Getting Data In

Discussions

Thread Info

editing input.conf is not reflects to system

hi, i just try to whitelist security log as below but it is not working in fact non of these attribute reflects to sy...

by New Member in

can you remove or archive the original CSV file once it is indexed?

i have a large CSV file / lookup table which i'm writing to via outputlookup. it's approaching 1G in size and i'm ...

by Contributor in

Why is deployment of new indexes.conf via serverclass setting incorrect group ID in NIS+ environment?

I'm using splunk 6.1.3 with a deployment server. I distribute indexes.conf to my indexers via an indexer serverclass....

by Contributor in

How can I ignore internal splunk data when searching?

Without having to add a filter every time I search, is it possible to ignore all the internal splunk data when runnin...

by Explorer in

inputs.conf files starting and ending with different patterns

I'm sure I'm missing something, but is there any way to get an input stanza equivalent to unix ls /opt/logs/conne...

by Builder in

Why did adding an indexer to our deployment server uninstall all of our custom applications after the required restart?

After a time of constant change to deal with issues I am rebuilding our deployment server using all defaults configur...

by Communicator in

Why is each line of syslog prepended with a number in angle brackets like <123>?

Our central syslog server forwards syslog data to my Splunk server, using TCP (secure syslog). In the Splunk web G...

by Contributor in

How do I get Splunk for Cisco ASA to recognize names for src or dest?

Our Cisco ASA logs sometimes contain names that represent objects instead of the IP address. Example: Dec 18 05:37...

by Explorer in

props.conf TIME_FORMAT for middle of the line DATETIME

I'm having trouble recognizing the timestamp for a logs with this structure, (field timestamp appears = none in Splun...

by Builder in

How to add a static field using a lookup file for a partial match in the Universal forwarder?

I am new to splunk and trying to add a static field (action) using a lookup file. It needs to be a partial match with...

by New Member in

Using syslog to forward data or Universal forwarder

I have setup splunk 6.1.1. In our environment we are running rsyslog in a failover configuration. Rsyslog is collecti...

by New Member in

Splunk DB Connect: Why Web Access data is being logged into jbridge.log?

Hello, I noticed today that Web Access data is being logged inside the DB Connect Logfile $SPLUNK_HOME/var/log/spl...

by Builder in

What is the path for input files

I am new to Splunk...I have been given a query that uses an input file. I know the name of the input file, but how ca...

by Explorer in

Need to re-create similar data chart within splunk with Windows Event ID's

Hello everyone, I'm trying to re-create a similar bar chart as seen below, within splunk. Example: http://i.im...

by Engager in

Is there a way in which we can filter the records fetched, based on a datetime column by specifying the start and end datetimes?

I have a requirement where i have to filter the records fetched between 2 date times. How to include this filter crit...

by New Member in

datainput issue

We used free enterprise splunk. we import logs into splunk. Some log files data won't show in splunk I want to ...

by Explorer in

Splunk indexer showing events intermittently

Hi All, My splunk indexer if checked for the last 2 days shows intermittent logs. I cannot see events for a good 2...

by New Member in

How to configure Splunk to read a csv file sent from a forwarder?

Hello! I'm new to Splunk and trying to setup a proof of how Splunk could read log files from an application I wrote t...

by Path Finder in

Get Perfmon drive info for specific disks Splunk 6.1

This is somewhat of a repeat question, but since the original is a couple of years old and does not produce results f...

by Communicator in

headers in csv do not appear as field names in search result

Hi, I have a csv file which contains data like this: "region","country","city" "emea","united kingdom","london" "e...

by Path Finder in

Create aliases for common sourcetypes

I'd like to create a custom name for a common sourcetype. For instance: inputs.conf [monitor:///my/special/dire...

by Explorer in

How to extract the first and last start time (as conditional term) and only use them in a search?

Hi Guys, in my data I have time slots in this format: starttime="1403032818" for each field. the number of s...

by Explorer in

How to set up an alert on all search heads if any universal forwarder has not sent data for a certain amount of time?

I need to setup an alert on all search heads if any universal forwarder has not sent data in last 6 or 4 hours. The a...

by Path Finder in

Is it possible to configure load balancing on universal forwarders with preferable servers in tcpout group?

I'd like to configure universal forwarders on boxes in multiple AZ to forward event to a preferable heavy forwarder l...

by Path Finder in

How does Splunk handle timestamps from different timezones when it doesn't know the offset?

How does Splunk handle timestamps from different timezones when it doesn't know offset? I'm seeing different behavior...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

editing input.conf is not reflects to system

can you remove or archive the original CSV file once it is indexed?

Why is deployment of new indexes.conf via serverclass setting incorrect group ID in NIS+ environment?

How can I ignore internal splunk data when searching?

inputs.conf files starting and ending with different patterns

Why did adding an indexer to our deployment server uninstall all of our custom applications after the required restart?

Why is each line of syslog prepended with a number in angle brackets like <123>?

How do I get Splunk for Cisco ASA to recognize names for src or dest?

props.conf TIME_FORMAT for middle of the line DATETIME

How to add a static field using a lookup file for a partial match in the Universal forwarder?

Using syslog to forward data or Universal forwarder

Splunk DB Connect: Why Web Access data is being logged into jbridge.log?

What is the path for input files

Need to re-create similar data chart within splunk with Windows Event ID's

Is there a way in which we can filter the records fetched, based on a datetime column by specifying the start and end datetimes?

datainput issue

Splunk indexer showing events intermittently

How to configure Splunk to read a csv file sent from a forwarder?

Get Perfmon drive info for specific disks Splunk 6.1

headers in csv do not appear as field names in search result

Create aliases for common sourcetypes

How to extract the first and last start time (as conditional term) and only use them in a search?

How to set up an alert on all search heads if any universal forwarder has not sent data for a certain amount of time?

Is it possible to configure load balancing on universal forwarders with preferable servers in tcpout group?

How does Splunk handle timestamps from different timezones when it doesn't know the offset?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions