Getting Data In

Thread Info

Indexers SSL Error on 127.0.0.1 (localhost)

04-30-2015 09:05:03.570 -0700 ERROR TcpInputProc - Error encountered for connection from src=127.0.0.1:35742. error:1...

by Builder in

How do I add the year dynamically to an event with a timestamp that doesn't have one?

I have a timestamp that needs to be fixed. It doesn't have a year in the timestamp. Example Apr 30 16:40:08. How do I...

by Explorer in

Why Cluster Peer (Indexer) takes a long time to start splunkweb when Cluster Master is down?

Why Cluster Peer (Indexer) takes long time to start splunkweb when Cluster Master is down In my test environment,...

by Splunk Employee in

What are the inputs available on SplunkCloud

I had a SplunkStorm project, and I was sending data directly with 5 different inputs. Upload small file on the web...

by Communicator in

Events in a single file are not getting evenly distributed to multiple indexers

I have a light weight forwarder pointing two indexers . I get a batch data everyday in a single file . The file size ...

by Path Finder in

Is there a REST API to get info in Splunk Web Access Controls » Authentication method » LDAP strategies » LDAP Groups ?

Hi, Is there a REST API to get info in Splunk Web Access controls » Authentication method » LDAP strategies » LDA...

by Builder in

Questions about Splunk Queues.

Why do they become blocked? How are they related to each other? What is the hierarchy? What does it mean for a queue ...

by Splunk Employee in

Replacing "\\" with SEDCMD

I have some log data in CEF format that is using "\\" for Windows directory paths, so they look like: c:\\directo...

by Builder in

How do I edit my inputs.conf to blacklist Windows event logs with Eventcode 7036 on my Splunk 6.1.3 universal forwarder?

Hi, I'm trying to use blacklist on the Universal Forwarder to prevent unwanted events from being sent and indexed....

by New Member in

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

I'm running the free version of Splunk 6.2.2. When I attempt to delete records by sending them to Delete, I get a mes...

by Contributor in

After updating a new license key, why is the indexing volume used not showing the correct result?

Hi Team, i have changed my license key from 40GB to 65GB, but this search: index = __internal metrics kb group=...

by Explorer in

How do I get multiple sourcetypes from one source?

I have one file that I need to pull two sourcetypes from. Here are the details: i created two independent inputs.c...

by Path Finder in

Dynamic list of Hostname

I have 2 types of log files I want to fetch dynamic list of hostnames(host) with index name Log file1: index,sour...

by Explorer in

How does a forwarder protect against the loss of inflight detail?

Hi To frame the question, here's a cut and paste from the the Splunk manual: If all goes well, the indexer...

by Explorer in

Why are log sent to Splunk in GMT displayed in the future?

Several devices that only support sending logs out stamped with GMT and splunk displays them in the future. Placed...

by Splunk Employee in

Timestamp preview different than timestamp in search

Hello All, Simply put, I can successfully detect the timestamp of an event while in preview mode During Preview (n...

by Explorer in

Why is my configuration not extracting CSV at index-time?

Hi all, I'm trying to use INDEXED_EXTRACTIONS = CSV but for some reason it's just not working. My input looks as foll...

by Path Finder in

Is there a command to download the Splunk forwarder for Windows server 2003 32bit from the Windows terminal?

Hi everyone, I would like know if there is an existing command to download the forwarder for Windows server 2003 ...

by Communicator in

Which from available Windows event logs is used to track my browsing history?

Hi, I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order ...

by Contributor in

What is the general capacity on a Splunk Load Balancer?

Hi Gurus! Here is the config first, [ 50 Universal Forwarders : Total 300G of Data ] ==> [2 Load Balancing For...

by Communicator in

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

I have splunk server 6.1.1 installed on Drive D and i upgraded it to 6.2 on windows2008R2. During istallation it did ...

by Explorer in

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

Trying to forward the logs that arrive into the indexer/head into another 3rd party Siem tool. Rather than setting th...

by New Member in

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

I am trying to create props.conf for a log file which has entries like below, {"timestamp":1429805010594,"message"...

by Communicator in

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I have Splunk set to monitor the folder that stores my IIS logs. It is currently working, however, since there is a n...

by Path Finder in

I'm trying to rename a sourcetype, by why isn't my configuration working?

Hi, I want to rename a sourcetype, but the following isn't working: [log4j] KV_MODE = auto ANNOTATE_PUNCT = fal...

by Champion in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Indexers SSL Error on 127.0.0.1 (localhost)

How do I add the year dynamically to an event with a timestamp that doesn't have one?

Why Cluster Peer (Indexer) takes a long time to start splunkweb when Cluster Master is down?

What are the inputs available on SplunkCloud

Events in a single file are not getting evenly distributed to multiple indexers

Is there a REST API to get info in Splunk Web Access Controls » Authentication method » LDAP strategies » LDAP Groups ?

Questions about Splunk Queues.

Replacing "\\" with SEDCMD

How do I edit my inputs.conf to blacklist Windows event logs with Eventcode 7036 on my Splunk 6.1.3 universal forwarder?

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

After updating a new license key, why is the indexing volume used not showing the correct result?

How do I get multiple sourcetypes from one source?

Dynamic list of Hostname

How does a forwarder protect against the loss of inflight detail?

Why are log sent to Splunk in GMT displayed in the future?

Timestamp preview different than timestamp in search

Why is my configuration not extracting CSV at index-time?

Is there a command to download the Splunk forwarder for Windows server 2003 32bit from the Windows terminal?

Which from available Windows event logs is used to track my browsing history?

What is the general capacity on a Splunk Load Balancer?

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I'm trying to rename a sourcetype, by why isn't my configuration working?

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

What's New in Splunk Observability - July 2025

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions