Getting Data In

Ask a Question

Discussions

Thread Info

What is the difference between Splunk Enterprise and Universal Forwarder?

Hi All, I am a newbie to splunk. I have gone through a number of video tutorials on the net. Hi All, I would li...

by Engager in

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Hi, I have splunk reading from a farm of syslog servers. I don't control the syslog config, so I have to live with...

by Champion in

Quick Question - CPU Search Limit on Search Head or Indexer?

We are running into max concurrent searches issues, as our deployment is getting more and more used. Is the limit bas...

by Builder in

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file. However, in Window...

by Explorer in

Changes to transforms not working

I am trying to prune some noise from my logs. Here are my props.conf and transforms.conf. Any Idea what I am missing....

by New Member in

How to chart total number of each hostname that appear in 2 databases from csv files?

Hi Splunkers, I have built the following chart extracting hostnames from .csv files that have been exported from both...

by Contributor in

Reload realtimeoutput.conf without restarting Splunkd

Is it possible to restart the RTO app without restarting Splunkd? We have the RTO app installed on each of our indexe...

by Explorer in

Use transforms.conf to share LINE_BREAKER and TIME_ settings for indexer?

I am working on a large set of log that Splunk will monitor for a 3rd party app which has nearly 2 dozen logs to be m...

by Explorer in

How to limit date timestamp parsing view?

I have a proxy server that is double date stamping events. This is not normally an issue, but I ran into a hydridizat...

by Path Finder in

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

Hi, I need to monitor two catalina logfiles that are in the same directory, but have different formats (and source...

by Champion in

Working with two filters for one event row

I have one drop down and one text input, I need the user to be able to by both components OR INDIVIDUAL, one optional...

by Contributor in

How to extract date from a field name in a csv file?

I'm struggling with extracting a date value from a field name in a csv file. I have a field named "Status for 2014-28...

by Builder in

How to disable a particular source temporarily?

Hi Team, One of the source throwing more logs and it is consuming more volume, so it leads to the license warning....

by Explorer in

How to setup linebreak and parse SUN IDM Server.log?

I am trying to setup a new linebreak for SUN IDM Server.log and the log outputs the following: [#|2014-07-21T11:32...

by Engager in

Is there a list of perfmon objects available to monitor for Windows using Splunk?

Hi, Is there a list somewhere that shows what perfmon objects are available to monitor for Windows, using Splunk?

by Champion in

Can you disable indexing for a heavy forwarder and use it only for parsing data?

Is it possible to disable all indexing operations in a heavy forwarder and use it exclusively for data parsing? I ...

by Engager in

Does splunk forwarder lock files when reading them?

I have a script that generates log files which are stored in an area spidered by a splunk forwarder. Whilst running m...

by Path Finder in

SNMP traps received by Splunk, send notification only if clear SNMP trap not received within 5 minutes.

All, I'm wondering if it is possible to have Splunk to monitor SNMP traps, but only to send a notification out if ...

by Engager in

Problem with network logs

I setup a data input from a network source. They are IIS logs and they reside on a networked drive. I setup the input...

by Path Finder in

How to lookup from results of another lookup

I am trying to pipe the results of one lookup to another to essentially join the data. In the search below I am tryin...

by Explorer in

How to redirect data from a forwarder to an indexer?

Dear Experts, We are currently using Splunk 6.0.1 in a clustered environment. We have our forwarders streaming data t...

by New Member in

Windows Event Log Sourcetype Overrride

I have the following on my indexer's props.conf: [source::WinEventLog:Microsoft-Windows-PrintService/Operational] ...

by Explorer in

TIME_FORMAT after overrided source type on a per-event basis

Hello, I have a file exampleFile that has two different timestamp/event formats: ~02 07 10:19:24 OIT-FO-OFR2 NS...

by Explorer in

websphere startup entries

Hi, I have a SystemOut.log from Websphere that needs to be indexed in Splunk. These logs all start with environmen...

by Champion in

reading an xml file in splunk

Hi, I have an xml file that I am being asked to import into Splunk. How would I configure this?

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What is the difference between Splunk Enterprise and Universal Forwarder?

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Quick Question - CPU Search Limit on Search Head or Indexer?

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Changes to transforms not working

How to chart total number of each hostname that appear in 2 databases from csv files?

Reload realtimeoutput.conf without restarting Splunkd

Use transforms.conf to share LINE_BREAKER and TIME_ settings for indexer?

How to limit date timestamp parsing view?

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

Working with two filters for one event row

How to extract date from a field name in a csv file?

How to disable a particular source temporarily?

How to setup linebreak and parse SUN IDM Server.log?

Is there a list of perfmon objects available to monitor for Windows using Splunk?

Can you disable indexing for a heavy forwarder and use it only for parsing data?

Does splunk forwarder lock files when reading them?

SNMP traps received by Splunk, send notification only if clear SNMP trap not received within 5 minutes.

Problem with network logs

How to lookup from results of another lookup

How to redirect data from a forwarder to an indexer?

Windows Event Log Sourcetype Overrride

TIME_FORMAT after overrided source type on a per-event basis

websphere startup entries

reading an xml file in splunk

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Ingest old security.evtx files

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions