Getting Data In

Discussions

Thread Info

How to configure BREAK_ONLY_BEFORE to split multiline event ?

Hi Splunkers, I got the following multi-line event. # Time: 150601 17:30:31 # User@Host: sample[sample] @ SAMP...

by Contributor in

Defining timestamp on data from .csv file

I'm trying to index some data input from a .csv file. Is it possible to tell splunk to use a specific column of data ...

by Contributor in

how to specify props.conf for EPOCH timestamp in JSON object

I've events coming in JSON format with first part of the JSON data as EPOCH_START_TIME=8797994058574 ...the events ar...

by Path Finder in

What is the default thruput limit and what queue size increases are recommended for a busy Windows universal forwarder?

What is the default for thruput as it's not specified? [thruput] maxKBps = <integer> If specified and not zero, t...

by Path Finder in

the beginning and end of the event

Hello, i have logs with some event. I want see only my event. How i can remove another information. My event bigins a...

by New Member in

Why do the indexers in my distributed search environment have different numbers of splunkd.exe processes running in the Task Manager?

We have 4 indexers in our environment and on each indexer there are different number of splunkd.exe processes. 1 Inde...

by Communicator in

Collecting data via a python script, later putting it into Splunk

We have some customers which are running into memory issues, and we need to provide them a script to collect several ...

by Explorer in

Does Splunk Support IBM HPEL log ingestion

I need to ingest a hpel log file produce from IBM websphere server. I need to know does splunk support this. Any ...

by Motivator in

Why is Windows universal forwarder always sending performance stats to the main index every 10 seconds?

I am trying to forward the performance stats (CPU, Memory) from Windows Universal forwarder to Splunk Indexer on remo...

by Engager in

How do you monitor a directory in a client server

I'm new to splunk. I am trying to monitor a directory that exists on a different server other than the main splunk se...

by New Member in

Splunk forwarder on windows server 2008R2 won't start

I have a forwarder that was running fine for a couple days but I had to turn it off due to a system resources issue. ...

by New Member in

index=my_index sourcetype=my_sourcetype works, but sourcetype=my_sourcetype does not.

For 2 of my sourcetypes, entering index=my_index sourcetype=my_sourcetype shows all data but if I try to search by so...

by Path Finder in

How to get a log in an index other than main?

We have an application log that is being stored in the main index instead of an index we have called application_name...

by New Member in

How do I start splunkd process (Enterprise and Universal Forwarder) with NICE command on Linux?

As subject, can anyone tell me how to start splunk process with "NICE" command on Linux? (Both splunk enterprise and ...

by New Member in

How do I add a UDP 514 input to collect logs on CentOS?

How do i add a UDP 514 input to collect logs on the splunk server side and i am running splunk as root in the centos

by Path Finder in

$SPLUNK_HOME/etc/local/default use?

I have an app (Cloudpassage) that instructs to put a props.conf file in $SPLUNK_HOME/etc/local/default . I am not fam...

by Path Finder in

how to allow splunk to connect UDP 161 port in Linux?

hi i am working on a splunk project and i am using centos as my operating system, i just need help on how to allow...

by Path Finder in

Possible conflict between the "props.conf" documentation and the "Route and filter data" documentation?

http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/Propsconf TRANSFORMS-<class> = <transform_stanza_name>, <t...

by Influencer in

How do I find the custom sourcetypes I created to use in my app?

Hello, I need help. How do I find sourcetypes that I made? I want to use them in my app. I made some custom sourc...

by New Member in

How to test that Splunk has access to UNC input?

We have Splunk on Windows instance that is used to monitor UNC input like \\server123\share4 This worked well until t...

by Communicator in

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk i...

by Motivator in

A host reported in the metadata doesn't seem to have sent any event. Why?

I'm not really used to splunk so maybe this question is silly but let's see. I'm doing the following search, with ...

by Engager in

mvcombine ignores specified delimiter

My apologies for the duplicated question - I wasn't sure whether I could tag my particular situation re- mvcombine no...

by Path Finder in

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

I have installed Splunk Universal forwarder 6.0.5 in HPUX B.11.11 U 9000/800 box. We are using deployment server (...

by Communicator in

How to correlate multiple CSV files using different columns?

Hi all. I have almost 6 CSV files extracted from a running system where i can't access the backend to install a fo...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure BREAK_ONLY_BEFORE to split multiline event ?

Defining timestamp on data from .csv file

how to specify props.conf for EPOCH timestamp in JSON object

What is the default thruput limit and what queue size increases are recommended for a busy Windows universal forwarder?

the beginning and end of the event

Why do the indexers in my distributed search environment have different numbers of splunkd.exe processes running in the Task Manager?

Collecting data via a python script, later putting it into Splunk

Does Splunk Support IBM HPEL log ingestion

Why is Windows universal forwarder always sending performance stats to the main index every 10 seconds?

How do you monitor a directory in a client server

Splunk forwarder on windows server 2008R2 won't start

index=my_index sourcetype=my_sourcetype works, but sourcetype=my_sourcetype does not.

How to get a log in an index other than main?

How do I start splunkd process (Enterprise and Universal Forwarder) with NICE command on Linux?

How do I add a UDP 514 input to collect logs on CentOS?

$SPLUNK_HOME/etc/local/default use?

how to allow splunk to connect UDP 161 port in Linux?

Possible conflict between the "props.conf" documentation and the "Route and filter data" documentation?

How do I find the custom sourcetypes I created to use in my app?

How to test that Splunk has access to UNC input?

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk

A host reported in the metadata doesn't seem to have sent any event. Why?

mvcombine ignores specified delimiter

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

How to correlate multiple CSV files using different columns?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions