Getting Data In

Thread Info

Is it possible to simulate a splunk deployment on a single windows or linux machine, using virtual machines?

Hi everyone, I want to do something like a simulation of a deployment on my windows machine. I don't know if it i...

by Builder in

Why do we require splunk forwarder as we can have splunk installed and splunkd service can capture everything ???

In all our servers splunk 6.1.5 has been installed and splunkd service is capturing all the required data.So what is ...

by New Member in

How to write a search to correlate an eventcode from index1 with errors that show up in index2?

So I have a problem and I can't seem to crack it. index=index1 host=server* EventCode=1234 |localize maxpause=1m| ...

by New Member in

Why is the configured timezone in props.conf on the universal forwarder not being applied?

We're using splunk 6.1 so I think we're able to set TZ in the props.conf on the UF. However this doesn't seem to work...

by Explorer in

Monitoring Splunk with Nagios to make sure it's running/forwarding/indexing

I have a few splunk indexers and many forwarders and I'd like to have a nagios monitor that alerts me when something ...

by Communicator in

I need help writing monitor stanza for a particular type of windows log files

hi, I'm having issues getting some windows log files monitored properly. The path is: D:\Program Files\Fid...

by Champion in

How do I filter results based on the "Status" field produced by a saved search?

Hello guys! Sup? Well, I have a saved search which produces a status field based on an average field and a differe...

by Contributor in

Splunk Forwarder Service continually stops

We have 2 Windows Servers (2008 and 2003), the Universal Splunk forwarder continually stops, every few hours. Wher...

by New Member in

How to configure props.conf to identify and convert my sample time format string for sourcetype=nix-all-logs?

Hi there.. I have a big problem with props.conf. I have logs from a server with time format like this.. 0402 22012...

by Explorer in

Inputs layout

Hi, Does anyone know if it's possible to specify a limit on the number of fieldset inputs that a given view displa...

by Path Finder in

Is Splunkd service in windows a forwarder ???How to find out my privileges in splunk(eg.,Admin or user or ....)???

1.Is Splunkd service in windows a splunk forwarder??? 2.How to find out my previlages in splunkweb(https://splunkxxxx...

by New Member in

How to remove or delete duplicate event entries from a file before indexing using inputs.conf, props.conf or a perl script?

Before indexing, how do I delete, remove, or avoid duplicate log files or events coming from a saturated file on the ...

by Observer in

New index not working

I have created a new index and when i search that in search head its not working. inputs.conf [monitor:///apps/...

by Explorer in

Reset splunk forwarder to read a file from a particular offset

Using btprobe with --reset causes the splunk forwarder to re-read the entire file. However i want the forwarder to re...

by Engager in

Transforming 18 digit numbers into 15 digits

I want to transform 18 digit numbers into 15 digit by dropping last 3 digits. Could someone please guide me for that?...

by Builder in

How to delete all indexed data and reindex from all the forwarders in our environment?

We're still building out our Splunk environment (pre-implementation) and have been forwarding data from lots of diffe...

by Path Finder in

Splunk installations in two untrusted Windows domains

Hello, I'm rather new to Splunk, so I haven't yet covered all the documented aspects of it, and have not found anythi...

by Explorer in

Is inputs.conf processed in a linear manner?

Is inputs.conf processed in a linear manner? And once a file falls into a given monitor stanza, does it then stop pro...

by Path Finder in

settings to configure hunk for Hive ORC table

Hi Team, Please help us in configuring hadoop provider/virtual index so that we can map it on hive orc table. we are ...

by Explorer in

Grouping a tab-delimited log file within a log entry.

Currently I'm using a tsv sourcetype and customizing my field names for a log file that is tab-delimited. The problem...

by New Member in

Is there a way to whitelist which forwarded logs are indexed on the indexer based on the host they are from?

i'm looking to monitor logs that are forwarded with the universal forwarder, but i do not want it from all machines. ...

by New Member in

Setup of universal forwarder - documentation mess

Hello, I'm evaluating Splunk and got enterprise trial installed in my PC. I would like to forward events/java log ...

by Explorer in

How to edit my heavy forwarder tcpout configuration to forward a specified index to a clone group of indexers?

Hello all, I have a Heavy Forwarder which forwards some indexes to specified indexers group. Now I would like to f...

by Contributor in

Windows: How to upload multiple files with different sourcetypes?

OS: Windows Hi, I have a bunch of folders with five files, and I want to index just two of them. These two fil...

by Builder in

Logging Splunk enterprise sign ins?

This question has likely been asked, but the language makes it difficult to search for. I'm looking to create a se...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is it possible to simulate a splunk deployment on a single windows or linux machine, using virtual machines?

Why do we require splunk forwarder as we can have splunk installed and splunkd service can capture everything ???

How to write a search to correlate an eventcode from index1 with errors that show up in index2?

Why is the configured timezone in props.conf on the universal forwarder not being applied?

Monitoring Splunk with Nagios to make sure it's running/forwarding/indexing

I need help writing monitor stanza for a particular type of windows log files

How do I filter results based on the "Status" field produced by a saved search?

Splunk Forwarder Service continually stops

How to configure props.conf to identify and convert my sample time format string for sourcetype=nix-all-logs?

Inputs layout

Is Splunkd service in windows a forwarder ???How to find out my privileges in splunk(eg.,Admin or user or ....)???

How to remove or delete duplicate event entries from a file before indexing using inputs.conf, props.conf or a perl script?

New index not working

Reset splunk forwarder to read a file from a particular offset

Transforming 18 digit numbers into 15 digits

How to delete all indexed data and reindex from all the forwarders in our environment?

Splunk installations in two untrusted Windows domains

Is inputs.conf processed in a linear manner?

settings to configure hunk for Hive ORC table

Grouping a tab-delimited log file within a log entry.

Is there a way to whitelist which forwarded logs are indexed on the indexer based on the host they are from?

Setup of universal forwarder - documentation mess

How to edit my heavy forwarder tcpout configuration to forward a specified index to a clone group of indexers?

Windows: How to upload multiple files with different sourcetypes?

Logging Splunk enterprise sign ins?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions