Getting Data In

Thread Info

DateParserVerbose - what is splunkd.log telling me?

I'm trying to figure out what the number is at the end of the following internal DateParserVerbose log. Sometimes a n...

by Communicator in

An external script saves "host" values in a csv, but names the field after the first result. How do I get the file to name the field "host" to run an inputlookup?

Hello I have an external script that runs and saves the results in a file I called puppet_results.csv in $SPLUNK_H...

by Builder in

We are thinking of using directory recursion to collect logs from various servers, but what's the overhead on the system?

In a large enterprise with thousands of IIS, apache and tomcat servers, with each server having multiple web or app i...

by New Member in

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

I'm running Splunk Enterprise on a Windows 2008 R2 server and I'm looking to index the local security logs for the se...

by Engager in

What is the best way to edit inputs.conf to pull logs from multiple paths into one sourcetype?

I have two sets of logs that I want to be able to ingest into splunk /opt/Model15/log/* /opt/Model17/log/* Wha...

by Communicator in

Why am I getting https error "ssl_error_rx_record_too_long" when logging into my Indexers?

Hi splunkers, I recently found a problem while logging in on one of my splunk instances. Everything is ok with my ...

by Communicator in

Why can't I browse mapped drives under "Add Data" -> "Files and Directories"?

Installed Splunk Light on Windows 2012 R2 Server. Mapped windows 2003 server network drive. Under Add Data -> Files a...

by New Member in

How to edit my search to filter and only return duplicate DHCP MAC addresses?

Hi, I am trying to create a search that will output any duplicate mac address for potential MAC spoofing so far...

by Path Finder in

What does the technical term "indexing on the server" mean?

Does indexing mean forwarding the data?

by Contributor in

How can i append the values of one field to another field?

I have two different fields, but they have the same type of value for eg. "host". So How can I join two fields to hav...

by Communicator in

Why is my Splunk Light instance not showing any forwarders configured as deployment clients?

I have installed Splunk Light on a server and installed the Windows Forwarding agent on a separate server to forward ...

by New Member in

Is it possible to use Splunk as a static data store with a single log entry per line?

We have a process that extracts data from a SQL Server in CSV format. We want the Splunk agent to pick up that dat...

by Engager in

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?

A system that I am watching generates log files and rotates them such that the filenumbers increase, every X rows. Cu...

by Path Finder in

How to configure Splunk to not merge Juniper VPN logs in one event?

I am currently sending my Juniper VPN logs to splunk. Periodically I see multiple log entries from the VPN appear as ...

by Path Finder in

Installed Splunk Enterprise on Windows 7, but why am I not able to log in with the default credentials?

by New Member in

When I log into the Splunk indexer and go to the distributed management console, why do I not see the search head instance listed?

I've added the indexer as a peer on the search head and can edit the roles of both the indexer and the search head fr...

by Explorer in

Does anyone use Incapsula API to integrate Incapsula security events into Splunk?

I am looking for a way to integrate Incapsula security events into Splunk. The events API response does not appear to...

by Engager in

Make a lot of frozen data searchable

Hi to everyone. I have a lot of frozen data (like 20 gb), and a i need to make it searchable again. How can i do this...

by Communicator in

With splunkd behind a firewall, S3 and sshfs work to access logs, but can a Splunk forwarder collect logs in redis?

Hi. Currently, splunk indexer works behind firewall, and it must stay behind firewall. Now I am using S3 and sshfs...

by New Member in

Is it possible to enable useACK without sending cooked data?

Hi, Is it possible to enable useACK without sending cooked data? If we have two independent splunk worlds, and ...

by Path Finder in

When to add a new index or sourcetype?

Hello  I am wondering, when it is useful or reasonable to create a new index or sourcetype. If I have data t...

by Path Finder in

Why am I getting "Error in PivotCell" using NOT operators to apply a filter with pivots and drop-downs in a dynamic dashboard?

Hi All, I'm looking to create a dynamic dashboard where the search results get updated by way of a Drop-down selec...

by New Member in

How do I configure password protection for a deployment server and secure inputs for universal forwarders on VMs if the IPs change frequently?

Hi, I have Splunk Enterprise hosted on my Domain Controller, but in addition to that, I would like to collect data...

by Engager in

How do I remove Splunk from my Mac?

How do i remove splunk from my mac, including the spunk folder which reappears every time i send it to trash?

by New Member in

Why is my forwarder sending data from monitored files twice just a couple minutes apart?

I just set up a new forwarder on a new Linux server and set it to monitor some files. For some reason, it is sending ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

DateParserVerbose - what is splunkd.log telling me?

An external script saves "host" values in a csv, but names the field after the first result. How do I get the file to name the field "host" to run an inputlookup?

We are thinking of using directory recursion to collect logs from various servers, but what's the overhead on the system?

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

What is the best way to edit inputs.conf to pull logs from multiple paths into one sourcetype?

Why am I getting https error "ssl_error_rx_record_too_long" when logging into my Indexers?

Why can't I browse mapped drives under "Add Data" -> "Files and Directories"?

How to edit my search to filter and only return duplicate DHCP MAC addresses?

What does the technical term "indexing on the server" mean?

How can i append the values of one field to another field?

Why is my Splunk Light instance not showing any forwarders configured as deployment clients?

Is it possible to use Splunk as a static data store with a single log entry per line?

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?

How to configure Splunk to not merge Juniper VPN logs in one event?

Installed Splunk Enterprise on Windows 7, but why am I not able to log in with the default credentials?

When I log into the Splunk indexer and go to the distributed management console, why do I not see the search head instance listed?

Does anyone use Incapsula API to integrate Incapsula security events into Splunk?

Make a lot of frozen data searchable

With splunkd behind a firewall, S3 and sshfs work to access logs, but can a Splunk forwarder collect logs in redis?

Is it possible to enable useACK without sending cooked data?

When to add a new index or sourcetype?

Why am I getting "Error in PivotCell" using NOT operators to apply a filter with pivots and drop-downs in a dynamic dashboard?

How do I configure password protection for a deployment server and secure inputs for universal forwarders on VMs if the IPs change frequently?

How do I remove Splunk from my Mac?

Why is my forwarder sending data from monitored files twice just a couple minutes apart?

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions