Getting Data In

Ask a Question

Discussions

Thread Info

Why is Splunk assigning the same and wrong timestamp to thousands of indexed events?

Splunk n00b here. Our Splunk system was recently indexing the wrong timestamp. I made some alterations to props.co...

by New Member in

What is the best way to use a universal forwarder to monitor a file that overwrites itself at random periods throughout the day?

Hoping that someone has seen this before and might be able to help. I'm fairly new to SPLUNK and I am attempting t...

by New Member in

How do I disable monitoring on a server for a certain time period without stopping Splunk, but have the option to reenable monitor inputs later?

Hi, I have Splunk forwarder 6.1.x installed on my servers. Splunk monitoring (many alerts) has been set up for the...

by Contributor in

splunk is down after upgrade

hi, i had 2 splunk instance in one VM, when i tried to upgrade one of the version with ports 9000 and 7089, the other...

by Builder in

Date on first line of log - time in event - jump in 5 hours causes splunk to misinterpret timestamp

I'm trying to get logs time stamped correctly in Splunk. The format of the logs is one line per event, each line has ...

by Contributor in

Why are today's events showing as yesterday for certain events?

I have a forwarder configured to pull data from a local server as a generic single line sourcetype. The events in the...

by New Member in

How do I edit my props.conf for proper line breaking when indexing a CSV file with a large amount of quotes and newlines?

I have a csv file that's giving me a headache while trying to index it. It has 100+ columns, several of which are mak...

by Path Finder in

How to clear text input after submitting?

Hi everyone, I have created a drop-down linked with text input. I am able to search by field1, field2, field3. How...

by Explorer in

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Hi All, I have configured Splunk SSO configuration with siteminder for my application. All the siteminder configur...

by Motivator in

Why is my inputlookup search not returning all results from the CSV file?

Hello All, I have a CSV file with a single column, address, with about 1000 IP addresses below. I am attempting t...

by Engager in

Can a single universal forwarder forward data to two different indexers?

Hi I am using a Universal Forwarder, say in Machine A. It has logs at one path, say Log Path1. Now I want this For...

by Builder in

Problem Removing Leading Zeros From IP Address

Splunk is indexing a CSV file that contains an IP address and it looks something like this: "Windows 7","SSHEFFIER...

by Path Finder in

Why does Splunk ask me to restart when I create a new index?

Hi everyone, I don't understand why, but when I create a new index, Splunk needs a restart. Do you have best pr...

by Path Finder in

How to add a new sourcetype to an existing index?

Hi, Sorry if my question is repeated. I have an index with sourcetype as 'firewall' and now I want to add one m...

by Path Finder in

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Hi Splunkers, Kindly suggest any approach/steps for Syslog must Switch to another Splunk Heavy Forwarder autom...

by Contributor in

Monitoring two different paths in inputs.conf, why am I only getting logs from one path, but not the second path?

Hi the following is my inputs.conf [monitor:///opt/jboss/server/*/log/server.log] index = sit_2 sourcetype = log4...

by Builder in

How would I display all hosts with AND without events?

I'm trying to audit an environment based on Window's RDP event codes 21, 22, and 25. I'm able to display the number o...

by Explorer in

Searching events for a specific host, why are we getting results for 2 hosts: one upper case hostname and one lower case?

Hello, In our Splunk Enterprise, we have created a customized indexer. We are trying to get certain events of a sp...

by New Member in

After removing data using the delete command in a search, how do I reindex that data?

Hi, I have one delimited tab log file with a .txt extension. I pushed the data from from that log file to the Splu...

by Communicator in

How to delete indexed data for a particular date?

Hi, I index data on a daily basis. For indexing, I have made a monitoring path in inputs.conf, so once the file is...

by Path Finder in

Can I log in to Splunk Web from credentials entered on an external webpage?

I have a webpage where users enter their username and password to view their profile. I would like to include some co...

by Contributor in

How to dedup a field inside JSON arrays?

Hi guys, I'm working on some formulas to show percentages, right now trying to count % vendors affected by vulnera...

by Communicator in

How to delete event data from an indexer using the REST API?

Hi everyone, I have found similar questions and responses to this type of scenario, but I can’t seem to find a way...

by New Member in

Django bindings, header: appbar has no effect? (Splunk Enterprise 6.1)

I'm starting to experiment Splunk Web Framework. Following some tutorials, trying to tweak things here and there. One...

by Builder in

How to configure stanzas in inputs.conf to monitor two paths with the same folder names, but are case sensitive?

Hi All, I need to configure inputs.conf for the folder path below. Can we do it in one stanza, or do we need creat...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is Splunk assigning the same and wrong timestamp to thousands of indexed events?

What is the best way to use a universal forwarder to monitor a file that overwrites itself at random periods throughout the day?

How do I disable monitoring on a server for a certain time period without stopping Splunk, but have the option to reenable monitor inputs later?

splunk is down after upgrade

Date on first line of log - time in event - jump in 5 hours causes splunk to misinterpret timestamp

Why are today's events showing as yesterday for certain events?

How do I edit my props.conf for proper line breaking when indexing a CSV file with a large amount of quotes and newlines?

How to clear text input after submitting?

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Why is my inputlookup search not returning all results from the CSV file?

Can a single universal forwarder forward data to two different indexers?

Problem Removing Leading Zeros From IP Address

Why does Splunk ask me to restart when I create a new index?

How to add a new sourcetype to an existing index?

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Monitoring two different paths in inputs.conf, why am I only getting logs from one path, but not the second path?

How would I display all hosts with AND without events?

Searching events for a specific host, why are we getting results for 2 hosts: one upper case hostname and one lower case?

After removing data using the delete command in a search, how do I reindex that data?

How to delete indexed data for a particular date?

Can I log in to Splunk Web from credentials entered on an external webpage?

How to dedup a field inside JSON arrays?

How to delete event data from an indexer using the REST API?

Django bindings, header: appbar has no effect? (Splunk Enterprise 6.1)

How to configure stanzas in inputs.conf to monitor two paths with the same folder names, but are case sensitive?

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions