Getting Data In

Thread Info

Adjusting data in GMT time zone so that splunk recognizes it

Is there a way to tell Splunk what time zone the data is in so it a query run for ET automatically grabs the records ...

by Path Finder in

How to extract field values from a log record including blanks in the data part?

hi all, we have data records like posLabel=monitoring field posData=51.02 55.56 msg=xxxx where variables' co...

by Explorer in

Universal Forwarder v6.2.3: Where have all the metrics gone?

We used to have reports we used to query to see data volume per sourcetype/index/host. Example. /opt/splunkforward...

by Motivator in

Why am I unable to apply proper parsing on an XML field tag with my current props.conf?

Hi Everyone: I am facing an issue where I am unable to apply proper parsing for an XML tag. I want my event starte...

by Path Finder in

Can I use Splunk to track application usage on a Citrix server?

I want to track how often an application is being used on certain servers.

by New Member in

Is there a limit / best practice to how many data inputs Splunk can monitor?

Hi all, Are there recommended guidelines or best practices on what would be the optimal amount of apps or data inp...

by Path Finder in

Monitor by File Name Only

Hi, I would like to monitor all the web.config files on my machine and then forward the results to a Splunk receiver....

by Path Finder in

How to count number of instances when a forwarder is down?

I have a forwarder that forwards data every 60 seconds. I would like to know the count when the forwarder is down ...

by New Member in

What are different ways of clearing an index automatically on the last day of the month?

We want to clear the index on the last day of the month and load the index with new data on the first of every month....

by Communicator in

How to monitor a folder on an online site for csv files, similar to monitoring a local directory?

My splunk instance is currently monitoring a local file and indexing .csv files as they are added. I need to move thi...

by Engager in

Add CSV file as a source by a script

Hey guys, I'm back with an another question, the goal is to add data (CSV file ) as a source to splunk by a script. W...

by Engager in

How to add data to splunk with custom source and sourceType value

My requirements are to save a csv formatted data into splunk from a custom app. I'm using django bindings. Was not a...

by Explorer in

splunk forwarder 6.2.4 crash

Backtrace: [0x000000391D032625] gsignal + 53 (/lib64/libc.so.6) [0x000000391D033E05] abort + 373 (/lib64/libc.so.6) [...

by Explorer in

Why is our Splunk 6.2.4 forwarder on Linux crashing frequently in our production environment?

Dear, I have this crash with the Splunk forwarder 6.2.4 for Linux x64. The forwarder crashes with frequency in a p...

by Explorer in

What is the recommended architecture for a Windows universal forwarder to an indexer cluster?

What's the recommended best practice to architect a Windows universal forwarder to an indexer cluster? Is it better t...

by Explorer in

Filter portions of multi-line logs using a Heavy Forwarder

Hello Experts, I had posted the same question couple of days ago and had to re-post because of the formatting issues....

by Motivator in

How to monitor file changes in Splunk?

Hi guys, I need to monitor file changes in Splunk. I have a file that is updated constantly, and I need to know wh...

by Communicator in

Is it possible to extract multiple timestamps from individual lines at search time and then use the time picker on them?

I have a log file that's made up of timestamped log messages, so there's a _time for the file, but then multiple time...

by Communicator in

How do I write a search for devices not reporting to Splunk?

I need to get a report on devices that are not reporting to SPLUNK. When I try with: | metadata type=hosts | rena...

by New Member in

source type identification in props.conf

Given this in the props.conf on my indexer: [source://c:\Documents and Settings\*\AppData\Roaming\Ipswitch\WS_FTP\...

by Communicator in

AD user groups

I am looking to monitor specific AD user groups and want to create a search that alerts me to when the members of the...

by New Member in

Is it possible to use multisite indexer clustering for a one-time move of indexed data from one site to another?

Hello. Our site does not currently use or have a particular need for indexer clustering. We are, however, about to sh...

by Builder in

Pega 7 with Splunk Integration

I want to know if we can integrate Pega 7 with Splunk? If yes kindly brief how to do it..

by New Member in

save search results as CSV with specific name

Hi, Is it possible to save search results with specific name and save that csv in my own directory means I want to...

by Communicator in

How to avoid duplicate log files from universal forwarder caused by customers compressing and exporting logs files on the device every 15 min?

Hi, We have splunk UF installed on devices to send log files to another forwarder, which sends the logs to indexer...

by Influencer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Adjusting data in GMT time zone so that splunk recognizes it

How to extract field values from a log record including blanks in the data part?

Universal Forwarder v6.2.3: Where have all the metrics gone?

Why am I unable to apply proper parsing on an XML field tag with my current props.conf?

Can I use Splunk to track application usage on a Citrix server?

Is there a limit / best practice to how many data inputs Splunk can monitor?

Monitor by File Name Only

How to count number of instances when a forwarder is down?

What are different ways of clearing an index automatically on the last day of the month?

How to monitor a folder on an online site for csv files, similar to monitoring a local directory?

Add CSV file as a source by a script

How to add data to splunk with custom source and sourceType value

splunk forwarder 6.2.4 crash

Why is our Splunk 6.2.4 forwarder on Linux crashing frequently in our production environment?

What is the recommended architecture for a Windows universal forwarder to an indexer cluster?

Filter portions of multi-line logs using a Heavy Forwarder

How to monitor file changes in Splunk?

Is it possible to extract multiple timestamps from individual lines at search time and then use the time picker on them?

How do I write a search for devices not reporting to Splunk?

source type identification in props.conf

AD user groups

Is it possible to use multisite indexer clustering for a one-time move of indexed data from one site to another?

Pega 7 with Splunk Integration

save search results as CSV with specific name

How to avoid duplicate log files from universal forwarder caused by customers compressing and exporting logs files on the device every 15 min?

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions