Getting Data In

Thread Info

How do I configure props.conf to break events based on the time prefix '@' character and a timestamp format of '%H:%M:%S.%3N'?

I want configuration so that events are divided on the basis of time prefix @ and timestamp configuration %H:%M:%S.%3...

by New Member in

Is there any app I can use to monitor CPU usage for 1000 Windows hosts that belong to 3 different environments?

I have 1000 hosts belonging to 3 different environments. I need to monitor CPU usage or CPU utilization for all these...

by Path Finder in

Why am I unable to filter a saved search using the Splunk Python SDK?

In the main Splunk interface, I can filter down on a saved search like this: | savedsearch "my_search" | search ti...

by Explorer in

In a Windows forwarder install, I specified a log directory to monitor. Which inputs.conf does that get written in?

During the Windows forwarder install I specified a path to monitor, and it is working, but it isn't in /splunk_home/e...

by New Member in

How to number each line in a multiline event?

Is there a way to take a multiline event: a 1 b 2 c 2 d 4 e 5 c 6 and number each line? 1 a 1 b 2 2 c 2 d 4...

by Motivator in

How to send logs to multiple Windows 2008 R2 servers?

I am EXTREMELY new to Splunk and I need to send my logs to multiple log servers without bringing my Splunk to the gro...

by New Member in

Can a stand-alone indexer forward logs to an indexer cluster without being part of the cluster?

We have a remote location with a small bandwidth connection. We'd like to have an on-site indexer for all the machine...

by New Member in

Why does the splunkd service stop every night on my local Windows PC running Splunk 6.2.2?

I have Splunk Enterprise installed on my local PC. It's running fine, but splunkd service stops every night. It'sset ...

by Explorer in

Where is the option to set the data source for apps?

Hi All, My scenario: I receive log files from a customer which I need to analyze and build reports from it. I was ...

by New Member in

How to configure Splunk DB Connect connection type to dedicated rather than the default shared mode?

Hi all, I am usind the app Splunk DB Connect (version 1.0.8) to connect to a Oracle DB to fetch production data. ...

by New Member in

Splunk DB Connect 1: Why is my inputs.conf configuration not changing the time format of timestamps (ex: 1355293814.207) for data fetched from MS SQL?

In inputs.conf file of local folder, I changed this, but the format is not being applied. index = default output.f...

by Communicator in

Can we filter warning/error messages by role in Splunk 6.2.2?

I saw someone mentioned this is possible from 6.2.2. I want to verify if it's true and if there's any document mentio...

by Communicator in

How to access encrypted credentials (API: storage/passwords) from modular input script

I am writing a modular input Python script, and need to access encrypted credentials. How to do it? If I have a ch...

by Communicator in

How to troubleshoot error "Unable to distribute to peer - because peer has status = Duplicate license. Duplicate license hashes"?

Hello Splunkers, Question for you regarding licensing issues in my distributed 6.2 instance. I moved my corporate ...

by Contributor in

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

I have configured Search Head Clustering in my Distributed Environment which is working Perfectly fine. I need to...

by Communicator in

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

Hi I have a general question. What would happen with the Data already indexed in Splunk if the input file or direc...

by Builder in

IndexScopedSearch deleting bad events?

I'm getting the following error: Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at t...

by Communicator in

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

I'm trying to deploy an app to a Universal Forwarder for reading CSV files, the problem is that none of the settings ...

by Path Finder in

Splunk search for NOT IN

I have two sourcetypes A and B with column names Serial and SN respectively To find where there is like a column n...

by Builder in

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

I'm migrating from using a tcp input to using syslog-ng to write from tcp to disk and then from disk into Splunk. Thi...

by Path Finder in

Line Breaking: Regex not recognized, not breaking using my defined regex

Hi All, I have here log sample which i need to break I already tried LINE_BREAKER and BREAK_ONLY_BEFORE LINE_BR...

by Contributor in

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

I started noticing some duplicate events in my logs recently. As I was curious to know what was happening, I searched...

by Communicator in

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

I'm using tshark to carve out and send specific fields to a txt file, in hopes splunk will index it properly. But not...

by Communicator in

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

As weird of a situation as I think this is, I do believe that is what is going on... I had this stanza in inputs.c...

by Communicator in

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

A Windows 2008R2 Domain Controller in another geographical, and the Security Events are perpetually multiple days beh...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How do I configure props.conf to break events based on the time prefix '@' character and a timestamp format of '%H:%M:%S.%3N'?

Is there any app I can use to monitor CPU usage for 1000 Windows hosts that belong to 3 different environments?

Why am I unable to filter a saved search using the Splunk Python SDK?

In a Windows forwarder install, I specified a log directory to monitor. Which inputs.conf does that get written in?

How to number each line in a multiline event?

How to send logs to multiple Windows 2008 R2 servers?

Can a stand-alone indexer forward logs to an indexer cluster without being part of the cluster?

Why does the splunkd service stop every night on my local Windows PC running Splunk 6.2.2?

Where is the option to set the data source for apps?

How to configure Splunk DB Connect connection type to dedicated rather than the default shared mode?

Splunk DB Connect 1: Why is my inputs.conf configuration not changing the time format of timestamps (ex: 1355293814.207) for data fetched from MS SQL?

Can we filter warning/error messages by role in Splunk 6.2.2?

How to access encrypted credentials (API: storage/passwords) from modular input script

How to troubleshoot error "Unable to distribute to peer - because peer has status = Duplicate license. Duplicate license hashes"?

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

IndexScopedSearch deleting bad events?

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

Splunk search for NOT IN

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

Line Breaking: Regex not recognized, not breaking using my defined regex

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions