Getting Data In

Ask a Question

Discussions

Thread Info

Where is the option to set the data source for apps?

Hi All, My scenario: I receive log files from a customer which I need to analyze and build reports from it. I was ...

by New Member in

How to configure Splunk DB Connect connection type to dedicated rather than the default shared mode?

Hi all, I am usind the app Splunk DB Connect (version 1.0.8) to connect to a Oracle DB to fetch production data. ...

by New Member in

Splunk DB Connect 1: Why is my inputs.conf configuration not changing the time format of timestamps (ex: 1355293814.207) for data fetched from MS SQL?

In inputs.conf file of local folder, I changed this, but the format is not being applied. index = default output.f...

by Communicator in

Can we filter warning/error messages by role in Splunk 6.2.2?

I saw someone mentioned this is possible from 6.2.2. I want to verify if it's true and if there's any document mentio...

by Communicator in

How to access encrypted credentials (API: storage/passwords) from modular input script

I am writing a modular input Python script, and need to access encrypted credentials. How to do it? If I have a ch...

by Communicator in

How to troubleshoot error "Unable to distribute to peer - because peer has status = Duplicate license. Duplicate license hashes"?

Hello Splunkers, Question for you regarding licensing issues in my distributed 6.2 instance. I moved my corporate ...

by Contributor in

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

I have configured Search Head Clustering in my Distributed Environment which is working Perfectly fine. I need to...

by Communicator in

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

Hi I have a general question. What would happen with the Data already indexed in Splunk if the input file or direc...

by Builder in

IndexScopedSearch deleting bad events?

I'm getting the following error: Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at t...

by Communicator in

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

I'm trying to deploy an app to a Universal Forwarder for reading CSV files, the problem is that none of the settings ...

by Path Finder in

Splunk search for NOT IN

I have two sourcetypes A and B with column names Serial and SN respectively To find where there is like a column n...

by Builder in

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

I'm migrating from using a tcp input to using syslog-ng to write from tcp to disk and then from disk into Splunk. Thi...

by Path Finder in

Line Breaking: Regex not recognized, not breaking using my defined regex

Hi All, I have here log sample which i need to break I already tried LINE_BREAKER and BREAK_ONLY_BEFORE LINE_BR...

by Contributor in

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

I started noticing some duplicate events in my logs recently. As I was curious to know what was happening, I searched...

by Communicator in

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

I'm using tshark to carve out and send specific fields to a txt file, in hopes splunk will index it properly. But not...

by Communicator in

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

As weird of a situation as I think this is, I do believe that is what is going on... I had this stanza in inputs.c...

by Communicator in

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

A Windows 2008R2 Domain Controller in another geographical, and the Security Events are perpetually multiple days beh...

by Splunk Employee in

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

I have ingested JSON data & Splunk has extracted important fields automatically, but I see some mismatch between Key-...

by Builder in

Heavy forwarder as cluster master

Hello splunkers! It is possible to configure heavy forwarder as cluster master? My heavy forvarder forward all da...

by Communicator in

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Hi, We have a requirement to forward logs from clients (Splunk universal Forwarders) to a server using SSL (tls1.2...

by Influencer in

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Hello, I am trying to import data from a MySQL database. While the import works fine, the time field gets popul...

by Path Finder in

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Newbie question - I have an inputs.conf which is configured to monitor multiple folders on a Kiwi syslog server. Ever...

by Path Finder in

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

I have recently started sending logs for my Cisco devices to Splunk. Most of my logs show the IP address of the devic...

by New Member in

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

My end server is not visible in search and i see the below errors in the log. TcpOutputProc - the 'defaultGroup' p...

by New Member in

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

When installing the Splunk 6.1.1 Universal Forwarder on AIX7.1, splunkd seems to require read access on /etc/inittab ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Where is the option to set the data source for apps?

How to configure Splunk DB Connect connection type to dedicated rather than the default shared mode?

Splunk DB Connect 1: Why is my inputs.conf configuration not changing the time format of timestamps (ex: 1355293814.207) for data fetched from MS SQL?

Can we filter warning/error messages by role in Splunk 6.2.2?

How to access encrypted credentials (API: storage/passwords) from modular input script

How to troubleshoot error "Unable to distribute to peer - because peer has status = Duplicate license. Duplicate license hashes"?

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

IndexScopedSearch deleting bad events?

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

Splunk search for NOT IN

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

Line Breaking: Regex not recognized, not breaking using my defined regex

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

Heavy forwarder as cluster master

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions