Getting Data In

Community Activity

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer? Hi All, I have configured Splunk SSO configuration with siteminder for my application. All the siteminder configurat... by rakesh_498115 Motivator in Getting Data In 07-27-2015 0 2	0	2
Why is my inputlookup search not returning all results from the CSV file? Hello All, I have a CSV file with a single column, address, with about 1000 IP addresses below. I am attempting to ... by jbradley76 Engager in Getting Data In 07-27-2015 0 3	0	3
Can a single universal forwarder forward data to two different indexers? Hi I am using a Universal Forwarder, say in Machine A. It has logs at one path, say Log Path1. Now I want this Forwa... by pavanae Builder in Getting Data In 07-27-2015 0 4	0	4
Problem Removing Leading Zeros From IP Address Splunk is indexing a CSV file that contains an IP address and it looks something like this: "Windows 7","SSHEFFIER8G... by rbacon Path Finder in Getting Data In 07-27-2015 0 15	0	15
Why does Splunk ask me to restart when I create a new index? Hi everyone, I don't understand why, but when I create a new index, Splunk needs a restart. Do you have best practi... by gibba Path Finder in Getting Data In 07-27-2015 0 2	0	2
How to add a new sourcetype to an existing index? Hi, Sorry if my question is repeated. I have an index with sourcetype as 'firewall' and now I want to add one more ... by shrirangphadke Path Finder in Getting Data In 07-27-2015 0 2	0	2
What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down? Hi Splunkers, Kindly suggest any approach/steps for Syslog must Switch to another Splunk Heavy Forwarder automatic... by neelamssantosh Contributor in Getting Data In 07-25-2015 2 8	2	8
Monitoring two different paths in inputs.conf, why am I only getting logs from one path, but not the second path? Hi the following is my inputs.conf [monitor:///opt/jboss/server/*/log/server.log] index = sit_2 sourcetype = log4j ... by pavanae Builder in Getting Data In 07-24-2015 0 1	0	1
How would I display all hosts with AND without events? I'm trying to audit an environment based on Window's RDP event codes 21, 22, and 25. I'm able to display the number o... by tylergps Explorer in Getting Data In 07-24-2015 0 5	0	5
Searching events for a specific host, why are we getting results for 2 hosts: one upper case hostname and one lower case? Hello, In our Splunk Enterprise, we have created a customized indexer. We are trying to get certain events of a spec... by umang_solanki New Member in Getting Data In 07-24-2015 0 2	0	2
After removing data using the delete command in a search, how do I reindex that data? Hi, I have one delimited tab log file with a .txt extension. I pushed the data from from that log file to the Splunk... by sunnyparmar Communicator in Getting Data In 07-24-2015 0 3	0	3
How to delete indexed data for a particular date? Hi, I index data on a daily basis. For indexing, I have made a monitoring path in inputs.conf, so once the file is i... by sahoo0233 Path Finder in Getting Data In 07-24-2015 0 3	0	3
Can I log in to Splunk Web from credentials entered on an external webpage? I have a webpage where users enter their username and password to view their profile. I would like to include some co... by lquinn Contributor in Getting Data In 07-24-2015 0 1	0	1
How to dedup a field inside JSON arrays? Hi guys, I'm working on some formulas to show percentages, right now trying to count % vendors affected by vulnerabi... by jravida Communicator in Getting Data In 07-23-2015 0 1	0	1
How to delete event data from an indexer using the REST API? Hi everyone, I have found similar questions and responses to this type of scenario, but I can’t seem to find a way t... by juandiaz New Member in Getting Data In 07-23-2015 0 1	0	1
Django bindings, header: appbar has no effect? (Splunk Enterprise 6.1) I'm starting to experiment Splunk Web Framework. Following some tutorials, trying to tweak things here and there. One... by arkadyz1 Builder in Getting Data In 07-23-2015 0 1	0	1
How to configure stanzas in inputs.conf to monitor two paths with the same folder names, but are case sensitive? Hi All, I need to configure inputs.conf for the folder path below. Can we do it in one stanza, or do we need create ... by rsathish47 Contributor in Getting Data In 07-23-2015 0 4	0	4
How do I edit my props.conf to break multiline events? Hello; I found a problem breaking multiline events in Splunk. I need to break events that have this format: Events:... by Rimah Engager in Getting Data In 07-23-2015 0 2	0	2
sourcetype naming scheme What's a good sourcetype naming scheme in a large environment with numerous different applications using several tech... by paranoid Explorer in Getting Data In 07-22-2015 0 2	0	2
Is it possible to receive and forward logs using a Splunk universal forwarder on Linux? Can you please help us? Is it possible to receive and forward logs using a Splunk universal forwarder? Because logs... by dhavamanis Builder in Getting Data In 07-22-2015 0 2	0	2
Why am I receiving these errors on startup of WAS Universal Forwarder upon startup of universal forwarder in a WAS environment, I receive the following (many of them, this is just an exam... by jchilovich New Member in Getting Data In 07-22-2015 0 8	0	8
Is there a way to use kv_mode=json and eliminate one level in spath? Is there a way to use kv_mode=json and remove levels of nesting during indexing or later? Example: we jave some json... by dominiquevocat SplunkTrust in Getting Data In 07-22-2015 0 2	0	2
What path do I use to add new files, images, and fonts to load on a dashboard? Hi , I have custom fonts for my dashboard and added the same in my app in the below path. /opt/splunk/etc/apps/MY_A... by rakesh_498115 Motivator in Getting Data In 07-22-2015 1 2	1	2
Should we run Splunk Enterprise forwarders on Windows or Linux in our distributed search environment? We are rebuilding our distributed search Splunk environment: 1 Deployment Server 1 Dedicated Search Head 1 License S... by brent_weaver Builder in Getting Data In 07-22-2015 0 1	0	1
Can I use SED in configuration files? Hi all, I am fairly new to Splunk and have been working on the following search time field extraction to grab window... by maxdessureault Engager in Getting Data In 07-22-2015 0 6	0	6

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Why is my inputlookup search not returning all results from the CSV file?

Can a single universal forwarder forward data to two different indexers?

Problem Removing Leading Zeros From IP Address

Why does Splunk ask me to restart when I create a new index?

How to add a new sourcetype to an existing index?

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Monitoring two different paths in inputs.conf, why am I only getting logs from one path, but not the second path?

How would I display all hosts with AND without events?

Searching events for a specific host, why are we getting results for 2 hosts: one upper case hostname and one lower case?

After removing data using the delete command in a search, how do I reindex that data?

How to delete indexed data for a particular date?

Can I log in to Splunk Web from credentials entered on an external webpage?

How to dedup a field inside JSON arrays?

How to delete event data from an indexer using the REST API?

Django bindings, header: appbar has no effect? (Splunk Enterprise 6.1)

How to configure stanzas in inputs.conf to monitor two paths with the same folder names, but are case sensitive?

How do I edit my props.conf to break multiline events?

sourcetype naming scheme

Is it possible to receive and forward logs using a Splunk universal forwarder on Linux?

Why am I receiving these errors on startup of WAS Universal Forwarder

Is there a way to use kv_mode=json and eliminate one level in spath?

What path do I use to add new files, images, and fonts to load on a dashboard?

Should we run Splunk Enterprise forwarders on Windows or Linux in our distributed search environment?

Can I use SED in configuration files?

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

What's the difference between ingesting TCP as TCP...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation