Getting Data In

Thread Info

Specify WMI input index?

It looks like I can enable WMI via wmi.conf, but wmi.conf.spec doesn't list index= as a valid parameter for a WMI inp...

by Motivator in

XML Log Line Breaking and Timestamps

Hello, I have a problem I could use some help with. I need to extract data from a XML log file (entries are labell...

by Explorer in

How to remove clients from a server class

Hi, I need to delete some clients from a server class. I tried simply removing them from the Include/whitelist tex...

by Champion in

Security Event whitelist regex filter

I need to filter logon event (eventcode = 4624) only for user with name SA-* New Logon: Security ID: TEST\SA-user0...

by Engager in

Best way to deploy new limits.conf on Windows universal forwarder?

Hi, We have Splunk 6 with Deployment server. I'm trying to understand how to best deploy limits.conf with an ap...

by Explorer in

How to use wildcards on inputs.conf to monitor specific directories?

Hi, I need to monitor the following: /apps/log/ /access/today today is the file, but the webser...

by Champion in

How to get Splunk to recognize correct event timestamp from extracted log?

Hi, When i inject app server logs with sourcetype=access_combined, the timing for the event timestamp seems to be inc...

by Path Finder in

Indexing CSV file that changes daily

I have been looking all over answers and trying various things and not getting the to bottom of this issue. I have a ...

by Path Finder in

Import wildcard with sourcetypes

When importing data into splunk I would like to pull all the files from a specific directory besides special files th...

by Explorer in

How to break events in XML files?

Hi guys, I have a task at hand: I must upload an XML file and break the events, so that Splunk recognizes them. I am ...

by Explorer in

Users logged into specific workstation at a given time

Hello, I am new to Splunk and was curious as to if there is a way to search specifically what user was logged into...

by Contributor in

Can't extract simple YYYYMMDD data to be event date...

I have PSV files in such format. Date is in 2nd column. Haven't spent much time to try different setting, but Splunk ...

by Communicator in

Windows Event Log Blacklist not Blacklisting

I'm running Splunk 6.1 as my indexer. I have a 6.1 universal forwarder setup on a windows box and I'm trying to filte...

by New Member in

iis log missing time_taken field

We have multiple version of IIS but looks like an older version is missing the last field (time_taken). We still need...

by Path Finder in

Retention index or log 90 days

Hi. I use Splunk 6.1 free version, Can i config splunk for keep index or log 90 days and delete index or log older th...

by Engager in

Help parsing and breaking up multi-line event in props.conf

Hi, I'm having problems parsing the following lines, hoping someone can help me. Here's my props: ANNOTATE_P...

by Champion in

Help locating what forwarder data is coming from

I'm a new splunk user, so be kind  I have about 80% of my daily volume coming in what i believe to be un-needed i...

by Path Finder in

timestamp format of the input files

Hi, when i forward my input files (c:\data) from server A to Splunk Head at ServerB, the date format was correct for ...

by Path Finder in

Cluster info from master using REST API

Hi, In Splunk 6, I can see the peers, search heads and index names from the master GUI. I am trying to find the equiv...

by Builder in

How to extract list of hosts into a lookup and setup daily alert for any changes?

How do I extract what are all the universal forwarders (deployment clients) contacting the deployment server?I want t...

by Communicator in

Can Splunk index excel spreadsheet without converting its data into binary ?

Is it possible to index excel spreadsheet data(.xls,.xlsx)without converting data into binary . Do we need to first c...

by Explorer in

Splunk not indexing data after configuring Splunk DB Connect app

All, We configured splunk to index data from a Oracle DataBase using Splunk DB Connect App . Our database tables ...

by New Member in

TIME_PREFIX in Splunk v6.1.2 props.conf ignored at times?

C:\Program Files\Splunk\etc\system\local\props.conf contains [YYY] TIME_PREFIX = timestamp= SHOULD_LINEMERGE = fal...

by Path Finder in

Blacklist sometimes not working

I have this in my windows DC server with Universal Forwarder v 6.1.1. ..\Splunk_TA_Windows\local\inputs.conf file: ...

by New Member in

Wrong Timestamp of CSV

I've a csv file containing thousands of events, each event is only single line with date time stamp and several other...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Specify WMI input index?

XML Log Line Breaking and Timestamps

How to remove clients from a server class

Security Event whitelist regex filter

Best way to deploy new limits.conf on Windows universal forwarder?

How to use wildcards on inputs.conf to monitor specific directories?

How to get Splunk to recognize correct event timestamp from extracted log?

Indexing CSV file that changes daily

Import wildcard with sourcetypes

How to break events in XML files?

Users logged into specific workstation at a given time

Can't extract simple YYYYMMDD data to be event date...

Windows Event Log Blacklist not Blacklisting

iis log missing time_taken field

Retention index or log 90 days

Help parsing and breaking up multi-line event in props.conf

Help locating what forwarder data is coming from

timestamp format of the input files

Cluster info from master using REST API

How to extract list of hosts into a lookup and setup daily alert for any changes?

Can Splunk index excel spreadsheet without converting its data into binary ?

Splunk not indexing data after configuring Splunk DB Connect app

TIME_PREFIX in Splunk v6.1.2 props.conf ignored at times?

Blacklist sometimes not working

Wrong Timestamp of CSV

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions