Getting Data In

Discussions

Thread Info

Trigger HTTP call for every event received at Real time

I have an use case in which for every event/data-input that reaches the Splunk server, certain fields need to be pars...

by Explorer in

How to apply two levels of filtering during parsing in heavy forwarder?

I have data on which i want to apply 2 level of filtering before indexing Let the complete data set be called A Le...

by Communicator in

Event latency due to Intermittent forwarder & indexer timed out issues

Our site has 20+ indexers and 5000+ forwarders. The indexers and forwarders are on splunk 6.0.x. We are suspecting...

by Splunk Employee in

How to check Splunk forwarder versions on multiple hosts?

I want to check the Splunk forwarder versions of about 70-90 hosts. Is there any way to do this? Is it possible from ...

by Explorer in

extract date with characters between

I try to transform a date string, into a date, to enable splunk to sort it. Here is a sample : 2013-01-17T09:35:49...

by Builder in

Can the splunk forwarder and the splunk instance reside on the same server and partition with out conflict?

I have an instance of splunk installed and the universal forwarder installed on the same partition? Does Splunk suppo...

by Path Finder in

How to find metrics on license usage for my Cisco sourcetype?

I want to find the license usage for my Cisco sourcetype. I found this on splunk answers http://answers.splunk.com...

by Motivator in

Can one read the data backwards?

I have an odd situation where the "endswith" transaction is not always being written out by the application so that i...

by Contributor in

Why props.conf configuration with unarchive_cmd on udp input doesn't work?

Hi, i'm trying to implement a custom Charset-Decoder for an udp input. I'm using the following settings in props.c...

by Path Finder in

How to import more than 50 fields with CSV in Splunk 6?

We are having a problem with importing all of our data fields because we are only getting the first 50 fields using v...

by New Member in

how to count the number of files and directories in a folder in splunk

Hi, Please Could someone tell me how to count the number of files and directories in a folder in splunk ? Regards

by Communicator in

Has there been a change with indexer and universal forwarder compatibility?

Earlier the Splunk docs read 6.0 indexers are backwards compatible with forwarders down to 4.x but now it says 6.0 in...

by Explorer in

Does the Universal Forwarder have a Web Interface

Does the universal forwarder have a web interface? I just installed it on an Ubuntu server and was trying to decipher...

by New Member in

How to "create" an app through the RESTAPI?

I like to keep my index configurations for indexers modular, keeping groups of indexes for a set purpose under their ...

by Motivator in

The file count for my monitored directory is higher than expected. Is my (black|white)list not being taken into account?

When I look in Manager >> Data Inputs >> Files & Directories, the entry for the monitored directory I have defined wi...

by Splunk Employee in

Windows Universal Forwarder - Missing Event Logs

I've been running a daily saved search for EventCode=1221 (Exchange space reporting). I noticed that one of my mai...

by Builder in

Reload passwd - SOLVED

I want to replace the existing passwd file on indexers with a new file. The only way to accomplish this is to restart...

by Builder in

ローカルのWindowsイベントログファイルを取り込む方法

別PCで保存時，ローカルに持ってきたWindowsイベントログファイル（.evtx）を Splunkに取り込むためにはどのような手順を踏めば良いでしょうか。既出の質問でしたら申し訳ございませんが，スレッド番号をお教えください。

by Engager in

Timezones & IIS W3C Extended Logging - why don't they work?

By way of a light forwarder, I'm receiving IIS Logs in W3C Extended Format from 5 boxes which logs events in GMT time...

by Explorer in

Input Type="Text" Length Question

Hey, I'm hoping this will be straight forward  In the following code: <fieldset> <input type="text" token="nam...

by Motivator in

What are the file locations of database connection information and input queries stored in Splunk directory?

Hi, Need to know file location of database connection information and Database input queries stored in Splunk dire...

by Communicator in

How is deployment of universal forwarders on AWS servers being done? Ideas needed.

Hello Since many companies are moving towards cloud based servers how can we handle splunk UF deployment on cloud ...

by Motivator in

Can refresh method push new apps from DS ServerClass to universal forwarder in AWS environment?

We have a large AWS Environment and I want to try if we can refresh the UF to get the apps mentioned for it the DS Se...

by Motivator in

How to build JSON object with python script?

I am making a custom module and cannot, for the life of me, figure out how the python script is working. I am using t...

by Path Finder in

Best methods for handling large events and multi-line parsing issue?

This is two part question that deals with isolating metric data within a multi-line event where the metric identifier...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Trigger HTTP call for every event received at Real time

How to apply two levels of filtering during parsing in heavy forwarder?

Event latency due to Intermittent forwarder & indexer timed out issues

How to check Splunk forwarder versions on multiple hosts?

extract date with characters between

Can the splunk forwarder and the splunk instance reside on the same server and partition with out conflict?

How to find metrics on license usage for my Cisco sourcetype?

Can one read the data backwards?

Why props.conf configuration with unarchive_cmd on udp input doesn't work?

How to import more than 50 fields with CSV in Splunk 6?

how to count the number of files and directories in a folder in splunk

Has there been a change with indexer and universal forwarder compatibility?

Does the Universal Forwarder have a Web Interface

How to "create" an app through the RESTAPI?

The file count for my monitored directory is higher than expected. Is my (black|white)list not being taken into account?

Windows Universal Forwarder - Missing Event Logs

Reload passwd - SOLVED

ローカルのWindowsイベントログファイルを取り込む方法

Timezones & IIS W3C Extended Logging - why don't they work?

Input Type="Text" Length Question

What are the file locations of database connection information and input queries stored in Splunk directory?

How is deployment of universal forwarders on AWS servers being done? Ideas needed.

Can refresh method push new apps from DS ServerClass to universal forwarder in AWS environment?

How to build JSON object with python script?

Best methods for handling large events and multi-line parsing issue?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Akamai SIEM add-on configuration IDs in batch

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Getting Data In

Are you a member of the Splunk Community?

Discussions