Getting Data In

Discussions

Thread Info

How is deployment of universal forwarders on AWS servers being done? Ideas needed.

Hello Since many companies are moving towards cloud based servers how can we handle splunk UF deployment on cloud ...

by Motivator in

Can refresh method push new apps from DS ServerClass to universal forwarder in AWS environment?

We have a large AWS Environment and I want to try if we can refresh the UF to get the apps mentioned for it the DS Se...

by Motivator in

How to build JSON object with python script?

I am making a custom module and cannot, for the life of me, figure out how the python script is working. I am using t...

by Path Finder in

Best methods for handling large events and multi-line parsing issue?

This is two part question that deals with isolating metric data within a multi-line event where the metric identifier...

by Engager in

Is it possible to find when the next scheduled run of a scripted input will occur?

Is it possible to find the time of the next scheduled run of a scripted input from within Splunk? The Searches, r...

by Contributor in

Splunk for SQL App (i.e. database activity monitoring)

Is Splunk planning to create and/or provide a general umbrella-ish Splunk for SQL App (or a solution suite) for monit...

by Splunk Employee in

How to feed Splunk with remote custom input?

Hi, I want to create an app to feed a Splunk server with my custom data. I saw in C# sdk I can build a ModularInpu...

by Engager in

Is it possible to use Splunk for real time monitoring and alerting of uptime and services?

Hi, I was wondering if it were possible to use Splunk almost like a whatsupgold or solarwinds for real time monito...

by Engager in

Can an Oracle database be used as a data source for Splunk DB Connect?

Hello, I have my log files stored on an Oracle Database. I would like Splunk to view those log files and use them ...

by New Member in

Why my truncate configuration on my universal forwarder is not working?

Hi All, I setup one universal forwarder on my windows server and forward the logs to my linux splunk instance, and...

by Explorer in

Indexing a CSV data file with more than one set of data

Hi All, Just curious about the best method to index a CSV file with multiple sets of data inside? The basic for...

by Builder in

How do i ignore the new line character in the _raw field?

Hello All, I am forwarding some csv data into splunk from a script. The problem is splunk is applying a newline chara...

by Champion in

Specify WMI input index?

It looks like I can enable WMI via wmi.conf, but wmi.conf.spec doesn't list index= as a valid parameter for a WMI inp...

by Motivator in

XML Log Line Breaking and Timestamps

Hello, I have a problem I could use some help with. I need to extract data from a XML log file (entries are labell...

by Explorer in

How to remove clients from a server class

Hi, I need to delete some clients from a server class. I tried simply removing them from the Include/whitelist tex...

by Champion in

Security Event whitelist regex filter

I need to filter logon event (eventcode = 4624) only for user with name SA-* New Logon: Security ID: TEST\SA-user0...

by Engager in

Best way to deploy new limits.conf on Windows universal forwarder?

Hi, We have Splunk 6 with Deployment server. I'm trying to understand how to best deploy limits.conf with an ap...

by Explorer in

How to use wildcards on inputs.conf to monitor specific directories?

Hi, I need to monitor the following: /apps/log/ /access/today today is the file, but the webser...

by Champion in

How to get Splunk to recognize correct event timestamp from extracted log?

Hi, When i inject app server logs with sourcetype=access_combined, the timing for the event timestamp seems to be inc...

by Path Finder in

Indexing CSV file that changes daily

I have been looking all over answers and trying various things and not getting the to bottom of this issue. I have a ...

by Path Finder in

Import wildcard with sourcetypes

When importing data into splunk I would like to pull all the files from a specific directory besides special files th...

by Explorer in

How to break events in XML files?

Hi guys, I have a task at hand: I must upload an XML file and break the events, so that Splunk recognizes them. I am ...

by Explorer in

Users logged into specific workstation at a given time

Hello, I am new to Splunk and was curious as to if there is a way to search specifically what user was logged into...

by Contributor in

Can't extract simple YYYYMMDD data to be event date...

I have PSV files in such format. Date is in 2nd column. Haven't spent much time to try different setting, but Splunk ...

by Communicator in

Windows Event Log Blacklist not Blacklisting

I'm running Splunk 6.1 as my indexer. I have a 6.1 universal forwarder setup on a windows box and I'm trying to filte...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How is deployment of universal forwarders on AWS servers being done? Ideas needed.

Can refresh method push new apps from DS ServerClass to universal forwarder in AWS environment?

How to build JSON object with python script?

Best methods for handling large events and multi-line parsing issue?

Is it possible to find when the next scheduled run of a scripted input will occur?

Splunk for SQL App (i.e. database activity monitoring)

How to feed Splunk with remote custom input?

Is it possible to use Splunk for real time monitoring and alerting of uptime and services?

Can an Oracle database be used as a data source for Splunk DB Connect?

Why my truncate configuration on my universal forwarder is not working?

Indexing a CSV data file with more than one set of data

How do i ignore the new line character in the _raw field?

Specify WMI input index?

XML Log Line Breaking and Timestamps

How to remove clients from a server class

Security Event whitelist regex filter

Best way to deploy new limits.conf on Windows universal forwarder?

How to use wildcards on inputs.conf to monitor specific directories?

How to get Splunk to recognize correct event timestamp from extracted log?

Indexing CSV file that changes daily

Import wildcard with sourcetypes

How to break events in XML files?

Users logged into specific workstation at a given time

Can't extract simple YYYYMMDD data to be event date...

Windows Event Log Blacklist not Blacklisting

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions