Getting Data In

Thread Info

Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs?

I discovered this quite by accident while testing with a sample of Tomcat logs. If I index them without customizi...

by Motivator in

Getting Error while doing MS Sql connection : Encountered the following error while trying to save: In handler 'databases': Error connecting to database: java.sql.SQLException: Network error IOException: Connection refused: connect

I'm currently getting this error while doing trying to create an MS SQL connection: Encountered the following err...

by Path Finder in

Can I add an Index-Cluster to a Multisite-Index-Cluster

Hello all, I currently have a quite big splunk infrastructure with a multisite cluster (5 sites) each site has tw...

by Path Finder in

How and where do I configure props and transforms to forward a few events into a particular index by host?

Hi, I have 4 forwarders, 4 search heads, and 2 forwarders in my Splunk cluster. Now one of the forwarders is confi...

by Path Finder in

assign sourcetype based upon file name

Hi, Is there a way to dynamically assign sourcetype based upon input filename?

by Champion in

How to configure props.conf for proper line breaking of Syslog data in Splunk?

Our syslog data in Splunk is showing up with at least 1% of the results with incorrect line breaking. We have tried t...

by Explorer in

Is there a bug in Splunk 6 with adding an attribute of an object in data models for a JSON field name containing curly brackets?

I'm trying to create an object and add some auto-extracted attributes. Some field names contain curly braces because ...

by Engager in

How to configure Splunk to ignore a timestamp to count two lines of data as one event?

Here is a sampling of the log data. Lines 1-3 had no issues, but line 4 issues a warning and dumps the problem onto l...

by Communicator in

frozenTimePeriodInSecs and coldToFrozenScript

frozenTimePeriodInSecs….if you set this to seconds and set a frozen path….is this enough to freeze data? Do I always ...

by New Member in

Why is one Microsoft Windows Security event shows up as thousands of events?

Started forwarding two specific IAS Security events to Splunk. My inputs.conf stanza on the Universal Forwarder is be...

by Explorer in

How to exclude duplicate events from beign summary indexed

Hello, i have log comming in, which i use to create summary index, here is the flow: i get some logs location=1...

by New Member in

How to handle a daily changing CSV file and avoid indexing duplicate events/rows?

Hi, I have daily growing CSV file that I want to index. Just importing it every day would end up in a lot a duplic...

by Motivator in

Find time of latest event type without streaming all data from indexer

The time of the latest log record for a specific customer can be retrieved and used as the output from a subsearch wi...

by Explorer in

file size impact continuous monitoring in splunk?

Hi, I have single file where I am writing all my logs and its size reached to 300 MB. I am seeing that some logs t...

by Communicator in

Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer?

As part of some custom requirement we need to forward the same data to two different indexes on same physical indexer...

by Communicator in

How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive?

Hello, I have installed and used the Splunk universal forwarder to successfully forward my data to my local Splunk...

by Path Finder in

Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK?

I get a timeout when trying to connect using my splunk cloud instance URL and port 8089. Is this supported? I want...

by New Member in

Unable to add TCP Data Inputs in Splunk Cloud

Hi, I'm using Splunk Cloud and I'm unable to add a new Data Input. I'm entering all the required fields but when I cl...

by Engager in

How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox?

I'm trying to filter logs with the 'version' word, and send them to the nullQueue. First of all, i'm using the Uni...

by Engager in

Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA?

Hey all, I'm having a really tough time getting my forwarders and indexer to talk over SSL using a non-default CA...

by Explorer in

Unable to delete data from Splunk Cloud trial

Hi, I managed to import the tutorial data twice into my Splunk Cloud sandbox trial (once into the wrong place). So co...

by New Member in

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

Hi, The manager of mine isstarting out a Splunk project and is asking how expensive would it be to install and ope...

by New Member in

Using Splunk modular data inputs for the REST API to ingest Twitter data, how do I delete or filter out non-English events?

I am ingesting a lot of Twitter data for a project, and incidentally, I am ingesting Japanese and Hindi tweets along ...

by Engager in

How can I forward a particular event ID to another host?

I have a scenario where I need to forward a particular event ID to another host. Can I use the universal forwarder fo...

by New Member in

Why is data received from a remote Splunk instance not being collected in the specified index?

Our Splunk instance is currently receiving data from a remote Splunk instance. The remote indexer is sending data (ma...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs?

Getting Error while doing MS Sql connection : Encountered the following error while trying to save: In handler 'databases': Error connecting to database: java.sql.SQLException: Network error IOException: Connection refused: connect

Can I add an Index-Cluster to a Multisite-Index-Cluster

How and where do I configure props and transforms to forward a few events into a particular index by host?

assign sourcetype based upon file name

How to configure props.conf for proper line breaking of Syslog data in Splunk?

Is there a bug in Splunk 6 with adding an attribute of an object in data models for a JSON field name containing curly brackets?

How to configure Splunk to ignore a timestamp to count two lines of data as one event?

frozenTimePeriodInSecs and coldToFrozenScript

Why is one Microsoft Windows Security event shows up as thousands of events?

How to exclude duplicate events from beign summary indexed

How to handle a daily changing CSV file and avoid indexing duplicate events/rows?

Find time of latest event type without streaming all data from indexer

file size impact continuous monitoring in splunk?

Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer?

How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive?

Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK?

Unable to add TCP Data Inputs in Splunk Cloud

How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox?

Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA?

Unable to delete data from Splunk Cloud trial

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

Using Splunk modular data inputs for the REST API to ingest Twitter data, how do I delete or filter out non-English events?

How can I forward a particular event ID to another host?

Why is data received from a remote Splunk instance not being collected in the specified index?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions