Getting Data In

Community Activity

Which from available Windows event logs is used to track my browsing history? Hi, I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order to... by skender27 Contributor in Getting Data In 04-29-2015 0 4	0	4
What is the general capacity on a Splunk Load Balancer? Hi Gurus! Here is the config first, [ 50 Universal Forwarders : Total 300G of Data ] ==> [2 Load Balancing Forwar... by clyde772 Communicator in Getting Data In 04-29-2015 0 4	0	4
Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI? I have splunk server 6.1.1 installed on Drive D and i upgraded it to 6.2 on windows2008R2. During istallation it did ... by manmah4u Explorer in Getting Data In 04-28-2015 1 3	1	3
Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too? Trying to forward the logs that arrive into the indexer/head into another 3rd party Siem tool. Rather than setting th... by wiredaemon New Member in Getting Data In 04-28-2015 0 3	0	3
What is the proper TIME_FORMAT I should use in props.conf for my sample data? I am trying to create props.conf for a log file which has entries like below, {"timestamp":1429805010594,"message":"... by anoopambli Communicator in Getting Data In 04-28-2015 0 3	0	3
Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file? I have Splunk set to monitor the folder that stores my IIS logs. It is currently working, however, since there is a ... by dglass0215 Path Finder in Getting Data In 04-28-2015 0 2	0	2
I'm trying to rename a sourcetype, by why isn't my configuration working? Hi, I want to rename a sourcetype, but the following isn't working: [log4j] KV_MODE = auto ANNOTATE_PUNCT = false T... by a212830 Champion in Getting Data In 04-28-2015 0 6	0	6
In log file line break not working. i working in sample log file in which some event break line is different i use BREAK_LINE = ([\r\n]+)/d+/./d/./d+* bu... by nitesh218ss Communicator in Getting Data In 04-27-2015 0 2	0	2
How to correlate data from three CSV file sources with joining fields and run a stats count on the final result? Hello Everyone, Here is the scenario. I have three source CSV files with joining fields: file1 field1 = file2 fie... by sandyelrick Explorer in Getting Data In 04-27-2015 0 7	0	7
Disable Delete Capability - Free Edition Is it possible to disable the delete capability from GUI on the free license of Splunk? by mrjester Explorer in Getting Data In 04-27-2015 0 4	0	4
How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows? I'm using splunk enterprise on a local windows based system. I have a file reader configured to watch a directory w... by grantsales Engager in Getting Data In 04-27-2015 0 9	0	9
Why am I seeing timezone differences for sourcetypes on the same host? Indexing log files from a couple of IIS-servers. The events being logged are logged as GMT, whereas the time here in ... by rune_hellem Contributor in Getting Data In 04-27-2015 1 3	1	3
proper way to apply props.conf rules on a modified sourcetype, and other fun stories I tried to setup 2 rules : - one to rename the sourcetype A to B for some events - one to apply a SEDCMD rule to t... by yannK Splunk Employee in Getting Data In 04-27-2015 4 3	4	3
how to change date/time format in .csv email alert? When I schedule the following search and send a report through email, the date/time in the attached .csv file does n... by Jaci Splunk Employee in Getting Data In 04-27-2015 3 4	3	4
If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line? Hi 20140902191418.351 TrxManagerFactory.CreateTrxManager Done 20140902191418.351 TransactionBaseMgr.Init 20140902191... by nitesh218ss Communicator in Getting Data In 04-27-2015 0 12	0	12
Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head? Hello, Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head? F... by daniel333 Builder in Getting Data In 04-27-2015 0 1	0	1
How often does the search head send the knowledge bundles to the indexers? My indexer has /opt/splunk/var/run/searchpeers. How often do searchpeers get updated? I also have an old backup searc... by sarnagar Contributor in Getting Data In 04-26-2015 1 1	1	1
How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1? I have standard UDP logs from PFsense being sent to my Splunk server. However, I can't seem to get the Squid logs to... by stilesak New Member in Getting Data In 04-26-2015 0 4	0	4
Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix? Hello- I want to monitor my printers in our corporate environment which is a Windows print server. I want to get th... by agregory23 New Member in Getting Data In 04-26-2015 0 1	0	1
How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel? We have rest/json/http services and need to make a call from Drill Down Dashboard button click event. Please let me k... by muguniya Explorer in Getting Data In 04-26-2015 0 1	0	1
Who can tell me why the API POST for JSON doc times out - This DOES NOT work: curl -k -u admin:changeme "https://0.0.0.0:8089/services/receivers/simple?source=mysource&index=... by himynamesdave Contributor in Getting Data In 04-26-2015 1 1	1	1
Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing? I am a using a Universal Forwarder on my domain controller to forward security events to a Splunk indexer and would l... by Magnus_001 Explorer in Getting Data In 04-25-2015 0 9	0	9
How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008) I am trying to install Splunk on Winows Server 2008 as a domain user like here:(http://docs.splunk.com/Documentation/... by ostrokonskiy Explorer in Getting Data In 04-25-2015 0 5	0	5
How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder? Can you please tell us how to resolve this error on our Windows universal forwarder, Invalid key in stanza [monitor:... by dhavamanis Builder in Getting Data In 04-24-2015 0 5	0	5
Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed? Hi Everyone, I'm looking to monitor some files locally on the Splunk instance, and I am able to add them as data inp... by ceichhorn Engager in Getting Data In 04-24-2015 0 11	0	11

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

Which from available Windows event logs is used to track my browsing history?

What is the general capacity on a Splunk Load Balancer?

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I'm trying to rename a sourcetype, by why isn't my configuration working?

In log file line break not working.

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Disable Delete Capability - Free Edition

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

Why am I seeing timezone differences for sourcetypes on the same host?

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

how to change date/time format in .csv email alert?

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

How often does the search head send the knowledge bundles to the indexers?

How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1?

Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix?

How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel?

Who can tell me why the API POST for JSON doc times out -

Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing?

How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008)

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed?

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

What's the difference between ingesting TCP as TCP...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation