Getting Data In

Thread Info

Scripted input with current time and line merge

Hi, does anyone known how to setup scripted input. For example netstat from Unix app with current time and line mergi...

by Explorer in

Forwarding between multiple forwarders then to indexer

My Splunk architecture is like this I have three data centers (DC) and one each heavy forwarder in them .In each D...

by Explorer in

Date and time issue: Why event logs have timestamps 2017 and 2018?

Hi- There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in th...

by Path Finder in

Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments?

So I seem to be having an issue with blacklists and whitelists. I've got the following configured below, but for some...

by Explorer in

How to get detailed report of installed forwarder on Windows deployment Server?

Dear All, We have installed some forwarders on windows machine and made them as deployment client and we want to k...

by Contributor in

How to use wildcards in [monitor://...] along with whitelist pattern?

This should be an easy one... This works great [monitor:///opt/tcserver/server/appname/logs] whitelist = \.log$...

by Communicator in

Splunk Forwarder v6 - verify timezone

How can I see what timezone the forwarder is using in my v6 to v6 splunk setup? I'm just curious to verify it's s...

by Builder in

XML indexing using TRUNCATE and crcSalt together fails

Having a hard time getting this right, if (TRUNCATE = 0) or (crcSalt = ) are used by theselfs they work. Does inputs....

by Explorer in

Indexing data with multiple headers

Hi I got a file like this: "No.","time",Header1,Header2,...,Header128 "1","2013/10/18 14:59",Value1,Value2,...,Val...

by Communicator in

indexer configured but inactive on new Linux servers

I have been working on configuring splunk on the new Linux servers that were added to our environment. I ran into som...

by Engager in

Can Splunk Universal Forwarder be installed on EMC NAS running DART 7.1.74-5 OS?

We have EMC NAS device with specifications- EMC VNX 5500 file system NAS running DART 7.1.74-5 OS. Can a Splunk UF be...

by Explorer in

Windows Last Logon

Hi, i'm trying to make a request to get the last logon for each users in my windows infrastructure; i have a ...

by Path Finder in

Newly created logs from a currently monitored directory is not showing in Splunk

I have the below config setup in inputs.conf to monitor all logs found in /var/log directory ( e.g. messages,mailog,n...

by Path Finder in

How to calculate Average duration based on Timestamp?

My log looks something similar to this. I will have at least 100 different durations per hour. (Duration is the time ...

by Explorer in

Poking TCP Ports from Windows PowerShell

A vendor is requesting that we Poke several TCP ports and send specific text to capture application status. "Poke 808...

by Motivator in

Is there a way to limit the thruput of my forwarder?

I don't want my forwarder to consume too much bandwidth or other server resources sending out data. How can I limit t...

by Champion in

Extracting fields from JSON - Whois Add On

Hello, I am using the Whois Add On to get Whois information from ip addresses. Here is an example: index=pan* d...

by Engager in

apache access_common sourcetype not working

Hello, I have recently configured a Splunk light forwarder to monitor an apache access_log. I specified that the f...

by Path Finder in

timestamp contain T between date and time

Hi All The timestamp is in the format T , e.g: 2014-06-05T05:03:53-07:00 Is there any configu...

by Builder in

SNMP Modular Input trap issue

Hi, I'm trying to setup Splunk as a trap listener via the Modular Input for some testing. My inputs.conf looks ...

by Path Finder in

Yet more timezone excitement

I have logs with a timezone specified like: 2014 Apr 30 20:37:31:001 GMT -5 There is a space between the GMT an...

by Explorer in

Field transformation based on source

Hi All, We log data from devices belonging to different customers, they are written to our syslog server in files...

by Explorer in

kv_mode=json with combined json / textual loglines

I currently index a range of semi-structured log lines which contain a mix of textual and json data. I've recently up...

by Engager in

Disable the Universal Forwarder Clients

what is the best ways to disable the universal Forwarder Clients sending data to the indexer. I tried deploying an...

by Explorer in

Checking conf files for problems...

On Splunk start up I see: Undocumented key used in transforms.conf; stanza='anon' setting='DEST_KEY' key='raw' Please...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Scripted input with current time and line merge

Forwarding between multiple forwarders then to indexer

Date and time issue: Why event logs have timestamps 2017 and 2018?

Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments?

How to get detailed report of installed forwarder on Windows deployment Server?

How to use wildcards in [monitor://...] along with whitelist pattern?

Splunk Forwarder v6 - verify timezone

XML indexing using TRUNCATE and crcSalt together fails

Indexing data with multiple headers

indexer configured but inactive on new Linux servers

Can Splunk Universal Forwarder be installed on EMC NAS running DART 7.1.74-5 OS?

Windows Last Logon

Newly created logs from a currently monitored directory is not showing in Splunk

How to calculate Average duration based on Timestamp?

Poking TCP Ports from Windows PowerShell

Is there a way to limit the thruput of my forwarder?

Extracting fields from JSON - Whois Add On

apache access_common sourcetype not working

timestamp contain T between date and time

SNMP Modular Input trap issue

Yet more timezone excitement

Field transformation based on source

kv_mode=json with combined json / textual loglines

Disable the Universal Forwarder Clients

Checking conf files for problems...

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

AppDynamics Summer Webinars

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions