Getting Data In

Discussions

Thread Info

How to automatically upload CSV files to Splunk monthly?

Hello, I would like to upload automatically CSV files in monthly manner. Data should be normally indexed and go t...

by Path Finder in

I can't find EventCodeDescription from Windows logs

I just loaded Splunk 6.2.3 and am forwarding event log events from my laptop running Windows 7. Everything looks OK e...

by Builder in

Why do my indexers in my indexer clustering environment have a different number of buckets?

I just deployed Splunk in an indexer cluster deployment, and I've noticed that my indexers have a different number of...

by Contributor in

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

Hello Everyone, Actually, I don't know if this question is actually valid to be asked here or not. So, I'm going t...

by Communicator in

How do I integrate Jira and Splunk to monitor Jira logs?

Hello, I have some tools. Let's say in this case I want to use Jira and and use Splunk to monitor its logs. How...

by New Member in

DNSLOOKUP for a Destination Host, only the Source Host is working.

I am apparently doing something wrong with the Destination Host dnslookup, it shows the Source Host instead. Any idea...

by Path Finder in

How to remove information from forwarded data?

Hello everyone, This is my topology: Splunk Forwarder (with local copy of data) -----> Main Splunk The forwa...

by Communicator in

Store an API Key encrypted

I'm trying to create a setup.xml for my app that takes in an API key as an input from the user. I have it working for...

by Builder in

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

Hello fellow Splunkers, this is my first post here! I am trying to configure per-event source type overriding. I h...

by Explorer in

How to create props.conf and transforms.conf to change the fields name of a CEF event

Hi everyone, I'm receiving logs in arcsight format, for example: <131>Oct 8 12:06:49 servename ASM:CEF:0|F5|...

by Communicator in

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Hello guys. I am new to Splunk. Let me introduce my problem. I have installed Splunk Light Free on the server (ba...

by New Member in

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

I have a monitored file input for a .tsv file that gets updated via a SQL query every hour. However, the data is only...

by Explorer in

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

I'm trying to get a list of all files with the path that Splunk is currently monitoring. Google and searches here hav...

by New Member in

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

I am attempting to monitor a file that is fairly large and on a UNC file share. It appears that the file only indexes...

by Communicator in

How do I troubleshoot why indexing performance is slow?

Operating System: Oracle Linux 3.8.13-55.1.5, 64 bit 2 CPUs, total of 40 cores, 128 gb memory, 1 GB network, 6 300 GB...

by Path Finder in

Integrating Splunk data in Talend

Greetings. We have data in Splunk, and related data in Oracle. We are looking to integrate the two using Talend. Has ...

by New Member in

delay forwarder ingesting file

I have a script that creates a file, thoguh the command that is run, has a very long output, and it takes about 20 se...

by Motivator in

How to override host metadata?

Good day everyone! I have my Splunk cluster separated in Forwarders (inside each application server), Indexer (a s...

by New Member in

How to get data into Splunk?

Hello Experts Could some one please let me know the procedure step by step for on boarding data into Splunk? T...

by New Member in

Is it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X indexer / base install?

What is best practice / recommended when deploying universal forwarders relative to the splunk indexers / base instal...

by Explorer in

What deployment-apps subdirectory do I need on a Linux Deployment Server to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

First, if this is a repeat question, I apologize. I tried to ask this question a short time ago, but cannot find it a...

by Builder in

Run indexes on different servers

We are planning to have a Splunk setup where we have: 1 server running a Splunk indexer2 servers per operation fro...

by Path Finder in

How to monitor switch, router... and other Cisco devices using SNMP.

Hi. Using NET-SNMP on Windows to receive and log SNMP traps to a file, and I want Splunk monitor that file. How t...

by Explorer in

What is the proper sourcetype for Symantec Brightmail Gateway 10.X?

Hi I need help finding the Splunk sourcetype for the Symantec Brightmail Gateway 10.X. Syslog or sendmail_syslog i...

by Explorer in

Splunk forwarder on linux: parameter format error after adding monitor

Hi, I have installed splunk forwarder on linux which is having symantec Brightmail Gateway. and i tried to forward th...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to automatically upload CSV files to Splunk monthly?

I can't find EventCodeDescription from Windows logs

Why do my indexers in my indexer clustering environment have a different number of buckets?

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

How do I integrate Jira and Splunk to monitor Jira logs?

DNSLOOKUP for a Destination Host, only the Source Host is working.

How to remove information from forwarded data?

Store an API Key encrypted

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

How to create props.conf and transforms.conf to change the fields name of a CEF event

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

How do I troubleshoot why indexing performance is slow?

Integrating Splunk data in Talend

delay forwarder ingesting file

How to override host metadata?

How to get data into Splunk?

Is it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X indexer / base install?

What deployment-apps subdirectory do I need on a Linux Deployment Server to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

Run indexes on different servers

How to monitor switch, router... and other Cisco devices using SNMP.

What is the proper sourcetype for Symantec Brightmail Gateway 10.X?

Splunk forwarder on linux: parameter format error after adding monitor

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions