Getting Data In

Discussions

Thread Info

Changed outputs.conf, but why is my Universal Forwarder still sending to the old server, even after a restart?

I've changed the outputs.conf file on my Universal Forwarder to direct to a different server, and restarted the servi...

by Path Finder in

How to monitor the Internet Explorer Process in Splunk?

Hello, For security reasons, I have to monitor processes, especially the IExplore Process. Open connections are im...

by Explorer in

How can i automate indexing of logs to splunk web?

Hi everyone, My everyday process is to upload logs to splunk web and take a report and analyse it. So in this, ...

by Path Finder in

What would cause a blocked queue on an ec2 host and is there any tuning that can solve and prevent this issue?

We have ~50 hosts that are placed on various locations outside our data center. To receive logs from these hosts we h...

by Engager in

Running scripts from indexer to linux forwarder

I am trying to set up searchable scripts however when i am on my indexer and go to add data and select forwarders it ...

by Explorer in

Is it possible to use a Universal Forwarder to write logs directly to HDFS?

Hi, I installed and configured Hunk to read data from HDFS. I'm trying to use Universal Forwarder to write dire...

by New Member in

First time importing of data into Splunk

I am a new user trying Splunk for the first time. I am trying to visualize some csv files so we have trending informa...

by New Member in

How to configure Splunk so I can accurately analyze data captured in the Central European timezone?

Hi there, I have an issue with time zones where my analysis system (Splunk Free) is in the Australian Eastern time...

by Path Finder in

Windows Event Logs and Non Standard Importing

Morning, We run AD in our environment and the Windows server team does not wish to allow for the use of WMI calls ...

by Explorer in

Splunk not forwarding/indexing gzip files

I'm having an issue where I have a directory that contains numerous .gz files and I'm trying to get them into Splunk,...

by Explorer in

nxlog output (json in *.log) and Splunk

Hello, Sysadmins set nxlog syslog to put event logs from windows to external directory. The log format is 'json' w...

by Engager in

Why is the timestamp in Splunk different from the actual time in the indexed Catalina log?

Hello, I'm using Splunk 6.2.3 and have some problems and questions. First of all, I'd like to describe the proble...

by New Member in

How to validate if the time field is within last 7 days

I am trying to specify a search where it looks at the newly extracted field newdatefield and validate if it fall with...

by Engager in

Does anyone have Cisco UCS field extractions and/or dashboards?

We have new Cisco UCS kit and would like to process its syslogs in Splunk. Has anyone already established a set of fi...

by Builder in

How do I convert the CSV field "8:13:29.9299730 PM" to seconds with no date or AM/PM?

I just downloaded 6.2.3 for Windows x64 and want Splunk to have _time = seconds i.e. 8:13:29.9299730 = 29609.9299730 ...

by Path Finder in

what is the splunktcpin queue configure name in server.conf

the queue splunktcpin name is uncleare on the configure. both server.conf [queue=splunktcpin] maxSize = 1600MB ...

by Engager in

How to extract events from simple Scripted Input stdout?

Hello, I'm trying to understand Scripted Inputs concept so I have created simple Scripted Input with Python script: ...

by Engager in

Sourcetype transform visible in field list but returns no results when filtered on?

Howdy folks, The original idea was to split the [snmptrapd] sourcetype now that multiple hosts were sending traps ...

by New Member in

How to configure props.conf to index a log with two or three timestamps?

In myy log, there are two timestamp formats like this: logname=test. msg=[007574][20150602 111413] aaa logname=te...

by Path Finder in

timestamp in file inputs is the wrong format

hi all. I have searched splunk answers and seen various people commenting on timestamp formats, but I can't find e...

by Explorer in

Minimum Disk Space for Splunk 6.x Universal Forwarder - Is it really 5GB?

I think the bare minimum used be about 250MB and I often find UFs are using under 200MB. Seems the the disk requireme...

by Motivator in

How to mirror a summary index without cluster or distributed search?

I have a standalone server (6.1.x) running some scheduled searches to consolidate data from multiple large sources in...

by Path Finder in

IIS sourcetype switching by time

Hello, We're seeing kind of a strange issue with IIS sourcetypes for two IIS servers that are forwarding logs to t...

by Explorer in

Using monitor on a Universal Forwarder

I'm trying to set up my Universal Forwarder to monitor a local folder. The folder path is H:\MonitorTest , and I have...

by Path Finder in

What are the deferences between DB connect and DB connect V2?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Getting Data In

Discussions

Changed outputs.conf, but why is my Universal Forwarder still sending to the old server, even after a restart?

How to monitor the Internet Explorer Process in Splunk?

How can i automate indexing of logs to splunk web?

What would cause a blocked queue on an ec2 host and is there any tuning that can solve and prevent this issue?

Running scripts from indexer to linux forwarder

Is it possible to use a Universal Forwarder to write logs directly to HDFS?

First time importing of data into Splunk

How to configure Splunk so I can accurately analyze data captured in the Central European timezone?

Windows Event Logs and Non Standard Importing

Splunk not forwarding/indexing gzip files

nxlog output (json in *.log) and Splunk

Why is the timestamp in Splunk different from the actual time in the indexed Catalina log?

How to validate if the time field is within last 7 days

Does anyone have Cisco UCS field extractions and/or dashboards?

How do I convert the CSV field "8:13:29.9299730 PM" to seconds with no date or AM/PM?

what is the splunktcpin queue configure name in server.conf

How to extract events from simple Scripted Input stdout?

Sourcetype transform visible in field list but returns no results when filtered on?

How to configure props.conf to index a log with two or three timestamps?

timestamp in file inputs is the wrong format

Minimum Disk Space for Splunk 6.x Universal Forwarder - Is it really 5GB?

How to mirror a summary index without cluster or distributed search?

IIS sourcetype switching by time

Using monitor on a Universal Forwarder

What are the deferences between DB connect and DB connect V2?

Can’t make it to .conf25? Join us online!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Index This | How many sevens are there between 1 and 100?

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!