Getting Data In

Thread Info

How to correlate two sourcetypes on a single field?

I wish to correlate two sourcetypes on a single field which I would expect should look something like this: (sourc...

by Path Finder in

Why is Splunkd daemon not responding trying to use the DB Connect app to connect to my SQL Server 2014?

Hi, I'm trying to use the DBCONNECT app to connect to my SQL Server 2014 instance. I have installed the app succes...

by Engager in

Sourcetype questions

Hello, colleagues! Ask for help. I have a log species: Nov 7 17:31:50 domain.domain {"user":"email@domain","m...

by Communicator in

DB Connect: Why datetime field in mssql is imported as epoch time and how to convert it to a time-searchable value?

I have been unable to find a working solution to my problem. My datetime field in my mssql database looks like it is ...

by Path Finder in

Is there any reason not to run Splunk as root?

Trying to create a Data Input on a forwarder using TCP Port 514. Can't do it as the splunk id. No problem creating DI...

by Communicator in

Why is perl script not working in Splunk 6.2 and getting error 'Cannot login to: https://127.0.0.1:8834/'"?

Hi. I'm using Splunk 6.2 with a scripted input. My script works fine from shell. Shell: root@ubuntu:/opt/spl...

by Communicator in

Shrink or reduce indexer

HI, I have been gathering data on an indexer for more than 2 years and though data has been useful but i think we ...

by Path Finder in

Why is my configuration for XML data finding the timestamp, but not converting it to the proper format?

I have an xml log file with a weird timestamp. I have used a combination of TIME_FORMAT= %Y%m%d-%H:%M:%S TIME_PRE...

by New Member in

Why are logs not being forwarded after installing the universal forwarder on Linux machineRHEL?

hi all, after installing splunk universal forwarder on linux machine RHEL i have this message after ./splunk list ...

by Path Finder in

I can not sort the fields which were loaded from csv file.

Usually I can use the triangle button for field sorting of the table. But I can not use the triangle button for th...

by Explorer in

Getting remote WMI based data without forwarder

We have Splunk indexer running on Windows 2008 server with domain account. Domain account what used to run the servic...

by Communicator in

SH Pool Error in Python Log

I have a SH pool 6.1.3 and am seeing this error in the pyton_modular_input.log. I also have ES 3.1.1 installed. This ...

by Explorer in

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

I got some info from an ArcSight engineer that Splunk recently brought out its own App that will preserve log data in...

by Explorer in

Is it possible to install a Splunk forwarder on centralized rsyslog server to filter out unwanted events before forwarding data to our indexer?

We use the nxlog agent on out Windows domain controllers/Exchange servers/IIS servers and forward to a centralized rs...

by Influencer in

Sending Events to 3rd Party Products, e.g. ArcSight with Splunk 6

Is there any app or process available in Splunk 6 to send events to 3rd Party Product, such as ArcSight. I am NOT tal...

by Explorer in

How to configure timestamp and other data formatting for multiline Exchange Autodiscover logs?

I have been asked to take on some logs which have a predictable format but which on a one-shot test input shows that ...

by Motivator in

Where can I find information on sending data other than syslog from Splunk to ArcSight?

I'm finding lots of info on sending Syslog data from SPLUNK to Arcsight but nothing else? Where is the info on Win...

by Explorer in

Device specific timezone in splunk

If i set Timezone specific to host names , how do splunk search for the results , say for eg : I have a device...

by Motivator in

How to convert all fields that have "Date" in the name to a standard date format from JSON message data?

Hi, I have a number of date fields in a JSON message. I would like to be able to use standard date comparison functio...

by Path Finder in

How to monitor mmc certificates snap-in?

how to set the inputs.conf in UF to monitor Certificates Snap-in via mmc ? Windows

by Contributor in

I moved source data, they are not reindexed

Hello I have two directories dir1 and dir2 monitored by splunk, new files in each directory are indexed, respectiv...

by Communicator in

Why are Apache logs on a Windows server not forwarding with our universal forwarder configuration?

Hello, We’re trying to configure forwarding of all the Apache logs on a Windows server using the EnterpriseForward...

by Explorer in

Are there any ways to increase the performance of our forwarder's current file monitor reading syslog files at 10MB/sec?

We have a forwarder file monitor reading syslog files being churned out 10MB/sec...are there any tweaks to increase p...

by Path Finder in

How to configure props.conf to recognize the exact timestamp format hh:mm.ss,sss in our data?

events from a particular source have timestamps formatted as follows: hh:mm.ss,ssss - example 02:07.21,0241 this i...

by Path Finder in

How to override and change incoming source and host names with JSON source and host fields?

I have JSON fields for source and host which I would like to use to override the incoming source and host. What is th...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to correlate two sourcetypes on a single field?

Why is Splunkd daemon not responding trying to use the DB Connect app to connect to my SQL Server 2014?

Sourcetype questions

DB Connect: Why datetime field in mssql is imported as epoch time and how to convert it to a time-searchable value?

Is there any reason not to run Splunk as root?

Why is perl script not working in Splunk 6.2 and getting error 'Cannot login to: https://127.0.0.1:8834/'"?

Shrink or reduce indexer

Why is my configuration for XML data finding the timestamp, but not converting it to the proper format?

Why are logs not being forwarded after installing the universal forwarder on Linux machineRHEL?

I can not sort the fields which were loaded from csv file.

Getting remote WMI based data without forwarder

SH Pool Error in Python Log

SPLUNK APP that preserves events in the same format as it receives them for integration purposes with ArcSight

Is it possible to install a Splunk forwarder on centralized rsyslog server to filter out unwanted events before forwarding data to our indexer?

Sending Events to 3rd Party Products, e.g. ArcSight with Splunk 6

How to configure timestamp and other data formatting for multiline Exchange Autodiscover logs?

Where can I find information on sending data other than syslog from Splunk to ArcSight?

Device specific timezone in splunk

How to convert all fields that have "Date" in the name to a standard date format from JSON message data?

How to monitor mmc certificates snap-in?

I moved source data, they are not reindexed

Why are Apache logs on a Windows server not forwarding with our universal forwarder configuration?

Are there any ways to increase the performance of our forwarder's current file monitor reading syslog files at 10MB/sec?

How to configure props.conf to recognize the exact timestamp format hh:mm.ss,sss in our data?

How to override and change incoming source and host names with JSON source and host fields?

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions