Getting Data In

Community Activity

How to send lines to the nullQueue before applying line breaking An app of ours spits such a huge volume of data when our Devs increase its debug level to Trace that it essentially r... by splunk_zen Builder in Getting Data In 07-17-2015 0 6	0	6
How do I edit my inputs.conf monitor stanzas with wildcards to only monitor two types of logs? Hi everyone, I have 3 folders called: www1, www2, www3, and I would like to get only 2 types of logs: security.log a... by Federica_92 Communicator in Getting Data In 07-17-2015 0 4	0	4
Is there a way to monitor Splunk knowledge object permissions? I am trying to generate report daily to monitor changes in knowledge objects (changes in permissions/new artifacts cr... by adityapavan18 Contributor in Getting Data In 07-16-2015 0 1	0	1
Comparing a field value with an entire column or CSV I have been searching for how to do this for the longest time and it's rather frustrating that I can't seem to find a... by jarrex Explorer in Getting Data In 07-16-2015 0 4	0	4
Heavy forwarder stops forwarding when tcp syslog mirror destination fails? Hi, I am successfully mirroring a filtered set of events at a heavy forwarder and sending them to a local TCP Syslog ... by brodieg Engager in Getting Data In 07-16-2015 0 2	0	2
Why are new UDP data inputs for multiple hosts initially disabled after creation? Creating new UDP Data Inputs for received syslog data from specific hosts to go to a specific Index. After creating t... by xxyz Explorer in Getting Data In 07-16-2015 0 7	0	7
With IIS logs in GMT and the forwarder, indexer, and search head in UTC, what configuration do I need for a user in BST to search logs real-time? Hi, I have the following setup, Forwarder Server (UTC) Dublin, Edinburgh, Lisbon, London and seems to follow daylig... by DanielFordWA Contributor in Getting Data In 07-16-2015 0 6	0	6
Why am I unable to create a connection between any of my instances trying to set up a distributed search environment? I am trying to create a splunk environment with an Indexer, Search Head, Forwarder and a Deployment Server, however, ... by qazwsxedc994 Explorer in Getting Data In 07-16-2015 0 1	0	1
How to filter out Windows events logs based on words? Hi, I'm trying to filter out specific windows event log that's Id=0  This is the event: ERROR 2015-07-12 13:11:3... by Rotema Path Finder in Getting Data In 07-16-2015 0 9	0	9
How to exclude from monitoring empty files? Hello, Monitor folders have many empty files. These files may be filled in the future. So I can't add them to a blac... by apakhomov Path Finder in Getting Data In 07-15-2015 0 5	0	5
DATETIME_CONFIG = NONE doesn't work I have this stanza in my props.conf [test_test] TZ = US/Eastern SHOULD_LINEMERGE = false MAX_DAYS_HENCE = 5 TRUNCATE ... by hongduan Explorer in Getting Data In 07-15-2015 1 11	1	11
How to upload multiple XML files and have the sourcetype be defined as the name of the file automatically? Hi, I have a folder with 10 XML files and it can be more in the future. My requirement is to upload this file, and t... by ektasiwani Communicator in Getting Data In 07-15-2015 0 5	0	5
How to calculate size of the data for each server(host) ? Hello All, Need to calculate size of the data for each server, but not raw indexed size for over the time period?... by rsathish47 Contributor in Getting Data In 07-15-2015 0 3	0	3
Splunk max size of hot/warm/cold bucket Hi I have index "OS" with 90 gb space of data. To reduce this space I assign Max size (MB) of hot/warm/cold bucket ... by rameshlpatel Communicator in Getting Data In 07-15-2015 0 6	0	6
How to forward data from an indexer to a specific index in another indexer? We are forwarding data from an indexer in a remote data center to our primary indexer with no issues. What I would li... by ebailey Communicator in Getting Data In 07-15-2015 0 1	0	1
How to configure a Heavy Forwarder to override any index name coming from Universal Forwarders? We would like to override ANY index name coming from Universal Forwarders. We would like to do this at our Heavy Forw... by kylerose Explorer in Getting Data In 07-14-2015 0 1	0	1
Get error message: command="darklist", 'URLError' object has no attribute 'code' Hi, Im getting a error message when running the savedsearch "Norse - Download Norse Darklist" after i have provided ... by addproniklas Engager in Getting Data In 07-14-2015 1 3	1	3
Why are we seeing 100% CPU utilization with the Splunk process on Windows using Splunk 6.0.1? Hi , The Splunk server is consuming full 100% CPU utilization, and performance is sluggish. We are not seeing such h... by sumitcha Engager in Getting Data In 07-14-2015 1 3	1	3
The limitation of monitor files in one directory ? I want to know if there is a limitation of monitor files in one directory ? I had monitored a directory which will c... by leo_wang Path Finder in Getting Data In 07-14-2015 0 7	0	7
Configure a Splunk Deployment Manager So far I have an Fowarder feeding data into my Indexer where I have a search head setup to search the indexes. If i w... by qazwsxedc994 Explorer in Getting Data In 07-14-2015 0 1	0	1
Why do I see more hosts than actual configured forwarders under Data Summary on the Splunk server? Will data be collected from these unconfigured hosts? I configured only 3 hosts as forwarders, but in App > Search & Reporting > Data Summary, I found more hosts and some ... by etaga New Member in Getting Data In 07-14-2015 0 1	0	1
Is it possible to configure the inputs.conf ignoreOlderThan setting during the silent CLI installation of a universal forwarder? Hi, I would like to configure ignoreOlderThan = 1d within my default settings within inputs.conf during the silent c... by ncarnevali New Member in Getting Data In 07-13-2015 0 4	0	4
Powershell script triggered from alert is not executing but I can see it triggered in python.log My forehead is sore from banging it on my desk. Please help. I cannot get scripts to run from an alert. The followin... by neiljpeterson Communicator in Getting Data In 07-13-2015 1 4	1	4
how do I edit my props.conf to configure proper line breaking for my sample data? I need help in creating props for the data input. The line should break after Block Output Operation 0. Below is my ... by OMohi Path Finder in Getting Data In 07-13-2015 0 1	0	1
Should I activate Indexer Acknowledgement and Persistent Queuing on all forwarders to prevent data loss when upgrading an indexer cluster? Hello all - hope someone can tell me if the following is a good idea. I have to upgrade an Indexer cluster and searc... by pinVie Path Finder in Getting Data In 07-13-2015 0 2	0	2

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

How to send lines to the nullQueue before applying line breaking

How do I edit my inputs.conf monitor stanzas with wildcards to only monitor two types of logs?

Is there a way to monitor Splunk knowledge object permissions?

Comparing a field value with an entire column or CSV

Heavy forwarder stops forwarding when tcp syslog mirror destination fails?

Why are new UDP data inputs for multiple hosts initially disabled after creation?

With IIS logs in GMT and the forwarder, indexer, and search head in UTC, what configuration do I need for a user in BST to search logs real-time?

Why am I unable to create a connection between any of my instances trying to set up a distributed search environment?

How to filter out Windows events logs based on words?

How to exclude from monitoring empty files?

DATETIME_CONFIG = NONE doesn't work

How to upload multiple XML files and have the sourcetype be defined as the name of the file automatically?

How to calculate size of the data for each server(host) ?

Splunk max size of hot/warm/cold bucket

How to forward data from an indexer to a specific index in another indexer?

How to configure a Heavy Forwarder to override any index name coming from Universal Forwarders?

Get error message: command="darklist", 'URLError' object has no attribute 'code'

Why are we seeing 100% CPU utilization with the Splunk process on Windows using Splunk 6.0.1?

The limitation of monitor files in one directory ?

Configure a Splunk Deployment Manager

Why do I see more hosts than actual configured forwarders under Data Summary on the Splunk server? Will data be collected from these unconfigured hosts?

Is it possible to configure the inputs.conf ignoreOlderThan setting during the silent CLI installation of a universal forwarder?

Powershell script triggered from alert is not executing but I can see it triggered in python.log

how do I edit my props.conf to configure proper line breaking for my sample data?

Should I activate Indexer Acknowledgement and Persistent Queuing on all forwarders to prevent data loss when upgrading an indexer cluster?

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation