Getting Data In

Discussions

Thread Info

What issue would cause a heavy forwarder to show a status of "SplunkForwarder UNCONFIGURED ENABLED"?

we're in the process of investigating why our heavy forwarders are not forwarding events from the myriad universal fo...

by Path Finder in

Why is my index list not complete for Data Input Files and Directories?

When trying to pick my index from the list in Data Input Files & Directories it does not show. For some reason it onl...

by Path Finder in

Streamlined deployment - Windows

As we deploy many servers from VMware templates of RIS images - is there a way to have a splunk forwarder pre-configu...

by Engager in

How to configure props.conf to parse events on the correct date and re-index data after removing incorrectly parsed data?

Hey guys, I'm a new splunk user and my events are not sorting correctly. I have data coming from a UF that looks ...

by Engager in

DB Connect: How to prevent append command from sorting columns in alphabetical order in the result set?

by Contributor in

How to correlate two sourcetypes on a single field?

I wish to correlate two sourcetypes on a single field which I would expect should look something like this: (sourc...

by Path Finder in

Why is Splunkd daemon not responding trying to use the DB Connect app to connect to my SQL Server 2014?

Hi, I'm trying to use the DBCONNECT app to connect to my SQL Server 2014 instance. I have installed the app succes...

by Engager in

Sourcetype questions

Hello, colleagues! Ask for help. I have a log species: Nov 7 17:31:50 domain.domain {"user":"email@domain","m...

by Communicator in

DB Connect: Why datetime field in mssql is imported as epoch time and how to convert it to a time-searchable value?

I have been unable to find a working solution to my problem. My datetime field in my mssql database looks like it is ...

by Path Finder in

Is there any reason not to run Splunk as root?

Trying to create a Data Input on a forwarder using TCP Port 514. Can't do it as the splunk id. No problem creating DI...

by Communicator in

Why is perl script not working in Splunk 6.2 and getting error 'Cannot login to: https://127.0.0.1:8834/'"?

Hi. I'm using Splunk 6.2 with a scripted input. My script works fine from shell. Shell: root@ubuntu:/opt/spl...

by Communicator in

Shrink or reduce indexer

HI, I have been gathering data on an indexer for more than 2 years and though data has been useful but i think we ...

by Path Finder in

Why is my configuration for XML data finding the timestamp, but not converting it to the proper format?

I have an xml log file with a weird timestamp. I have used a combination of TIME_FORMAT= %Y%m%d-%H:%M:%S TIME_PRE...

by New Member in

Why are logs not being forwarded after installing the universal forwarder on Linux machineRHEL?

hi all, after installing splunk universal forwarder on linux machine RHEL i have this message after ./splunk list ...

by Path Finder in

I can not sort the fields which were loaded from csv file.

Usually I can use the triangle button for field sorting of the table. But I can not use the triangle button for th...

by Explorer in

Getting remote WMI based data without forwarder

We have Splunk indexer running on Windows 2008 server with domain account. Domain account what used to run the servic...

by Communicator in

SH Pool Error in Python Log

I have a SH pool 6.1.3 and am seeing this error in the pyton_modular_input.log. I also have ES 3.1.1 installed. This ...

by Explorer in

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

I got some info from an ArcSight engineer that Splunk recently brought out its own App that will preserve log data in...

by Explorer in

Is it possible to install a Splunk forwarder on centralized rsyslog server to filter out unwanted events before forwarding data to our indexer?

We use the nxlog agent on out Windows domain controllers/Exchange servers/IIS servers and forward to a centralized rs...

by Influencer in

Sending Events to 3rd Party Products, e.g. ArcSight with Splunk 6

Is there any app or process available in Splunk 6 to send events to 3rd Party Product, such as ArcSight. I am NOT tal...

by Explorer in

How to configure timestamp and other data formatting for multiline Exchange Autodiscover logs?

I have been asked to take on some logs which have a predictable format but which on a one-shot test input shows that ...

by Motivator in

Where can I find information on sending data other than syslog from Splunk to ArcSight?

I'm finding lots of info on sending Syslog data from SPLUNK to Arcsight but nothing else? Where is the info on Win...

by Explorer in

Device specific timezone in splunk

If i set Timezone specific to host names , how do splunk search for the results , say for eg : I have a device...

by Motivator in

How to convert all fields that have "Date" in the name to a standard date format from JSON message data?

Hi, I have a number of date fields in a JSON message. I would like to be able to use standard date comparison functio...

by Path Finder in

How to monitor mmc certificates snap-in?

how to set the inputs.conf in UF to monitor Certificates Snap-in via mmc ? Windows

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What issue would cause a heavy forwarder to show a status of "SplunkForwarder UNCONFIGURED ENABLED"?

Why is my index list not complete for Data Input Files and Directories?

Streamlined deployment - Windows

How to configure props.conf to parse events on the correct date and re-index data after removing incorrectly parsed data?

DB Connect: How to prevent append command from sorting columns in alphabetical order in the result set?

How to correlate two sourcetypes on a single field?

Why is Splunkd daemon not responding trying to use the DB Connect app to connect to my SQL Server 2014?

Sourcetype questions

DB Connect: Why datetime field in mssql is imported as epoch time and how to convert it to a time-searchable value?

Is there any reason not to run Splunk as root?

Why is perl script not working in Splunk 6.2 and getting error 'Cannot login to: https://127.0.0.1:8834/'"?

Shrink or reduce indexer

Why is my configuration for XML data finding the timestamp, but not converting it to the proper format?

Why are logs not being forwarded after installing the universal forwarder on Linux machineRHEL?

I can not sort the fields which were loaded from csv file.

Getting remote WMI based data without forwarder

SH Pool Error in Python Log

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

Is it possible to install a Splunk forwarder on centralized rsyslog server to filter out unwanted events before forwarding data to our indexer?

Sending Events to 3rd Party Products, e.g. ArcSight with Splunk 6

How to configure timestamp and other data formatting for multiline Exchange Autodiscover logs?

Where can I find information on sending data other than syslog from Splunk to ArcSight?

Device specific timezone in splunk

How to convert all fields that have "Date" in the name to a standard date format from JSON message data?

How to monitor mmc certificates snap-in?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions