Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why are files in a monitored directory being skipped?

Hi all, I am using the directory monitoring feature to index files below a specific path. The stanza in inputs.con...

by Engager in

Strange issue with inputs.conf and sourcetype

Alright here is the issue. When my inputs.conf looks like this I get data in from Snort. [udp://516] connection_ho...

by Path Finder in

Strange queue name

Hello all. I'm 4 days into my splunk experience and have a problem I don't know where to begin tracking down. I h...

by New Member in

Why are the number of events indexed in Splunk less than the number of events in the monitored log file?

We are monitoring a file name X.log witch contain similar structure for events starting by a date format. The number ...

by Builder in

how to index a log file with the same name across a cluster, without a forwarder on each node?

Working with a hosting provider (Pantheon), they allow access to the access logs, but not to install a forwarder on t...

by Explorer in

How do I edit my props.conf for proper timestamp extraction?

My log sample event looks like this "id": "2015-03-02_20-10-12", "keepLog": false "id": "2015-03-19_10-26-38", "keepL...

by Path Finder in

Timestamp preview different than timestamp in search for my json

here is my props.conf [json_no_timestamp_new] INDEXED_EXTRACTIONS = json KV_MODE = json TIMESTAMP_FIELDS = timesta...

by Path Finder in

Timestamp recognition props.conf (event time using MM/DD/YYYY instead of DD/MM/YYYY

Hi, Every month 1st, I am facing the below issue. Splunk stopped indexing on 1st of every month For ex : Feb 1st it s...

by Communicator in

Indexers SSL Error on 127.0.0.1 (localhost)

04-30-2015 09:05:03.570 -0700 ERROR TcpInputProc - Error encountered for connection from src=127.0.0.1:35742. error:1...

by Builder in

How do I add the year dynamically to an event with a timestamp that doesn't have one?

I have a timestamp that needs to be fixed. It doesn't have a year in the timestamp. Example Apr 30 16:40:08. How do I...

by Explorer in

Why Cluster Peer (Indexer) takes a long time to start splunkweb when Cluster Master is down?

Why Cluster Peer (Indexer) takes long time to start splunkweb when Cluster Master is down In my test environment,...

by Splunk Employee in

What are the inputs available on SplunkCloud

I had a SplunkStorm project, and I was sending data directly with 5 different inputs. Upload small file on the web...

by Communicator in

Events in a single file are not getting evenly distributed to multiple indexers

I have a light weight forwarder pointing two indexers . I get a batch data everyday in a single file . The file size ...

by Path Finder in

Is there a REST API to get info in Splunk Web Access Controls » Authentication method » LDAP strategies » LDAP Groups ?

Hi, Is there a REST API to get info in Splunk Web Access controls » Authentication method » LDAP strategies » LDA...

by Contributor in

Questions about Splunk Queues.

Why do they become blocked? How are they related to each other? What is the hierarchy? What does it mean for a queue ...

by Splunk Employee in

Replacing "\\" with SEDCMD

I have some log data in CEF format that is using "\\" for Windows directory paths, so they look like: c:\\directo...

by Builder in

How do I edit my inputs.conf to blacklist Windows event logs with Eventcode 7036 on my Splunk 6.1.3 universal forwarder?

Hi, I'm trying to use blacklist on the Universal Forwarder to prevent unwanted events from being sent and indexed....

by New Member in

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

I'm running the free version of Splunk 6.2.2. When I attempt to delete records by sending them to Delete, I get a mes...

by Contributor in

After updating a new license key, why is the indexing volume used not showing the correct result?

Hi Team, i have changed my license key from 40GB to 65GB, but this search: index = __internal metrics kb group=...

by Explorer in

How do I get multiple sourcetypes from one source?

I have one file that I need to pull two sourcetypes from. Here are the details: i created two independent inputs.c...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why are files in a monitored directory being skipped?

Strange issue with inputs.conf and sourcetype

Strange queue name

Why are the number of events indexed in Splunk less than the number of events in the monitored log file?

how to index a log file with the same name across a cluster, without a forwarder on each node?

How do I edit my props.conf for proper timestamp extraction?

Timestamp preview different than timestamp in search for my json

Timestamp recognition props.conf (event time using MM/DD/YYYY instead of DD/MM/YYYY

Indexers SSL Error on 127.0.0.1 (localhost)

How do I add the year dynamically to an event with a timestamp that doesn't have one?

Why Cluster Peer (Indexer) takes a long time to start splunkweb when Cluster Master is down?

What are the inputs available on SplunkCloud

Events in a single file are not getting evenly distributed to multiple indexers

Is there a REST API to get info in Splunk Web Access Controls » Authentication method » LDAP strategies » LDAP Groups ?

Questions about Splunk Queues.

Replacing "\\" with SEDCMD

How do I edit my inputs.conf to blacklist Windows event logs with Eventcode 7036 on my Splunk 6.1.3 universal forwarder?

When I pipe search results into the delete command in the free version Splunk 6.2.2, why are the records still searchable?

After updating a new license key, why is the indexing volume used not showing the correct result?

How do I get multiple sourcetypes from one source?

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

How I Instrumented a Rust Application Without Knowing Rust

Splunk Community Platform Survey

May I have sample code to query Splunk data using ...

How to add metadata to UF config files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

AWS S3 Input- Ingest .csv files that are not actua...

Increased CPU on Universal Forwarder since v9