Getting Data In

Community Activity

How to search Windows security logs to find unique users (username) who have logged during a give time frame? Hi All and thanks in advance, I am currently using Splunk to grab a server's security logs. I would like to run a se... by steveg126 Engager in Getting Data In 12-15-2015 1 2	1	2
Is there any way to monitor server traffic through Splunk? Any way to monitor the server traffic through Splunk? If so could you please provide me the solution. by kamaleshwar Explorer in Getting Data In 12-15-2015 0 5	0	5
After uploading a new file via Splunk Web, why am I getting "Error: Can't preview source"? Not able to search newly added file. I am adding new file from: setting ->Data Inputes -> New But after uploading ... by splunkCiti New Member in Getting Data In 12-14-2015 0 3	0	3
How to troubleshoot why my Hadoop log file is not getting indexed in Splunk? I have an issue with Hadoop log file which is not getting indexed. All other system files on the same server are inde... by kolan New Member in Getting Data In 12-14-2015 0 1	0	1
Windows DNS Drop line via nullQueue not working I'm trying to drop DNS requests for internal names from our Windows DNS logs. For a guide I am using an answer from t... by JeremyHagan Communicator in Getting Data In 12-14-2015 0 4	0	4
Will an index be allowed to grow beyond max size if frozenTimePeriodInSecs is set, but not met? We're losing data to the frozen directory pre-maturely. We have requirements to keep data searchable for 5 years, bu... by msantich Path Finder in Getting Data In 12-14-2015 0 2	0	2
Why are my props.conf configurations not merging lines into one event in Splunk 5? Hello, I have a problem with merging events: I search in this forum's posts and documentation and tried a lot of co... by secuc2r83 Path Finder in Getting Data In 12-14-2015 0 5	0	5
Our daily log indexing rate suddenly increased. How do I find out which index is collecting these logs? Recently, the ingest rate of logs (GB per day) has tripled on our Splunk server. We are trying to find out what cause... by kcooper Communicator in Getting Data In 12-14-2015 0 3	0	3
Is it possible to write external lookup scripts in Java? Is it possible to write external lookup scripts in Java? If yes, how can it be done? by ranjithfs1 Explorer in Getting Data In 12-14-2015 0 1	0	1
How to redirect logs from a Universal Forwarder to a specific created index, not the main index? Hi, I'm trying to redirect all logs from a folder in a forwarder to "just" a specific index that we created on the ... by gopala New Member in Getting Data In 12-14-2015 0 1	0	1
How to load Java objects into Splunk Hi, We will get huge XML files from our client. I need to parse them and based on the nodes, I need to move the dat... by sdaruna Explorer in Getting Data In 12-14-2015 0 1	0	1
How to specify field names while loading the data using splunk java api I would like to index the data using java api. How could i specify the field names while indexing the data.? by sdaruna Explorer in Getting Data In 12-14-2015 0 5	0	5
Could I install a search head and an indexer on different operating systems? Hello, I have one Splunk instance (Windows) and I would like to add a Linux search head for the indexer. Could I do ... by Afef Communicator in Getting Data In 12-14-2015 1 9	1	9
How to edit props.conf to collect gz.done files from Blue Coat's proxy FTP server? How to edit props.conf to start collecting gz.done files from Blue Coat's proxy FTP server? Reporter change .gz files... by daniel_augustyn Contributor in Getting Data In 12-13-2015 0 17	0	17
What other logs should I be collecting from Domain Controllers besides the WinEventLog stanzas listed here? What other logs should I be collecting from the Domain Controllers except for these ones, or are these all logs that ... by daniel_augustyn Contributor in Getting Data In 12-13-2015 1 3	1	3
anonymize before indexed_extractions Hi, I have a CSV input and want to anonymize data, but with SEDCMD it only works for _raw field. The fields created ... by goelli Communicator in Getting Data In 12-13-2015 0 1	0	1
Why are Blue Coat logs not being forwarded to indexers from FTP servers with my current universal forwarder inputs.conf configuration? I have FTP servers where all the proxies are sending logs. I installed the Universal Forwarder on this server (Window... by daniel_augustyn Contributor in Getting Data In 12-12-2015 0 1	0	1
What happens if a large log file being monitored hasn't fully been forwarded at the time of rotation? If I'm monitoring a very large logfile [monitor:///home/me/logs] whitelist = (myApp)\.log$ /home/me/logs/myApp.log ... by pkeller Contributor in Getting Data In 12-11-2015 0 1	0	1
Is it possible to have your sourcetype be determined at index-time based on host? Title pretty self explanatory. The files that I am indexing are having their host be determined by the directory in w... by cmeyers Explorer in Getting Data In 12-11-2015 0 1	0	1
How to configure the retention policy for an index to delete data that is one hour old? Hi, We have an index, and for every half an hour, it's indexing with 350,000 of events. After every ONE Hour, the p... by SrinivasaC Path Finder in Getting Data In 12-11-2015 0 1	0	1
How to export IPs of all hosts logging to a specific index to a text file, and can we choose where this file is exported to? Hello all - hoping this isn't too difficult. I am looking to export the IP addresses of all hosts logging to a spec... by sdorsey15 New Member in Getting Data In 12-11-2015 0 4	0	4
After upgrading our Windows Splunk forwarder from Splunk 6.1.2 to 6.3.1, why are application and system logs not being sent? Hello I upgraded to a 6.3.1 Splunk forwarder on a Windows 2012 server. Connectivity is fine and Security logs are co... by jhingley New Member in Getting Data In 12-11-2015 0 14	0	14
What are best practices for setting up the retention policy for our indexer buckets? We have about a 3 TB/day ingest rate, spread across about 20 indexes, and we have a 2 to 5 year retention time depend... by adam_reber Path Finder in Getting Data In 12-11-2015 0 1	0	1
Why are events with timestamps being grouped together in one event? We see some events with timestamps clubbed together in one event. Changing the props.conf did not help to resolve the... by athorat Communicator in Getting Data In 12-10-2015 0 2	0	2
Server and Web Browser are in another time zone from display on Citrix Xenapp client and timeline time zone is wrong no matter what the account timezone is set to There is (was?) SPL-46852 If you change the time zone of the current Splunk Web user to be different from the server... by kstailey Engager in Getting Data In 12-10-2015 0 1	0	1

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Getting Data In

How to search Windows security logs to find unique users (username) who have logged during a give time frame?

Is there any way to monitor server traffic through Splunk?

After uploading a new file via Splunk Web, why am I getting "Error: Can't preview source"?

How to troubleshoot why my Hadoop log file is not getting indexed in Splunk?

Windows DNS Drop line via nullQueue not working

Will an index be allowed to grow beyond max size if frozenTimePeriodInSecs is set, but not met?

Why are my props.conf configurations not merging lines into one event in Splunk 5?

Our daily log indexing rate suddenly increased. How do I find out which index is collecting these logs?

Is it possible to write external lookup scripts in Java?

How to redirect logs from a Universal Forwarder to a specific created index, not the main index?

How to load Java objects into Splunk

How to specify field names while loading the data using splunk java api

Could I install a search head and an indexer on different operating systems?

How to edit props.conf to collect gz.done files from Blue Coat's proxy FTP server?

What other logs should I be collecting from Domain Controllers besides the WinEventLog stanzas listed here?

anonymize before indexed_extractions

Why are Blue Coat logs not being forwarded to indexers from FTP servers with my current universal forwarder inputs.conf configuration?

What happens if a large log file being monitored hasn't fully been forwarded at the time of rotation?

Is it possible to have your sourcetype be determined at index-time based on host?

How to configure the retention policy for an index to delete data that is one hour old?

How to export IPs of all hosts logging to a specific index to a text file, and can we choose where this file is exported to?

After upgrading our Windows Splunk forwarder from Splunk 6.1.2 to 6.3.1, why are application and system logs not being sent?

What are best practices for setting up the retention policy for our indexer buckets?

Why are events with timestamps being grouped together in one event?

Server and Web Browser are in another time zone from display on Citrix Xenapp client and timeline time zone is wrong no matter what the account timezone is set to

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation