Getting Data In

Thread Info

What is the recommended architecture for a Windows universal forwarder to an indexer cluster?

What's the recommended best practice to architect a Windows universal forwarder to an indexer cluster? Is it better t...

by Explorer in

Filter portions of multi-line logs using a Heavy Forwarder

Hello Experts, I had posted the same question couple of days ago and had to re-post because of the formatting issues....

by Motivator in

How to monitor file changes in Splunk?

Hi guys, I need to monitor file changes in Splunk. I have a file that is updated constantly, and I need to know wh...

by Communicator in

Is it possible to extract multiple timestamps from individual lines at search time and then use the time picker on them?

I have a log file that's made up of timestamped log messages, so there's a _time for the file, but then multiple time...

by Communicator in

How do I write a search for devices not reporting to Splunk?

I need to get a report on devices that are not reporting to SPLUNK. When I try with: | metadata type=hosts | rena...

by New Member in

source type identification in props.conf

Given this in the props.conf on my indexer: [source://c:\Documents and Settings\*\AppData\Roaming\Ipswitch\WS_FTP\...

by Communicator in

AD user groups

I am looking to monitor specific AD user groups and want to create a search that alerts me to when the members of the...

by New Member in

Is it possible to use multisite indexer clustering for a one-time move of indexed data from one site to another?

Hello. Our site does not currently use or have a particular need for indexer clustering. We are, however, about to sh...

by Builder in

Pega 7 with Splunk Integration

I want to know if we can integrate Pega 7 with Splunk? If yes kindly brief how to do it..

by New Member in

save search results as CSV with specific name

Hi, Is it possible to save search results with specific name and save that csv in my own directory means I want to...

by Communicator in

How to avoid duplicate log files from universal forwarder caused by customers compressing and exporting logs files on the device every 15 min?

Hi, We have splunk UF installed on devices to send log files to another forwarder, which sends the logs to indexer...

by Influencer in

Configuration for Identify & Index events with future date

Hi Splunker's, Events coming for future dates, how to identify the future events and index them. Thanks,

by Explorer in

Can I filter on MV field with 6.0+ UF?

Hello all! In regards to the Windows Event Log filtering in the newer 6.0+ forwarders. I'm looking for some help o...

by Path Finder in

How to set up file monitoring for this folder structure?

Hi, I want to setup the file monitoring for all the files starting with "mq-" or "secs-" or "err-" in below directory...

by New Member in

How to configure '.out' files in inputs.conf?

Till now in our environment we have monitored only the log files which are in '.log' format in the Universal Forwarde...

by Builder in

What's the best way to filter this sample entry to nullQueue?

Can filters be set up to accomplish this? Scenario: 4 servers (server001.domain, server002.domain, server003.do...

by Path Finder in

Parsing XML and props.conf help

Let me first preface this by saying that I am a total Splunk newbie and this is very similar to a lot of XML parsing ...

by New Member in

Why am I getting an SSL Unknown Protocol Error trying to receive data from a universal forwarder on my indexer?

I'm getting the following error when trying to receive data from a universal forwarder on my indexer: (log from in...

by Path Finder in

Why is latest data in monitored paths in my Windows folders not getting indexed?

I am monitoring certain paths in my Windows folders.. I have already done the following: Put crcSalt on my inputs.con...

by Contributor in

Issue with deployment app creation

To create a deployment app I create a directory under the deployment-apps using the mkdir command say "def". Under th...

by Explorer in

Why do some logs stop forwarding while others continue ?

In our environment, our application logs all go to a single log folder divided by application. Ex... /scratch/c...

by New Member in

Why is my installation script running Splunk as root instead of the new "splunk" user I created?

Hi everyone, I created a script to install the splunkforwarder on the clients. The script is called on the main i...

by Communicator in

How can I parse bacticks/grave accents (`) in syslog?

Hi, I have a log that separate using Grave Accent 3`0`1`1`1dk3ad`1020`20140301`10:53:37`1`17`140219185904`172....

by New Member in

Will our current configuration work for monitoring our application logs and changing the sourcetype?

Hello Splunk Guru, In our environment, we have many Universal forwarders, few indexers and couple of search heads....

by Engager in

Summary indexes and multiple time zones

In an environment that provides reporting across many different time zones, should summary searches run under a user ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

What is the recommended architecture for a Windows universal forwarder to an indexer cluster?

Filter portions of multi-line logs using a Heavy Forwarder

How to monitor file changes in Splunk?

Is it possible to extract multiple timestamps from individual lines at search time and then use the time picker on them?

How do I write a search for devices not reporting to Splunk?

source type identification in props.conf

AD user groups

Is it possible to use multisite indexer clustering for a one-time move of indexed data from one site to another?

Pega 7 with Splunk Integration

save search results as CSV with specific name

How to avoid duplicate log files from universal forwarder caused by customers compressing and exporting logs files on the device every 15 min?

Configuration for Identify & Index events with future date

Can I filter on MV field with 6.0+ UF?

How to set up file monitoring for this folder structure?

How to configure '.out' files in inputs.conf?

What's the best way to filter this sample entry to nullQueue?

Parsing XML and props.conf help

Why am I getting an SSL Unknown Protocol Error trying to receive data from a universal forwarder on my indexer?

Why is latest data in monitored paths in my Windows folders not getting indexed?

Issue with deployment app creation

Why do some logs stop forwarding while others continue ?

Why is my installation script running Splunk as root instead of the new "splunk" user I created?

How can I parse bacticks/grave accents (`) in syslog?

Will our current configuration work for monitoring our application logs and changing the sourcetype?

Summary indexes and multiple time zones

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions