Getting Data In

Thread Info

Different sourcetypes in a single search

Hi, I have to search for data from two different sourcetypes. There is a common field in both the sourcetypes call...

by Explorer in

We have to get the logs of SNMP from an external party. How do we get those?

We are planning to get the SNMP logs to our Splunk from a third party server (ISP), is there anything we need to do i...

by Path Finder in

Does splunk apps available on splunkbase work with splunk universal forwarders?

Case:- Splunk enterprise server version 6.1 Lets say I have around 100 production servers with Universal forwarder...

by Explorer in

Why site doesn't load trying to access Splunk via proxy with Splunk 6.2 SSO using Windows 2012R2 IIS Server?

I've tried to implement Splunk 6.2 SSO using Windows 2012R2 IIS Server. But when i try to access splunk via proxy the...

by Engager in

Windows Event collection - A really basic question, Doh

Guys, I want to use Splunk for some eval work on Windows 7 prof and server 2008 and 2012. I want to stick strictly to...

by New Member in

Why my windows Server 2008 doesn't send performance ?

Hello, I installed a universal forwarder (6.2.2) on two servers Active directory (windows 2008), I configured inpu...

by Communicator in

SNMP Modular input installation

I installed splunk as root, can anyone help me please. how can i install SNMP modular input? at which directory shoul...

by Path Finder in

what SNMP modular input really does?

i want to use splunk and SNMP to read data from the network switch ...Do i need SNMP modular input?

by Path Finder in

What is the difference between LINE_BREAKER and BREAK_ONLY_BEFORE?

What is the main difference between LINE_BREAKER and BREAK_ONLY_BEFORE and what is the use of these?

by Path Finder in

How can I deploy forwarders prior to Splunk servers (indexer, deployment server)?

For non-technical reasons, I need to plan the deployment of forwarders before the Splunk server infrastructure is in ...

by Motivator in

charset issue

Hi, everybody. I want use splunk to index the data which contain chinese. Firstly, the base data will send to m...

by Communicator in

How to detect a deleted log

I think some of my forwarders may be experiencing cases where logs are being removed before all events have been forw...

by Contributor in

Monitor a directory for new files

Hi, I am trying to monitor a directory. Suppose that there is a directory named test and it contains initially a log ...

by Explorer in

data from csv file and working on that with splunk query

I have a csv file created by splunk search: It contain ip count for last 7 days. it looks like this: _time 192.168...

by Communicator in

Do we need a different inputs.conf file for Linux and Windows?

We have a product that runs on both Windows and Linux. Both platforms can host a Splunk forwarder, and send data to S...

by Explorer in

source type

Where I can get information about sousre type settings(custom)? I want to set the start and end of the log . What do ...

by New Member in

Starting Splunk Enterprise

I just installed splunk enterprise and i cant figure out, maybe the simplest thing! How to start it. I run the instal...

by Engager in

time formating

we have a server that the time time is reporting in with an odd format, 15/May/2015:15:20:38 -0400 how would ...

by Contributor in

Escape backslash in TIME_FORMAT field of props.conf

Hey, I know it is a seriously simple question but I am having a hard time with the below timestamp extraction. ...

by Path Finder in

Web Logs Not Breaking Correctly

I pointed my UF at the web log folder and there are many logs in the folder. Then the UF started reading the *.log...

by Motivator in

How many wild cards (*) can I put in monitoring path?

Hi I have configured the monitor path of inputs.conf. /nfsmount/log/log.d*_vd*hoge*/*/*/aaa_*_bb*-ccc*.log ...

by Motivator in

Splunk App for Windows Infrastructure

How do I email various dashboards on a schedule? For example Failed logon attempts for last 7 days as PDF report ever...

by Engager in

Include or clean incorrect timestamps

I have an application log that primarily has timestamps like the following:- (14.2) 05-12-15 14:28:14 (..... Ho...

by New Member in

Monitoring privileged and non-privileged logs using universal Forwarder on *nix

I would like to know, how security conscious teams configure (like guid, user account to run splunkd as, etc for) Spl...

by Communicator in

How splunk assigns timestamp

I have configured a firewall device (Cisco) to send logs to my splunk indexer .I receive events in the device timezon...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Different sourcetypes in a single search

We have to get the logs of SNMP from an external party. How do we get those?

Does splunk apps available on splunkbase work with splunk universal forwarders?

Why site doesn't load trying to access Splunk via proxy with Splunk 6.2 SSO using Windows 2012R2 IIS Server?

Windows Event collection - A really basic question, Doh

Why my windows Server 2008 doesn't send performance ?

SNMP Modular input installation

what SNMP modular input really does?

What is the difference between LINE_BREAKER and BREAK_ONLY_BEFORE?

How can I deploy forwarders prior to Splunk servers (indexer, deployment server)?

charset issue

How to detect a deleted log

Monitor a directory for new files

data from csv file and working on that with splunk query

Do we need a different inputs.conf file for Linux and Windows?

source type

Starting Splunk Enterprise

time formating

Escape backslash in TIME_FORMAT field of props.conf

Web Logs Not Breaking Correctly

How many wild cards (*) can I put in monitoring path?

Splunk App for Windows Infrastructure

Include or clean incorrect timestamps

Monitoring privileged and non-privileged logs using universal Forwarder on *nix

How splunk assigns timestamp

Splunk ITSI & Correlated Network Visibility

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Index time field extraction problem with space

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions