Getting Data In

Discussions

Thread Info

Why is one Microsoft Windows Security event shows up as thousands of events?

Started forwarding two specific IAS Security events to Splunk. My inputs.conf stanza on the Universal Forwarder is be...

by Explorer in

How to exclude duplicate events from beign summary indexed

Hello, i have log comming in, which i use to create summary index, here is the flow: i get some logs location=1...

by New Member in

How to handle a daily changing CSV file and avoid indexing duplicate events/rows?

Hi, I have daily growing CSV file that I want to index. Just importing it every day would end up in a lot a duplic...

by Motivator in

Find time of latest event type without streaming all data from indexer

The time of the latest log record for a specific customer can be retrieved and used as the output from a subsearch wi...

by Explorer in

file size impact continuous monitoring in splunk?

Hi, I have single file where I am writing all my logs and its size reached to 300 MB. I am seeing that some logs t...

by Communicator in

Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer?

As part of some custom requirement we need to forward the same data to two different indexes on same physical indexer...

by Communicator in

How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive?

Hello, I have installed and used the Splunk universal forwarder to successfully forward my data to my local Splunk...

by Path Finder in

Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK?

I get a timeout when trying to connect using my splunk cloud instance URL and port 8089. Is this supported? I want...

by New Member in

Unable to add TCP Data Inputs in Splunk Cloud

Hi, I'm using Splunk Cloud and I'm unable to add a new Data Input. I'm entering all the required fields but when I cl...

by Engager in

How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox?

I'm trying to filter logs with the 'version' word, and send them to the nullQueue. First of all, i'm using the Uni...

by Engager in

Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA?

Hey all, I'm having a really tough time getting my forwarders and indexer to talk over SSL using a non-default CA...

by Explorer in

Unable to delete data from Splunk Cloud trial

Hi, I managed to import the tutorial data twice into my Splunk Cloud sandbox trial (once into the wrong place). So co...

by New Member in

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

Hi, The manager of mine isstarting out a Splunk project and is asking how expensive would it be to install and ope...

by New Member in

Using Splunk modular data inputs for the REST API to ingest Twitter data, how do I delete or filter out non-English events?

I am ingesting a lot of Twitter data for a project, and incidentally, I am ingesting Japanese and Hindi tweets along ...

by Engager in

How can I forward a particular event ID to another host?

I have a scenario where I need to forward a particular event ID to another host. Can I use the universal forwarder fo...

by New Member in

Why is data received from a remote Splunk instance not being collected in the specified index?

Our Splunk instance is currently receiving data from a remote Splunk instance. The remote indexer is sending data (ma...

by Path Finder in

Reload transforms.conf, props.conf and lookups

Hi! I have the habit to develope TAs and Splunk Apps right on the Splunk server. You know, 2 screens: Splunk searc...

by Path Finder in

Is it possible to configure two scripted third party authentication types in authentication.conf with precedence so it tries one, then the other?

I'm wondering if I can configure 2 scripted third party authentication types at the same time. I just want to configu...

by Communicator in

Why is the progress bar stuck at 100% when trying to upload a a sample data file?

Hello! I'm new to Splunk. I'm trying to upload a sample data file. After I select the file, pass the input settings, ...

by New Member in

Why is the universal forwarder on the license master server not sending all license_usage.log data to the indexer cluster?

Hi, I have a Universal Forwarder installed on the License Master server to send the License_usage.log to the centr...

by Contributor in

Are there performance implications of using props.conf and transforms.conf to change Index and SourceType?

Hi, I'm new to Splunk and have installed the Enterprise trial on Windows and pointed two Cisco ASA firewalls at it...

by Explorer in

How to search and alert when when my machines with Splunk forwarders restart consecutively within 1 hour?

Hi , I have 10 machines installed with the Splunk forwarder and I need a search to alert and send an email wheneve...

by Path Finder in

Running a vulnerability scan on my CentOS 6 Splunk forwarder, why am I getting "Deprecated SSLv2 and SSLv3 Protocol Detection: port 8089"?

I am running a Centos 6 machine with splunkforwarder-6.2.5 installed. When running a vulnerability scan using OpenVAS...

by Path Finder in

Violent file caching in Splunk 6.2.x

Hi, i've started to use Splunk 6.2.x some days before and experience a really big problems with file caching. T...

by Explorer in

How to define a sourcetype based on a TSV file with a long list of fields?

I have datasets in TSV format where there is no header in the file. I tried to use the wizard to import the data, bas...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is one Microsoft Windows Security event shows up as thousands of events?

How to exclude duplicate events from beign summary indexed

How to handle a daily changing CSV file and avoid indexing duplicate events/rows?

Find time of latest event type without streaming all data from indexer

file size impact continuous monitoring in splunk?

Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer?

How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive?

Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK?

Unable to add TCP Data Inputs in Splunk Cloud

How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox?

Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA?

Unable to delete data from Splunk Cloud trial

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

Using Splunk modular data inputs for the REST API to ingest Twitter data, how do I delete or filter out non-English events?

How can I forward a particular event ID to another host?

Why is data received from a remote Splunk instance not being collected in the specified index?

Reload transforms.conf, props.conf and lookups

Is it possible to configure two scripted third party authentication types in authentication.conf with precedence so it tries one, then the other?

Why is the progress bar stuck at 100% when trying to upload a a sample data file?

Why is the universal forwarder on the license master server not sending all license_usage.log data to the indexer cluster?

Are there performance implications of using props.conf and transforms.conf to change Index and SourceType?

How to search and alert when when my machines with Splunk forwarders restart consecutively within 1 hour?

Running a vulnerability scan on my CentOS 6 Splunk forwarder, why am I getting "Deprecated SSLv2 and SSLv3 Protocol Detection: port 8089"?

Violent file caching in Splunk 6.2.x

How to define a sourcetype based on a TSV file with a long list of fields?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures