Getting Data In

Thread Info

auto extract json

I have been researching this and came up with some odd ways of doing it, and about 40 other ways, none being the same...

by Builder in

Splunk forwarder not receiving events immediately

Hi, We are using a Splunk forwarder to forward events to Splunk indexer/Server. This is what we are doing: 1. Create ...

by New Member in

How to extract data from logfiles in XML format?

I have set up a universal forwarder to monitor my server logfile. The file is written in XML format and thus has a he...

by New Member in

How to exclude files from indexing using blacklist?

I need to blacklist files with specific letters inside the hostname like: d:\logs\xxxxxxxxxMyLog__yyyyyyyy.txt ...

by Explorer in

Routing to index from Heavy Forwarder

I have windows logs from a universal forwarder being sent to my heavy forwarder where I using props.conf and transfor...

by Path Finder in

INFO entries in the metrics.log indicate some problem with installing a deployment app on a forwarder. Any idea what it is?

In /opt/splunk/var/log/splunk/metrics.log I am seeing this type of log entry for one forwarder: 06-24-2014 13:59:3...

by Motivator in

Is it possible to send Syslog data to a forwarder instead of an indexer?

I am using Suricata IDS to send Syslog data to an indexer. However, due to some overload (and very noisy Suricata) I ...

by Explorer in

Uable to connect Splunk using php sdk

I am using Splunk PHP SDK and I am not able to login using API. $SplunkExamples_connectArguments = array( 'host' ...

by New Member in

Assigning Timestamps based on index time

I have a log file which includes only time values in the timestamp of each event: 10:41:11 (lmgrd) 10:41:11 (...

by Contributor in

splunk not receiving data from windows universal forwarder

Installed universal forwarder in windows. Checked the splunkd log and I could see the connection to server without an...

by New Member in

Extracting of SQLite

Hello i would like to extract SQLite data and pass to splunk using shell script. Anyone have any idea how to write th...

by Engager in

CSV Import with single timestamp?

All, Is there a way to force the _time field in a CSV import to a single time, as opposed to individual stamps per...

by Communicator in

Filtering out 90% log events from indexing

Hi, We are using Splunk 6.1.1 in one of our products. In two of our other products where we use splunk 6.0 and 5.4...

by Influencer in

Connection lost from a forwarder with indexer

I have 1000 forwarders sending data to 4 indexers. How do I know how many forwarder currently sending the data to the...

by Contributor in

Syslog extract browser type field

Hello, I would like to extract the browser type string to some fields from Netscaler VPX syslog. Splunk doesn´t ex...

by Engager in

Different search performance for two sourcetype

Hi, We have a splunk machine running with all the events going to one index. I noticed that for two different sour...

by Engager in

How to create a FIELDALIAS for a tagged field

I do have differnet host servers(db,php,widnows) I tagged each "host" field into "db_server" "php_server" "win_ser...

by Motivator in

collect not storing the extracted fields into new index and what is way to save all extracted fields into new index

Topic: collect not storing the extracted fields into new index and what is way to save all extracted fields into new ...

by Path Finder in

Scripted input with current time and line merge

Hi, does anyone known how to setup scripted input. For example netstat from Unix app with current time and line mergi...

by Explorer in

Forwarding between multiple forwarders then to indexer

My Splunk architecture is like this I have three data centers (DC) and one each heavy forwarder in them .In each D...

by Explorer in

Date and time issue: Why event logs have timestamps 2017 and 2018?

Hi- There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in th...

by Path Finder in

Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments?

So I seem to be having an issue with blacklists and whitelists. I've got the following configured below, but for some...

by Explorer in

How to get detailed report of installed forwarder on Windows deployment Server?

Dear All, We have installed some forwarders on windows machine and made them as deployment client and we want to k...

by Contributor in

How to use wildcards in [monitor://...] along with whitelist pattern?

This should be an easy one... This works great [monitor:///opt/tcserver/server/appname/logs] whitelist = \.log$...

by Communicator in

Splunk Forwarder v6 - verify timezone

How can I see what timezone the forwarder is using in my v6 to v6 splunk setup? I'm just curious to verify it's s...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

auto extract json

Splunk forwarder not receiving events immediately

How to extract data from logfiles in XML format?

How to exclude files from indexing using blacklist?

Routing to index from Heavy Forwarder

INFO entries in the metrics.log indicate some problem with installing a deployment app on a forwarder. Any idea what it is?

Is it possible to send Syslog data to a forwarder instead of an indexer?

Uable to connect Splunk using php sdk

Assigning Timestamps based on index time

splunk not receiving data from windows universal forwarder

Extracting of SQLite

CSV Import with single timestamp?

Filtering out 90% log events from indexing

Connection lost from a forwarder with indexer

Syslog extract browser type field

Different search performance for two sourcetype

How to create a FIELDALIAS for a tagged field

collect not storing the extracted fields into new index and what is way to save all extracted fields into new index

Scripted input with current time and line merge

Forwarding between multiple forwarders then to indexer

Date and time issue: Why event logs have timestamps 2017 and 2018?

Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments?

How to get detailed report of installed forwarder on Windows deployment Server?

How to use wildcards in [monitor://...] along with whitelist pattern?

Splunk Forwarder v6 - verify timezone

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions