Getting Data In

Thread Info

How to configure inputs.conf and props.conf to monitor multiple CSV files in a directory and recognize timestamp in 2nd column?

Hey everyone, I am trying to use Splunk to monitor and index multiple CSVs in a directory (e.g. log1.csv / log2.cs...

by New Member in

What is the default delimiter for multivalue fields in Splunk when exporting a table to a CSV file?

Hi guys, i just want to know the default delimiter for multivalue field in splunk when i export a table to a csv.f...

by New Member in

How to send back to old data to new server in forwarder

Hi All, I created the new splunk server and found that the forwarder is only send the latest log to the new server...

by Path Finder in

I would like to get some help to process the following timestamp, included in the example, please:

The following is one event of the data: MACUL DIRP101 JUL14 00:00:00 5577 INFO DIRP_FLOW_LOG REASON= 15 SSYS#=...

by Path Finder in

Can someone please explain to me why Splunk Universal Forwarder uses port 8089?

Can someone please explain to me why the Splunk Universal Forwarder uses port 8089 and what problems would arise if I...

by Explorer in

How to configure universal forwarder to forward all Windows events to the Windows index, not main index?

We have a new Splunk server. We have installed the universal forwarder on the server and it is currently sending the ...

by Explorer in

Is it possible to use WMI on a Windows universal forwarder and send it to indexers and search heads running Linux?

I currently am running splunk enterprise on a Linux Distribution (Red Hat). I am following the guide to import WMI da...

by Explorer in

How to forward indexed data that needs to be SSL encrypted to a second indexer?

Hello, Looking to forward data from one indexer to a second indexer. The are multiple reasons for the separate ind...

by Explorer in

Using Multiple Values for a Single Choice in a DropDown Input

Hi All, Is there a way to add multiple values in a drop down to a single choice? For example, I have a drop down w...

by Builder in

failed to parse timestamp at data preview

Hi, When i do the data preview, it stated "Failed to parse timestamp, defaulting to file modetime". The correct times...

by Path Finder in

Looking for a workaround for Windows UFs not starting up after an improper shutdown (SPL-36597)

Occasionally, our Windows terminal servers kill the UF service during shutdown, leaving in a stale .pid file behind. ...

by SplunkTrust in

Field extraction only works partial

Hello Splunkers, I created a (index-time) field extraction with the following regex: REGEX = ^\d+;\d{11}02(\d{...

by Explorer in

Universal Forwarder Deployment

Good morning, i'm new to Splunk and have a question regarding universal forwarder deployment. I installed the UF o...

by Path Finder in

Is it possible to index .mp3 files?

I can't seem to find a definitive answer anywhere if it was possible to do this, or if not, why? When I attempt to ma...

by New Member in

Adding a directory with variables

Hi, I'm trying to index a directory, that has subdirectories in this format: -Directory ---Sub Directory ...

by Builder in

Will installing a Splunk universal forwarder on my linux/Windows server reduce its performance?

By installing Splunk universal forwarder in my linux/Windows server , will it reduce its performance?

by New Member in

How to troubleshoot two indexers that are not load balancing properly?

I have a small development environment with one search head and two indexers. I've noticed that the two indexers are ...

by Explorer in

Can I Iterate on logs and compare two logs from another source?

Hi, I have a report that log results for multiple IDs from 2 different SourceType. I need to find out if the repor...

by New Member in

time range customization

I have an xml file. Over which i m performing searches. the result i m getting is in this form Text ...

by Explorer in

how to format date without year in the time stamp

I have a file that I'm trying to get the date right on - but am not having much success, and haven't been able to fin...

by Path Finder in

Indexer performance

We are about to add additional indexers to our Splunk infrastructure. We believe this will help with some of our sear...

by Splunk Employee in

UF on Server 2012 R2 Not Pulling in WinEventLog Application

This is the first time I have tried running a UF on a server 2012 R2 box. Configuration is the same as my other win b...

by Builder in

Connect to Splunk forwarder with java SDK

Hello, Can I use the Java SDK to connect to a Splunk Forwarder and send data through TCP input ? Do I need an heav...

by Path Finder in

Date without year, wrong index.

Hello... I'm having some trouble in indexing some log files, because of the format they are. Example: 11/12 ...

by Engager in

How to modify an existing scheduled search and enable it via REST API?

Hello Experts, I'm trying to enable a scheduled search via a rest call. I'm given the name of the search, and when...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to configure inputs.conf and props.conf to monitor multiple CSV files in a directory and recognize timestamp in 2nd column?

What is the default delimiter for multivalue fields in Splunk when exporting a table to a CSV file?

How to send back to old data to new server in forwarder

I would like to get some help to process the following timestamp, included in the example, please:

Can someone please explain to me why Splunk Universal Forwarder uses port 8089?

How to configure universal forwarder to forward all Windows events to the Windows index, not main index?

Is it possible to use WMI on a Windows universal forwarder and send it to indexers and search heads running Linux?

How to forward indexed data that needs to be SSL encrypted to a second indexer?

Using Multiple Values for a Single Choice in a DropDown Input

failed to parse timestamp at data preview

Looking for a workaround for Windows UFs not starting up after an improper shutdown (SPL-36597)

Field extraction only works partial

Universal Forwarder Deployment

Is it possible to index .mp3 files?

Adding a directory with variables

Will installing a Splunk universal forwarder on my linux/Windows server reduce its performance?

How to troubleshoot two indexers that are not load balancing properly?

Can I Iterate on logs and compare two logs from another source?

time range customization

how to format date without year in the time stamp

Indexer performance

UF on Server 2012 R2 Not Pulling in WinEventLog Application

Connect to Splunk forwarder with java SDK

Date without year, wrong index.

How to modify an existing scheduled search and enable it via REST API?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions