Getting Data In

Thread Info

Can I get the Replication Factor and Search Factor status through command line or REST api?

I want to know if its possible to get the current status of replicaton factor and search factor of an index cluster? ...

by Explorer in

How to edit my configuration to recognize the timestamp in CSV data?

Hi Splunkers, I have a structure data on .csv that contains the follows fields: 2014/10/01-07:16:31,0.121,1.1,S,0...

by Communicator in

Why is only the first log file indexed, not the entire directory of SSRS logs being monitored?

I am indexing SSRS logs. The path to the logs is: C:\Program Files\MSRS12.MSSQLSERVER\Reporting Services\LogFiles. Th...

by Path Finder in

Need help filtering at the indexer

We have a service account that populates /var/log/messages on many systems with 3 lines of text every 5 minutes. I'd ...

by Path Finder in

Can I index select events but store all raw events in Splunk?

I have a high volume log file that I need to ingest with Splunk. I'd like to store the entire compressed log file wit...

by Builder in

Regarding requirement when splunk free license

Q1, I know it is indexed MAX 500MB per 1 day when using splunk free license. In this case, regargding limit, it indic...

by New Member in

How to get data from two sheets of a single excel file after converting to a CSV file?

Hi All. I am a newbie to splunk. Till yesterday I was importing from only one sheet of excel (excel converted to c...

by Contributor in

data mapping in csv file during splunk search

Hi, I have a csv file, and i don't have access to raw data. csv file is created by some other software. its struct...

by Communicator in

Can we zip CSV files before emailing them?

Can we zip files before sending them as email? For example: | outputcsv Splunk.csv | zip splunk.csv | sendmai...

by Engager in

When does outputcsv create the csv file?

I'd like to know at what time does outputcsv create a csv file? Is it created at the same time you schedule your repo...

by Path Finder in

How to limit the scope of fields.conf stanzas to only apply configurations to data for certain indexes or sourcetypes?

I wanted to auto convert data within these logs: field_a="value1|value2|value3", field_b="value_x|value_y" to multiva...

by Communicator in

Why are Windows event logs not being forwarded after installing a universal forwarder on a Windows 2008 R2 DC?

After installing UF on a Windows 2008R2 DC, only Active Directory logs are being forwarded. Checks were made for Appl...

by New Member in

Warm/Cold to Frozen frequency

Hi I'm trying to be certain I understand the process of moving to Frozen - ie deleted in our case.. I have added som...

by Path Finder in

Specify a timestamp field from indexed RESTful JSON

Hi, I am using the REST Modular Input to query some RESTful services. I am having trouble defining the timestamp f...

by Explorer in

Is it possible to convert binary AIX audit logs and send it to Splunk?

Dear Experts, I am receiving this error: FileClassifierManager - The file '/audit/trail' is invalid. Reason: binar...

by New Member in

What happen when an index is deleted?

Hi I have multiple index. If I delete an index, would the data in it would be erase completely from Splunk?

by Builder in

Specific and non-specific stanzas

I have some input stanzas that look like this: [monitor:///opt/app/master_proc*/logs/*] [monitor:///opt/app/backup...

by Path Finder in

Best practice to ship a file-based lookup in an app, so users can edit it without subsequent app upgrades clobbering those edits.

The Problem: Unlike with conf, I don't think lookups have any default/local layering. So if your app has one or more...

by SplunkTrust in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can I get the Replication Factor and Search Factor status through command line or REST api?

How to edit my configuration to recognize the timestamp in CSV data?

Why is only the first log file indexed, not the entire directory of SSRS logs being monitored?

Need help filtering at the indexer

Can I index select events but store all raw events in Splunk?

Regarding requirement when splunk free license

How to get data from two sheets of a single excel file after converting to a CSV file?

data mapping in csv file during splunk search

Can we zip CSV files before emailing them?

When does outputcsv create the csv file?

How to limit the scope of fields.conf stanzas to only apply configurations to data for certain indexes or sourcetypes?

Why are Windows event logs not being forwarded after installing a universal forwarder on a Windows 2008 R2 DC?

Warm/Cold to Frozen frequency

Specify a timestamp field from indexed RESTful JSON

Is it possible to convert binary AIX audit logs and send it to Splunk?

What happen when an index is deleted?

Specific and non-specific stanzas

Best practice to ship a file-based lookup in an app, so users can edit it without subsequent app upgrades clobbering those edits.

How to set up timezone settings properly

Configuration of props.conf and input.conf

Why is scripted input not forwarding to peers ?

Changing syslog timezone to Eastern Standard time.

Line breaking

How to convert Cisco Call Manager CDR files in telephone bills using Splunk?

Different sourcetypes in a single search

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions