Getting Data In

Ask a Question

Discussions

Thread Info

upgrade path of the Forwarders from 4.2.2 to most current.

Can I upgrade splunk forwarder 4.2.2 directly to 6.0 or do I have to upgrade to 4.3 first?

by New Member in

Each weekday's visitors broken down by hours

I can get Splunk to show me that my weekday day of fewest visitors is Saturday for the last three months. sourcet...

by Path Finder in

Windows DNS event logs

I've configured my univ fwdr on my Windows DNS server (Server 2003) to send data from the DNS Server event viewer, an...

by Explorer in

How to not index first X lines in CSV file ??

Hello, I am trying to index a CSV file that has data arranged like so: PHY_Short_CSW_CMA.csv Serial number : 36...

by Builder in

Splunk is re-indexing entire file, not just changes

I have a vendor provided log file (I have no way to change it) that has both a changing header and a changing footer....

by Path Finder in

Deployment Monitor - scheduled searches necessary?

I've seen other questions regarding the number of scheduled searches by Deployment Monitor to cause the maximum numbe...

by Builder in

Configuring nullQueue With Monitor and Sourcetype

I've seen many questions regarding dropping information from logs by sending them to a nullQueue, however this is alw...

by Explorer in

avoid duplicate indexing in splunk

I have a scheduler which logs the data to my log file every hour, the log I use in splunk. Now the problem is every t...

by New Member in

route data to indexes based on fields

I have xml data which I want to route to different indexes based on the value of "Department" field. Pasted below is ...

by New Member in

Event Breaks at line 257

Events always breaks at line 257. I have made changes to props.conf file under system/local in forwarder. But for som...

by New Member in

forward installer returns error code 1073741795 on Win2003

Hello, trying to install 32-bit forwarder (splunkforwarder-6.0.2) returns error code 1073741795 on a Windows 2003 AD-...

by New Member in

Using transforms to replace _raw data vs SEDCMD

I have a group that has Windows object access auditing turned on for the wrong things which is generating a ton of ev...

by Motivator in

Applying props on UF and transforms on the Indexer in Splunk 6

Hello I am trying to get the IIS data from windows hosts and it looks like we can apply the props.conf on the UF i...

by Motivator in

Log directly to Splunk with log4j

Hi, I'm doing some testing on how to use Splunk the best possible way. I have fallen in love with the method of using...

by Explorer in

How to reindex the file when file added new lines in the tail?

I use moniter the directory /etc to see the file content, and edit the file inputs.conf as follows: [monitor:///et...

by New Member in

licensing issues with splunk

Local server information Indexer name xxxxxx.com License expiration Apr 26, 2013 6:28:39 PM Licensed daily volume 500...

by New Member in

Setup forwarder on CentOS DHCP server to a Splunk Server

How do I setup a Universal Forwarder on a CentOS DHCP server to forward all DHCP messages written to the /var/log/mes...

by Engager in

split syslog data from multiple ip addresses into separate indexes

I have multiple linux hosts sending syslog data (port 514) and want to split the data into different indexes based on...

by New Member in

Reporting on Duplicates

Hello, So every 24 hours we run daily evaluations on computers that create numerical ratings. Our daily reports di...

by Engager in

alert_actions.conf for Exchange, no encrypted authentication

Hello, I have been provided an Exchange account, which I configured in alert_actions.conf (via web console). No ss...

by Explorer in

hex encoded unix timestamp?

Can Splunk be configured to index my events (below) that have a hex encoded unix timestamp? 4c36117c maverick aaaa...

by Splunk Employee in

Filter data out from Data Input

Hi, I have spent last 2 hours searching for this simple scenario on Splunk Answers, without any luck. Here is the...

by New Member in

Time Segregation from Timestamp

Could you please let me know how to extract the day of the week, month,date(dd), time of the day (hh:mm:ss),year from...

by Path Finder in

Adding new fields in an auto-extracted CSV.

I have had a sourcetype working fine for months which used a | as a field delimiter in a CSV file with a header. Y...

by Contributor in

Error 'Could not find all of the specified destination fields in the lookup table.'

Please save my forehead from slamming into my keyboard over this one because it's eluding me and following the docs a...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

upgrade path of the Forwarders from 4.2.2 to most current.

Each weekday's visitors broken down by hours

Windows DNS event logs

How to not index first X lines in CSV file ??

Splunk is re-indexing entire file, not just changes

Deployment Monitor - scheduled searches necessary?

Configuring nullQueue With Monitor and Sourcetype

avoid duplicate indexing in splunk

route data to indexes based on fields

Event Breaks at line 257

forward installer returns error code 1073741795 on Win2003

Using transforms to replace _raw data vs SEDCMD

Applying props on UF and transforms on the Indexer in Splunk 6

Log directly to Splunk with log4j

How to reindex the file when file added new lines in the tail?

licensing issues with splunk

Setup forwarder on CentOS DHCP server to a Splunk Server

split syslog data from multiple ip addresses into separate indexes

Reporting on Duplicates

alert_actions.conf for Exchange, no encrypted authentication

hex encoded unix timestamp?

Filter data out from Data Input

Time Segregation from Timestamp

Adding new fields in an auto-extracted CSV.

Error 'Could not find all of the specified destination fields in the lookup table.'

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions