Getting Data In

Discussions

Thread Info

Duplicate GUIDS for standalone indexers, how can I safely correct this?

Just noticed I have a duplicate GUID for two standalone, load balanced (via splunk conf, not F5) indexers. Can I just...

by Communicator in

Why does my json event data show duplicate fields?

In my screenshot, you can see my events have duplicate fields. I am trying to figure out why this is occurring. The s...

by Path Finder in

Why is my universal forwarder VM failing to forward data?

I set up a small network using virtualbox and I am now having trouble forwarding data to the host. The laptop I am us...

by Communicator in

How to exclude searching of certain indexers by role?

I have a shared search head used by different groups where those groups have set up their own indexers. They want to ...

by Contributor in

How do I stop forwarding the _audit index?

Hi, I'm trying to stop forwarding _audit index. I put in my outputs.conf the following lines: [tcpout] forwarde...

by Engager in

Extract field from source field then run a lookup - config error?

I want to add a field extracttion to props.conf that will extract a portion of the uri field to create a custom field...

by Path Finder in

Date stamp in directory name

How can I configure splunk to index or accept the datestamp in the name of directories? The events only have time sta...

by Path Finder in

regex/props.conf - How to set properly the entries in .conf files?

Hi, I extracted from the default source field, in search-time, a new field called 'domain': | rex field=source "^(...

by Contributor in

Is it normal behavior for Splunk to block queues and stop forwarding data when one of two remote ports is closed?

Hello, I use a Splunk heavy forwarder and I would like to send inputs to a remote a server. I have two channels...

by Engager in

Group CSV data results by two or more matching values?

I'm indexing a CSV that appears like the following in its raw form: Filenum,string 1,abc 2,defg 2,abc 3,xyz 3,abc ...

by Splunk Employee in

How to search a Multi line windows event

Hi, I'm trying to search a multiline event from a windows server. I need to find out which changes was made with a...

by Contributor in

Extracting domain names (mvindex?)

I get the feeling this is going to be a tough one to solve, but, I'm trying to aggregate results of a search based up...

by Contributor in

TimeFormat Error from a line in nullQueue

The transform works and filters out the the matching line from going into the index but I still get these errors: ...

by Explorer in

Apply a lookup only to events before a certain time

I need to apply a lookup only to events before a certain point in time (the data added by the lookup is now included ...

by Explorer in

Scheduled scans are not load balancing across cluster and crashing the Indexer they get sent to.

I have a cluster of 4 indexers. The search head sends scheduled scans which always end up draining resources on one ...

by Engager in

Query about fill summary index

I've tried to run this.. ./splunk cmd python fill_summary_index.py -app search -name "summary" -et 06/14/2015:08:0...

by Explorer in

After installing and configuring universal forwarders, why can't I see the data in the indexer?

I have a universal forwarder installed in a few servers and I also have added the logs to be monitored for each. I'm ...

by Explorer in

Can I use a REST API command to reschedule the saved searches

How to use POST REST Command in the search to reschedule the saved search scheduled time. for e.g saved search xxx...

by Motivator in

Parse Complex XML Node Name/Value

I have a log file which is written out in XML through Microsoft.Practices.EnterpriseLibrary.ExceptionHandling. I want...

by Engager in

Configure a splunk searchhead so i can query the forwarder

I have a deployment server from where i have a firewall rule that alows me to reach the 8089 management port of all f...

by SplunkTrust in

How to index historical and real-time data from a Cassandra database in Splunk?

Hi, I have a Cassandra database. I want to index historical data as well as real time data that's coming to Cassan...

by Champion in

Is there any restriction on Splunk Free when monitoring from a directory?

Hi! I'm using Splunk Free, specifically the monitor feature from a directory. I put several files in it, but not all ...

by Path Finder in

Syslog Universal Forwarder truncated at 1024 bytes

Hi there, I'm using a Splunk UF to monitor a Windows folder and syslog the events to a remote server where they ar...

by New Member in

How to filter out debug logs except 3 different log types?

Hi All, I have some log data that includes INFO, WARN, ERROR and DEBUG levels. I would like to index INFO, WARN...

by Path Finder in

How do I configure inputs.conf to define sourcetypes for multiple types of log files in the same folder?

Hello, I have a question about indexing multiple types of logs file in same folder. How would go about defining so...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Duplicate GUIDS for standalone indexers, how can I safely correct this?

Why does my json event data show duplicate fields?

Why is my universal forwarder VM failing to forward data?

How to exclude searching of certain indexers by role?

How do I stop forwarding the _audit index?

Extract field from source field then run a lookup - config error?

Date stamp in directory name

regex/props.conf - How to set properly the entries in .conf files?

Is it normal behavior for Splunk to block queues and stop forwarding data when one of two remote ports is closed?

Group CSV data results by two or more matching values?

How to search a Multi line windows event

Extracting domain names (mvindex?)

TimeFormat Error from a line in nullQueue

Apply a lookup only to events before a certain time

Scheduled scans are not load balancing across cluster and crashing the Indexer they get sent to.

Query about fill summary index

After installing and configuring universal forwarders, why can't I see the data in the indexer?

Can I use a REST API command to reschedule the saved searches

Parse Complex XML Node Name/Value

Configure a splunk searchhead so i can query the forwarder

How to index historical and real-time data from a Cassandra database in Splunk?

Is there any restriction on Splunk Free when monitoring from a directory?

Syslog Universal Forwarder truncated at 1024 bytes

How to filter out debug logs except 3 different log types?

How do I configure inputs.conf to define sourcetypes for multiple types of log files in the same folder?

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Automatic Discovery Part 2: Setup and Best Practices

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions