with my current universal forwarder inputs.conf configuration?

I have FTP servers where all the proxies are sending logs. I installed the Universal Forwarder on this server (Window...

by Contributor in

What happens if a large log file being monitored hasn't fully been forwarded at the time of rotation?

If I'm monitoring a very large logfile [monitor:///home/me/logs] whitelist = (myApp)\.log$ /home/me/logs/myApp.lo...

by Contributor in

Is it possible to have your sourcetype be determined at index-time based on host?

Title pretty self explanatory. The files that I am indexing are having their host be determined by the directory in w...

by Explorer in

How to configure the retention policy for an index to delete data that is one hour old?

Hi, We have an index, and for every half an hour, it's indexing with 350,000 of events. After every ONE Hour, the ...

by Path Finder in

How to export IPs of all hosts logging to a specific index to a text file, and can we choose where this file is exported to?

Hello all - hoping this isn't too difficult. I am looking to export the IP addresses of all hosts logging to a sp...

by New Member in

After upgrading our Windows Splunk forwarder from Splunk 6.1.2 to 6.3.1, why are application and system logs not being sent?

Hello I upgraded to a 6.3.1 Splunk forwarder on a Windows 2012 server. Connectivity is fine and Security logs are ...

by New Member in

What are best practices for setting up the retention policy for our indexer buckets?

We have about a 3 TB/day ingest rate, spread across about 20 indexes, and we have a 2 to 5 year retention time depend...

by Path Finder in

Why are events with timestamps being grouped together in one event?

We see some events with timestamps clubbed together in one event. Changing the props.conf did not help to resolve the...

by Communicator in

Server and Web Browser are in another time zone from display on Citrix Xenapp client and timeline time zone is wrong no matter what the account timezone is set to

There is (was?) SPL-46852 If you change the time zone of the current Splunk Web user to be different from the serv...

by Engager in

How do I configure Splunk to prevent 3 separate events from being merged as a single event?

When I search on one of the indexes, I get the data in a single event. It should be three separate events. How can we...

by Communicator in

How to verify IP addresses from 1 index to IPs of another index to resolve hostnames?

Hello I was hoping to find some help regarding a 2 indexes we log in Splunk. We use BlueCoat logs to log all the T...

by New Member in

Is it possible to collect Windows event logs from a NAS server (Public folder) without a universal forwarder?

Dear guys, Is it possible to gather Windows event logs to indexer server by way of NAS Server which were transferr...

by New Member in

Upgrading Splunk on Windows 2008 R2, how can I uninstall the universal forwarder if a control panel option is not available?

Hi, I am trying to upgrade Splunk version on Windows 2008 R2. Can you suggest me any way to uninstall Splunk unive...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is it possible to write external lookup scripts in Java?

How to redirect logs from a Universal Forwarder to a specific created index, not the main index?

How to load Java objects into Splunk

How to specify field names while loading the data using splunk java api

Could I install a search head and an indexer on different operating systems?

How to edit props.conf to collect gz.done files from Blue Coat's proxy FTP server?

What other logs should I be collecting from Domain Controllers besides the WinEventLog stanzas listed here?

anonymize before indexed_extractions

Why are Blue Coat logs not being forwarded to indexers from FTP servers with my current universal forwarder inputs.conf configuration?

What happens if a large log file being monitored hasn't fully been forwarded at the time of rotation?

Is it possible to have your sourcetype be determined at index-time based on host?

How to configure the retention policy for an index to delete data that is one hour old?

How to export IPs of all hosts logging to a specific index to a text file, and can we choose where this file is exported to?

After upgrading our Windows Splunk forwarder from Splunk 6.1.2 to 6.3.1, why are application and system logs not being sent?

What are best practices for setting up the retention policy for our indexer buckets?

Why are events with timestamps being grouped together in one event?

Server and Web Browser are in another time zone from display on Citrix Xenapp client and timeline time zone is wrong no matter what the account timezone is set to

How do I configure Splunk to prevent 3 separate events from being merged as a single event?

How to verify IP addresses from 1 index to IPs of another index to resolve hostnames?

Is it possible to collect Windows event logs from a NAS server (Public folder) without a universal forwarder?

Upgrading Splunk on Windows 2008 R2, how can I uninstall the universal forwarder if a control panel option is not available?

How can I send logs using forwarded to Splunk at the fastest speed possible?

Why are we seeing high memory usage with a Splunk 6.2.3 forwarder installed on a Windows server?

Filter events and use SEDCMD?

How to show a deployed index in Splunk Web on a search head to add data?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions