Getting Data In

Community Activity

How to handle parsing of CSV files with fields containing commas? My data is parsed into CSV files with default comma delimiters. Many fields contain one or more commas. When I use ... by bb2324oo Engager in Getting Data In 03-05-2015 1 1	1	1
What are the different mechanisms for importing data into Splunk on premise? Hi For Splunk on premise, what are the different mechanisms for data import? 1. Is API layer available? 2. Does C... by tgjmaxx New Member in Getting Data In 03-05-2015 0 4	0	4
Why is my script to override the host name in inputs.conf for a universal forwarder not applying to perfmon sourcetype? We deploy code to Azure Cloud Apps and I have a script to re-write the host portion of the inputs.conf for the univer... by dybevan Explorer in Getting Data In 03-04-2015 0 6	0	6
How to handle a logfile with two timestamps Hi, I have a catalina.out logfile that starts with one timestamp (YYYY-MM-DD HH:MM:SS), and then, after the initiali... by a212830 Champion in Getting Data In 03-04-2015 0 5	0	5
UDP 514 Syslog - Using transform with Cisco IronPort logs Trying to transform syslog data arriving over UDP 514 into either cisco_asa or cisco_wsa_squid. The asa logs work fin... by rroatman New Member in Getting Data In 03-04-2015 0 2	0	2
After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance? On the remote end I see this after installing/configuring Universal Forwarder: ./splunk list forward-server Splunk u... by dougcabell Explorer in Getting Data In 03-04-2015 0 2	0	2
What is the order of precedence when there are conflicting configs (such as timezone) at the sourcetype, host and source level? What is the order of precedence when there is conflicting configurations (such as timezone) at sourcetype, host and s... by anandhim Path Finder in Getting Data In 03-04-2015 0 4	0	4
Local Users on Universal Forwarder and Remote CLI? We are looking to lock down our universal forwarders on Windows servers. Our plan is for all the necessary configs t... by stevepraz Path Finder in Getting Data In 03-04-2015 0 3	0	3
How to troubleshoot why I am receiving no data from my universal forwarder? Okay... Here is my hangup. I've taken some training: -What is Splunk -Searching and Reporting -Building Objects Bu... by gfaggiano New Member in Getting Data In 03-04-2015 0 6	0	6
Nightly install of Universal Forwarder, random regmon crashes We are using Citrix PVS to provision fresh XenApp servers every night, about 60 of them in total. A few dozen applica... by FloydATC Explorer in Getting Data In 03-04-2015 1 10	1	10
Why is my Linux forwarder not sending data to the indexer? Hi, One of my Linux Forwarder not sending data to indexer. Could you please assist me what is wrong in my configurat... by kpavan Path Finder in Getting Data In 03-03-2015 0 4	0	4
Is it possible to run 'splunk list monitor' for a universal forwarder (deployment client) remotely? Hi. I've got some rather complex rules (at least to me) that I'm pushing out to a remote Windows universal forwarder... by mfrost8 Builder in Getting Data In 03-03-2015 0 2	0	2
Is it normal behavior for JSON labels, not just actual key/value data, to be counted against license usage and how to prevent this? Hi friends I have a question. I have an app that formats output as json and sends it to Splunk. Real data of each ev... by albertohontoria Path Finder in Getting Data In 03-03-2015 0 3	0	3
How to remotely install and configure a universal forwarder to point to 1 of 10 intermediate forwarders? Is there a way to remotely install universal forwarders using a command line push that would allow multiple intermedi... by glasscoj Engager in Getting Data In 03-02-2015 0 1	0	1
What is port 8089 for and can I disable it? For PC compliance safety, I tried to disable port 8089 by modifying server.conf, but I could not log in to the web po... by ginger8990 Explorer in Getting Data In 03-02-2015 0 1	0	1
Why are the timestamps for events indexed in Splunk behind by 5 hours compared to the original logs? Splunk is not showing the correct time that logs are coming in. They are behind by five hours. The time on the server... by sbattista09 Contributor in Getting Data In 03-02-2015 1 5	1	5
Hunk - assigning sourcetype I create two virtual indexes within Hunk that reads from two separate HDFS directory. One is for Cisco ASA logs, and ... by jwalzerpitt Influencer in Getting Data In 03-02-2015 0 25	0	25
Timezone isn't being set correctly I have a log file with events that look like: < Start > Timestamp: 2/27/2015 8:34:14 PM Information: Message: Refres... by jwinderDDS Path Finder in Getting Data In 03-02-2015 0 2	0	2
How many sourcetypes are considered too many in terms of performance? A Splunk estate I came across has hundreds of sourcetypes, mostly creating a new sourcetype per different log, regard... by splunk_zen Builder in Getting Data In 03-02-2015 0 2	0	2
What is the frequency with which logs are read in Splunk? What is the frequency with which logs are read in Splunk? Does delay in seeing recent log details in Splunk related t... by garimayadav New Member in Getting Data In 03-01-2015 0 4	0	4
What are recommendations for monitoring information on a Linux server? Hi, I wish to monitor linux server info like number of CPU, processor, linux version etc in Splunk. What will be th... by newbiesplunk Path Finder in Getting Data In 03-01-2015 0 1	0	1
How to get grand total or sum of the currency field (in excel currency format $1,234.10) to display as a result? I uploaded a .CSV file with 30,000 events into Splunk with currency amount (excel currency format '($1,234.10)'. Usi... by quanteq Path Finder in Getting Data In 02-28-2015 1 10	1	10
Why are dependent dynamic drop-down inputs displaying epoch time values instead of the format HH:MM in Simple XML? Hi All; 3 Drop down inputs right now are being used as a custom timepicker. The first one is used to select any of t... by tdiestel Path Finder in Getting Data In 02-27-2015 1 1	1	1
How will Splunk handle the clock change for leap seconds in June 2012? See this webpage for reference - http://www.timeanddate.com/time/leapseconds.html On June 30 2012, an extra second w... by mctester Communicator in Getting Data In 02-27-2015 4 2	4	2
Things to do when you first install Splunk? What are the things that you normally do as part of a Splunk server installation? David Carasso published a nice lis... by lguinn2 Legend in Getting Data In 02-27-2015 1 6	1	6

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

How to handle parsing of CSV files with fields containing commas?

What are the different mechanisms for importing data into Splunk on premise?

Why is my script to override the host name in inputs.conf for a universal forwarder not applying to perfmon sourcetype?

How to handle a logfile with two timestamps

UDP 514 Syslog - Using transform with Cisco IronPort logs

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

What is the order of precedence when there are conflicting configs (such as timezone) at the sourcetype, host and source level?

Local Users on Universal Forwarder and Remote CLI?

How to troubleshoot why I am receiving no data from my universal forwarder?

Nightly install of Universal Forwarder, random regmon crashes

Why is my Linux forwarder not sending data to the indexer?

Is it possible to run 'splunk list monitor' for a universal forwarder (deployment client) remotely?

Is it normal behavior for JSON labels, not just actual key/value data, to be counted against license usage and how to prevent this?

How to remotely install and configure a universal forwarder to point to 1 of 10 intermediate forwarders?

What is port 8089 for and can I disable it?

Why are the timestamps for events indexed in Splunk behind by 5 hours compared to the original logs?

Hunk - assigning sourcetype

Timezone isn't being set correctly

How many sourcetypes are considered too many in terms of performance?

What is the frequency with which logs are read in Splunk?

What are recommendations for monitoring information on a Linux server?

How to get grand total or sum of the currency field (in excel currency format $1,234.10) to display as a result?

Why are dependent dynamic drop-down inputs displaying epoch time values instead of the format HH:MM in Simple XML?

How will Splunk handle the clock change for leap seconds in June 2012?

Things to do when you first install Splunk?

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

What's the difference between ingesting TCP as TCP...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation