Getting Data In

Thread Info

Forwarder stopped forwarding after restart of server

I am using the VMware Syslog collector to collect the logs from my ESXi hosts and send them to Splunk with the univer...

by New Member in

Get logs again

There is a .html file I got via Splunk 4 months ago. Now I want get it again via Splunk because we only save logs in ...

by Path Finder in

sourcetype is not listing

i have taken a backup of my app and uploaded in another splunk instance(free license). when i am ttrying to add datai...

by Builder in

What are recommendations for our current file monitoring setup?

My setup looks like this: syslog collector with UF -> HF -> Index cluster File input in a directory on the syslog ...

by Path Finder in

Filter a syslog to only a couple fields, make into a report

Pardon my brand-newness to Splunk, please. I just installed it.  We have a Sourcefire unit that we would like to ...

by New Member in

How do I setup TCP ROUTING when using an intermediate forwarder

I have some sourcetypes that I'd like to go to two indexing destinations. Universal Forwarder: (inputs.conf) [m...

by Contributor in

How to configure a universal forwarder to forward 2 syslogs from 1 IP address to 2 different indexes?

Hi, I have a Linux server and the syslog is functional. Here is UF config (inputs.conf) : [udp://xx.xx.xx.140:514]...

by Path Finder in

How to update only the inputs.conf blacklist stanza on a universal forwarder with a deployment server?

Have a myriad of webservers in a webfarm where I need to blacklist certain eventIDs/Types (from time to time) to pres...

by Explorer in

Is it possible to configure cloning AND autoLB simultaneously?

I have a light forwarder sending data to my indexer. I'm bringing two new Splunk indexers online and want to use auto...

by Champion in

How to re-index the deleted data in splunk.

I indexed some data into splunk by .csv file, but there is some problem with it. So I removed them by "|delete" comma...

by Engager in

How to blacklist or whitelist logs monitored in a Windows directory?

Hi I have to monitor a specific folder in a certain directory For example my path is G:\opdata\my_data\motherfolde...

by Contributor in

What do you look for, and how, to ensure initial log data quality (including field extractions) and ensure it is ongoing?

Hello, So I am pulling together a checklist of things to ensure initial and ongoing log data quality. This is obvi...

by Path Finder in

Can a Search Head be an Indexer as well in a distributed search environment?

I have 2 Splunk Test Servers. I had one as an indexer and one as the search Head. But, we are needing to restore a si...

by Explorer in

How to automatically upload a CSV file I receive daily from my Mac Desktop to Splunk and either refresh the data or add deltas?

I've installed the universal forwarder on my mac now I want to automatically send a csv file from a folder on my Mac ...

by Path Finder in

can i upload a csv file into splunk just for testing purposes on the data?

If i donwload splunk onto my machine, can i upload a csv file into splunk just for testing purposes on the data?

by Motivator in

Can Windows Events and pcap files can be loaded into Splunk

Does anyone know if Splunk can import Microsoft Event files or cap, pacp, pcapng files from programs like Wireshark, ...

by Explorer in

I do not need the seconds field in time but i am unable to separate the time from Date in time chart. Please guide me on this

eventtype=cppm-pass-authentication (cphost=10.200.22.7 OR cphost=10.200.22.8 OR cphost=10.210.22.8 OR cphost=10.210.2...

by Explorer in

Deployed Inputs.conf Doesn't Work but system/local does?

Looking for a little help after fooling around with this for awhile. I have several forwarders on Windows and a Windo...

by Path Finder in

Why are report table columns not rendered properly when exporting to PDF or CSV?

Hello, I have a report in table format that I have created and saved. This has the columns that I find useful with...

by Explorer in

Source Type IIS not identifying fields

I am using Splunk Universal Forwarder to monitor IIS logfiles and send to Splunk Server. All of the fields are gettin...

by Engager in

preserve host name when using a kiwi server to collect logs

We have non-windows devices sending their syslog information to a Kiwi server that is hosted on a windows box. The ki...

by Communicator in

Why am I unable to add a currently running standalone indexer to an indexer cluster using the cluster master?

Having a problem joining an indexer already in use to my cluster. This indexer is currently running as a standalone i...

by Splunk Employee in

how Join two search in one table?

I need to make a search that can list the different IP (On occasions the ip will not be in the previous month but in ...

by Explorer in

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

We already have Splunk deployed, (indexer, w/ light forwarders)... The reason for this question is that we've had ...

by Explorer in

how to get modtime as time stamp for my events using props.conf?

hi I want to get the mod time of my logfile for the event timestamp. how would i put this on the props.conf? t...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Forwarder stopped forwarding after restart of server

Get logs again

sourcetype is not listing

What are recommendations for our current file monitoring setup?

Filter a syslog to only a couple fields, make into a report

How do I setup TCP ROUTING when using an intermediate forwarder

How to configure a universal forwarder to forward 2 syslogs from 1 IP address to 2 different indexes?

How to update only the inputs.conf blacklist stanza on a universal forwarder with a deployment server?

Is it possible to configure cloning AND autoLB simultaneously?

How to re-index the deleted data in splunk.

How to blacklist or whitelist logs monitored in a Windows directory?

What do you look for, and how, to ensure initial log data quality (including field extractions) and ensure it is ongoing?

Can a Search Head be an Indexer as well in a distributed search environment?

How to automatically upload a CSV file I receive daily from my Mac Desktop to Splunk and either refresh the data or add deltas?

can i upload a csv file into splunk just for testing purposes on the data?

Can Windows Events and pcap files can be loaded into Splunk

I do not need the seconds field in time but i am unable to separate the time from Date in time chart. Please guide me on this

Deployed Inputs.conf Doesn't Work but system/local does?

Why are report table columns not rendered properly when exporting to PDF or CSV?

Source Type IIS not identifying fields

preserve host name when using a kiwi server to collect logs

Why am I unable to add a currently running standalone indexer to an indexer cluster using the cluster master?

how Join two search in one table?

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

how to get modtime as time stamp for my events using props.conf?

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

s3 - Multiple directories data to be ingested into...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions