Getting Data In

Ask a Question

Discussions

Thread Info

Data Retention - can we copy frozendb to tape?

Is it possible to archive frozendbs to tape and pull that data back for splunk to read at a later date? For exampl...

by Explorer in

TCP Input Ignores Custom Timestamp in JSON

Hello, I have user event logs that I'm trying to ingest over TCP. Every event is a JSON like this: {key1:v1,......

by Engager in

Why does excludeFromUpdate not work in serverclass.conf?

Hi all, I'm managing my apps deployed through forwarder management using git. When running a scheduled "git pull" ...

by Builder in

Discarding events using TRANSFORMS-null

I'm trying to bring in Cisco CDR files for some very basic splunk searches. The standard CDR format has a header row,...

by Path Finder in

Is there a best practice for maintaining replication for a specific index between two independent Splunk installations?

Hi, Is there a best practice way of keeping a set of indexes replicated between two independent Splunk installatio...

by Explorer in

How to manually Index Data in Splunk 6.2.5?

Our production environment just upgraded to 6.2.5 from 6.0.3. The new data inputs seem to be pretty straight forward,...

by Builder in

Why am I getting "Received event for unconfigured/disabled/deleted index='wineventlog'" after installing a Universal forwarder on a Windows Domain Controller?

I've installed a universal forwarder on a Windows Domain Controller and configured on the Splunk server end I enabled...

by Engager in

how to differentiate b/w the source types and integrate them as one.

i am working in a environment which has three (almost similar) source types. i want to know which type of data is goi...

by Path Finder in

Inputs.conf not working for Splunk 6.3.0

Recently we upgraded the Splunk version to 6.3.0 We are trying to filter certain event codes from Security and Sys...

by New Member in

How to configure fschange Windows file monitoring, but exclude a sub-folder using blacklist?

I'm trying to monitor file changes within a specific location on a production server's d:\ drive (d:\filestomonitor),...

by Engager in

Splunk 6.3 Extract Fields Props.conf & transforms.conf not working

I setup a field extraction two ways, neither have worked and have caused Splunk to not function in a manner I think i...

by Path Finder in

Does anyone have experience with getting Bluecoat Packet Shaper or Packeteer data into Splunk?

Does anyone have any experience with Bluecoat Packeteer data and getting it in to Splunk? This isn't something that i...

by Explorer in

Website monitoring not working.

Hi All, I have installed the website monitoring app in my PC (Splunk 6). But I couldn't make it working.Its says "...

by Contributor in

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

Hello, I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer i...

by Communicator in

Why am I unable to forward logs from a Linux machine to Windows using Splunk 6.3?

I am new to Splunk and downloaded Splunk free to several machines, Linux and Windows. All machines are on the same su...

by Path Finder in

How limit my index growth

Hi Splunk Users, I am having an issue with my indexes growing very large and clogging up the space on my disk. ...

by Communicator in

When creating a dashboard to create a list of windows log sources how do you get it to escape the \ characters within the dashboard

When doing this via the search bar index=xxxx | chart count by source, when you select a source in search it automati...

by Explorer in

Is it possible to use Splunk on a Windows machine as a cluster master for Splunk indexers on Linux machines?

Hi. I have an environment with two Splunk indexers running on VMs with Linux OS, and I want to create an indexer ...

by Builder in

Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI?

It would be great if someone can help me get this answer, either in GUI or CLI (through commands). Thank you in advan...

by Path Finder in

How to set the site during Universal Forwarder installation for a Splunk 6.3 multisite indexer cluster?

I am deploying Universal Forwarders by either Puppet or SCCM to multiple hosts. They will be forwarding to a 6.3.0 mu...

by Path Finder in

Duplicate data problem

Hi I have the following configuration in inputs.conf: [monitor:///<directory>] index=results crcSalt = <SOURCE>...

by Builder in

Enabling export to csv button in web framework

Hello, I am looking to enable an export to csv button in web framework (where you can hover over the bottom of a t...

by Communicator in

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

Right now I have Splunk set up on a single Windows server, but have found some apps that require a Linux server to ru...

by Engager in

How can I parse 2 sets of CSVs in one file?

How could I parse this? section1String field1,field2,field3 value1,value2,value3 value1,value2,value3 value1,value...

by Contributor in

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

I just installed a forwarder on a host and trying to connect it to the Enterprise server, but got an error when launc...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Data Retention - can we copy frozendb to tape?

TCP Input Ignores Custom Timestamp in JSON

Why does excludeFromUpdate not work in serverclass.conf?

Discarding events using TRANSFORMS-null

Is there a best practice for maintaining replication for a specific index between two independent Splunk installations?

How to manually Index Data in Splunk 6.2.5?

Why am I getting "Received event for unconfigured/disabled/deleted index='wineventlog'" after installing a Universal forwarder on a Windows Domain Controller?

how to differentiate b/w the source types and integrate them as one.

Inputs.conf not working for Splunk 6.3.0

How to configure fschange Windows file monitoring, but exclude a sub-folder using blacklist?

Splunk 6.3 Extract Fields Props.conf & transforms.conf not working

Does anyone have experience with getting Bluecoat Packet Shaper or Packeteer data into Splunk?

Website monitoring not working.

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

Why am I unable to forward logs from a Linux machine to Windows using Splunk 6.3?

How limit my index growth

When creating a dashboard to create a list of windows log sources how do you get it to escape the \ characters within the dashboard

Is it possible to use Splunk on a Windows machine as a cluster master for Splunk indexers on Linux machines?

Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI?

How to set the site during Universal Forwarder installation for a Splunk 6.3 multisite indexer cluster?

Duplicate data problem

Enabling export to csv button in web framework

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

How can I parse 2 sets of CSVs in one file?

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions