Getting Data In

Thread Info

Creating custom sourcetype from part of log filename results with field sourcetype=$1

Firstly, I'll give my apologies now as you'll find my attempt to explain my problem will most likely show my inexperi...

by Explorer in

What is the CLI command to generate input definition for testing modular inputs?

I know there is a CLI command to generate an Input Definition for testing Modular Inputs, but I cannot seem to find a...

by Path Finder in

How to expore a result set in a tab separated format (TSV) instead of CSV?

Hi All I have a requirement that a result set be exported in tab separated format (TSV) rather than comma separate...

by Path Finder in

Does Splunk offer a Universal forwarder compatible with HP-UX V11.00?

Are any current HP-UX Universal Forwarder offerings backwards compatible to HP-UX V11.00?

by New Member in

Splunk forwarder not sending data - Linux

Greetings, I have 2 servers that suddenly stopped sending data to the indexer. I am struggling to find the root ca...

by New Member in

How to create an alert when CISCO IPS App is not collecting logs.

Hi Folks Can anybody advice how to create an alert when the Splunk CISCO IPS does not poll the data from the IPS d...

by Explorer in

calculate time difference between starting and completing a task

I have a database that stores a separate event every time someone starts or stops a task. This should be a simple tas...

by Path Finder in

Not able to install splunk universal forwarder with error code: -1073741795 in windows server 2003 std

Hi Support team, When i tried to install splunk unversal forwarder in windows server 2003 std 32 bit, it occurred ...

by Explorer in

How can I configure splunk to read dates in dd/mm/yyyy format?

how do i get splunk to read the date as dd/mm/yyyy, it is currently reading mm/dd/yyyy

by New Member in

Can we send data from forwarder to F5 URL on port 80 which will redirect data to indexer at port 9997?

I have multiple forwarders which are sending data to one indexer at port 9997, I want to transfer data from forwarder...

by Explorer in

How to total the buckets that will roll from cold to frozen when changing frozenTimePeriodinSecs

I'm running out of space in my cold bucket volume, and want to reduce the default frozenTimePeriodInSecs to force a b...

by Path Finder in

Can symlink cause Splunk to index files twice?

Due to some inconsistencies in how some of our servers use Symbolic Links (symlinks), we need to understand how Splun...

by Path Finder in

WinEventLogChannel - saveCheckpointStr : Unable to write checkpoint with a null string

Hi, there are lots of ERROR messages in splunkd.log (version 4.2.3 , play as LightForwarder) and this Splunk LWF s...

by Communicator in

Data Input: Timestamps are read incorrectly for half of file.

I am currently trying to read in data from a .csv that has a timestamp column. When I upload the file and go to previ...

by Engager in

Not able to read

Could you please help me in getting file?

by Explorer in

Windows 2008R2 Universal Forwarder "Could not send data". How to configure outputs.conf?

Hi, I'm new to Splunk and I'm trying to set up a Universal Forwarder to forward some data to our Splunk server. Th...

by New Member in

Forwarding and Indexing backlog

We experienced communication issues between the forwarders and the splunk server, say on the 2nd of November. Everyth...

by Explorer in

Issues of 'ignoreOlderThan' in inputs.conf setting

Hi,guys,in my scenario,a universal forwarder(UF vertion 4.3.2 for aix) monitores about 700 small files, the cpu usage...

by Explorer in

splunk to monitor password protected files

Hi, I am trying to configure splunk to monitor zip files. All the files inside the zip files are password protected a...

by New Member in

How much splunk memory use should I expect while monitoring a directory with many entries?

If I remove the only input stanza I have on a forwarder and restart Splunk the memory usage is 2GB. How can a forward...

by Path Finder in

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

I'm trying to create a dashboard for missing universal Forwarders. I tried using _internal logs, but for a few of the...

by Communicator in

|delete hang indefinetely

Issue : I am trying to "delete" bunch of events from the index by using "| delete" command. The search without "| de...

by Splunk Employee in

how to assign csv file column value as event timestamp?

We have csv file dump and its contains the user profile data with column Account_Creation_Date (sample data : "2008-0...

by Builder in

How to configure multi-value parameters for a Modular Input?

I'm building a Modular Input and I need to accept an arbitrary number of values for a given parameter. The SDKs seem ...

by Path Finder in

Is there a way to use XML / spath for files that aren't pure XML?

I'm using Splunk 6.1.3 (build 220630) on RH 6.5, and I've read much about parsing XML into Splunk. Nonetheless, I thi...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Creating custom sourcetype from part of log filename results with field sourcetype=$1

What is the CLI command to generate input definition for testing modular inputs?

How to expore a result set in a tab separated format (TSV) instead of CSV?

Does Splunk offer a Universal forwarder compatible with HP-UX V11.00?

Splunk forwarder not sending data - Linux

How to create an alert when CISCO IPS App is not collecting logs.

calculate time difference between starting and completing a task

Not able to install splunk universal forwarder with error code: -1073741795 in windows server 2003 std

How can I configure splunk to read dates in dd/mm/yyyy format?

Can we send data from forwarder to F5 URL on port 80 which will redirect data to indexer at port 9997?

How to total the buckets that will roll from cold to frozen when changing frozenTimePeriodinSecs

Can symlink cause Splunk to index files twice?

WinEventLogChannel - saveCheckpointStr : Unable to write checkpoint with a null string

Data Input: Timestamps are read incorrectly for half of file.

Not able to read

Windows 2008R2 Universal Forwarder "Could not send data". How to configure outputs.conf?

Forwarding and Indexing backlog

Issues of 'ignoreOlderThan' in inputs.conf setting

splunk to monitor password protected files

How much splunk memory use should I expect while monitoring a directory with many entries?

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

|delete hang indefinetely

how to assign csv file column value as event timestamp?

How to configure multi-value parameters for a Modular Input?

Is there a way to use XML / spath for files that aren't pure XML?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions