Getting Data In

Thread Info

How do I deal w. single digit months/days in vix.input.1.et.regex?

I have directory paths that look like /year=2014/month=6/day=4/hour=1/ However, using the following regex is s...

by Path Finder in

How do I specify Ctrl-A (\x01) as a field delimiter in props.conf?

How do I specify Ctrl-A (\u0001) as a field delimiter in props.conf? I tried [xxx] FIELD_DELIMITER=\x01 [xxx] ...

by Path Finder in

Struggling to get Splunk 6.0.1 to index EPOCH time for all events

I'm struggling to get my Splunk 6.0.1 to recognise an epoch time for all events. I have specified a timestamp format ...

by Explorer in

Format Splunk Output - How to add a title line in CSV output?

Hi, I am generating a report using data from database. I have a tabular format in my CSV. Is it possible via Splun...

by New Member in

Can I have different timestamp formats using the same sourcetype?

Indexing a lot of SystemOut.log files from WebSphere I realize that all almost all log files uses the following time ...

by Contributor in

How to change auto configuration of universal forwarder?

Hi all, I was assigned to push a fix on forwarders since they are forwarding data with auto-naming on index and sourc...

by Communicator in

How to prevent sensitive key-value pair in IIS cookie data from appearing in Splunk?

Hi, I'm wondering if there is a way to prevent a sensitive key-value pair that exists in cs_Cookie from appearing ...

by Explorer in

Help with fields named EXTRA_FIELD_XX

I have a lot of fields called EXTRA_FIELD_X and I am not sure why. I have not been able to find anything on Answers o...

by Path Finder in

Has anyone installed a universal forwarder 6.1.2 on Windows OS 2008 and experienced problems?

Hi, I have Splunk 5.0.5 installed on a Windows OS 2012 I have a windows 2008 64-bit with splunkforwarder-6.1.2-...

by New Member in

Error with blacklisting 4662 events in inputs.conf

When attempting to use the following suggestion on blacklisting 4662 events, I run into an error in splunkd.log ht...

by Motivator in

How to migrate Splunk Server from version 4.2.1 on Windows 2003 32 bit to version 6.1.2 on windows 2012 64 bit?

Hi, I'm about to migrate whole splunk server from v. 4.2.1 on Windows 2003 32 bit to v.6.1.2 on Windows 2012 64 bi...

by Explorer in

Where is the Splunk logrotate file located?

Our shop has four indexers with limited storage. This is due to the fact that we wanted fast disk for quicker searchi...

by Builder in

How to get two universal forwarders running from one Linux box?

Hello, Please could anyone advice me, how I can get two instance of Universal forwarders run from one Linux Box? I...

by Explorer in

How to get Windows logs into my Splunk instance on Ubuntu?

Hello, My organization is looking into using Splunk as a central log server. I have successfully installed Splunk ...

by New Member in

When should I use Report or Transform on props.conf?

When should I use Report and when should I use Transform on the props.conf?

by Path Finder in

How to set host in inputs.conf?

I'm getting data in syslog format with the host set to localhost. I know what server this is coming from but don't ha...

by New Member in

how - metadata host by index and sourcetype recentTime

This search produces the most recent timestamp for every host for aa specific index | metadata type=hosts ind...

by Path Finder in

How to use inputlookup with csv file to import two multi value fields in a search?

Hello, I try to use inputlookup with a csv file to import two multi value fields in a search. The two fields are both...

by Communicator in

No Wineventlogs With Universal Forwarder 6.1.2 on Windows Server 2008 R2

I recently installed the newest UF on a server to test before rolling out to the rest of the environment. I am able t...

by Builder in

What is the difference between Splunk Enterprise and Universal Forwarder?

Hi All, I am a newbie to splunk. I have gone through a number of video tutorials on the net. Hi All, I would li...

by Engager in

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Hi, I have splunk reading from a farm of syslog servers. I don't control the syslog config, so I have to live with...

by Champion in

Quick Question - CPU Search Limit on Search Head or Indexer?

We are running into max concurrent searches issues, as our deployment is getting more and more used. Is the limit bas...

by Builder in

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file. However, in Window...

by Explorer in

Changes to transforms not working

I am trying to prune some noise from my logs. Here are my props.conf and transforms.conf. Any Idea what I am missing....

by New Member in

How to chart total number of each hostname that appear in 2 databases from csv files?

Hi Splunkers, I have built the following chart extracting hostnames from .csv files that have been exported from both...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How do I deal w. single digit months/days in vix.input.1.et.regex?

How do I specify Ctrl-A (\x01) as a field delimiter in props.conf?

Struggling to get Splunk 6.0.1 to index EPOCH time for all events

Format Splunk Output - How to add a title line in CSV output?

Can I have different timestamp formats using the same sourcetype?

How to change auto configuration of universal forwarder?

How to prevent sensitive key-value pair in IIS cookie data from appearing in Splunk?

Help with fields named EXTRA_FIELD_XX

Has anyone installed a universal forwarder 6.1.2 on Windows OS 2008 and experienced problems?

Error with blacklisting 4662 events in inputs.conf

How to migrate Splunk Server from version 4.2.1 on Windows 2003 32 bit to version 6.1.2 on windows 2012 64 bit?

Where is the Splunk logrotate file located?

How to get two universal forwarders running from one Linux box?

How to get Windows logs into my Splunk instance on Ubuntu?

When should I use Report or Transform on props.conf?

How to set host in inputs.conf?

how - metadata host by index and sourcetype recentTime

How to use inputlookup with csv file to import two multi value fields in a search?

No Wineventlogs With Universal Forwarder 6.1.2 on Windows Server 2008 R2

What is the difference between Splunk Enterprise and Universal Forwarder?

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Quick Question - CPU Search Limit on Search Head or Indexer?

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Changes to transforms not working

How to chart total number of each hostname that appear in 2 databases from csv files?

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

s3 - Multiple directories data to be ingested into...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions