Getting Data In

Community Activity

Adding a field and changing source from Source hello I am trying to extract a field and change the value of source for apache logs. The source comes as /tmp/usr/... by theouhuios Motivator in Getting Data In 05-08-2014 0 8	0	8
Monitor Windows Service Startup Type Changes Hey, I am monitoring some Windows Event Log data and I want to see from this any events where the 'startup type' is ... by Ant1D Motivator in Getting Data In 05-08-2014 0 1	0	1
Forward data from splunk to splunk instance I have a network where I have a splunk instance that is off to the side on my network, as in: Core Splunk Instance (... by jmsiegma Path Finder in Getting Data In 05-07-2014 1 2	1	2
forwarder, syslog & blacklist I installed the splunkforwarder on a few machines, and added /var/log as a syslog source. I overlooked the fact that... by tinkster Explorer in Getting Data In 05-07-2014 0 4	0	4
Splunk on Windows Server 2012 R2 The Splunk software matrix doesn't mentioned support for Windows Server 2012 R2. What versions of Splunk and the Uni... by hornslethk Engager in Getting Data In 05-07-2014 4 17	4	17
Break Large Events into Many Small Events I've run back and forth through the props.conf documentation and done a few circuits of Answers, but I haven't found ... by willial Communicator in Getting Data In 05-07-2014 0 5	0	5
Splunk for Windows and OSSEC Okay, so here is my situation: I am running a Splunk for Window Enterprise Server along with a separate OSSEC server ... by ceichhorn Engager in Getting Data In 05-07-2014 0 4	0	4
Windows Event Logs and Splunk-Can Splunk be configured to delete event logs? Is there any capability within Splunk so it automatically deletes the Application, Security, and System Logs in Event... by sysadmin74 New Member in Getting Data In 05-07-2014 0 3	0	3
What is the recipe for creating new SSL certs for forwarding with no auth? What are the steps to setup a new CA and generate new certs for SSL forwarding with no auth: by matt Splunk Employee in Getting Data In 05-06-2014 0 4	0	4
Excluding search results ending with a $ sign I am writing a Windows Security Log search for user accounts and have the eventID I need to search for but the result... by kluey Explorer in Getting Data In 05-06-2014 0 2	0	2
Recursive monitoring of directories Hi Team, I have a folder by name Mumbai under C drive with subfolders in it. If i edit the inputs.conf file as mon... by sushma7 Path Finder in Getting Data In 05-06-2014 1 20	1	20
Help with line breaking Guys, I'm trying to index some Syslog data from some F5's. The issue I have is, Splunk seems to recognize and break ... by salles Loves-to-Learn Lots in Getting Data In 05-05-2014 0 1	0	1
Time it takes for an indexer to respond to a search request We are running searchhead pooling and have many indexers. I would like to be able to find out how long it takes for ... by rmorlen Splunk Employee in Getting Data In 05-05-2014 0 3	0	3
Line breaks per single line for IP address Hi Guys, I'm trying to break events in Splunk with a text file with just ip addresss in it and no time stamps. The f... by tbalouch Path Finder in Getting Data In 05-05-2014 0 2	0	2
DATETIME field error I am using the DB Connect app to connect to a MYSQL database and input the data from a table. the datetime fields in... by hylee Explorer in Getting Data In 05-05-2014 0 4	0	4
How do I convert time stamp from UTC to local time at index time? I have McAfee logs that contain going into Splunk and the event time is populated with the time that the event is act... by digital_alchemy Path Finder in Getting Data In 05-05-2014 0 3	0	3
ignore all static content files from indexing Hi, I tried props.conf and transforms.conf solution but it did not work. props.conf [access_combined] pulldown_ty... by safe_splunk Explorer in Getting Data In 05-05-2014 0 6	0	6
logrotate (sort of) file monitoring issue in Splunk LWF 6.0.2 we have multiple files that are being monitored ; file.1, file.2, file.3 Bob.1, Bob.2, Bob.3, Cat.1 Cat.2, Cat3. ...e... by d646800 Explorer in Getting Data In 05-04-2014 0 2	0	2
dbmon-dump not indexing my records Hello All, i am struggling with my db-dump input in loading data from db query to index. I have defined the db input ... by linu1988 Champion in Getting Data In 05-03-2014 0 1	0	1
Moving data in indexers (clustered environment) to frozen bucket Have a clustered environment of 3 indexers. Data in the indexers was used to test full architecture capability. don... by cirkit1 Explorer in Getting Data In 05-03-2014 1 1	1	1
Dynamically set index based on source file path Hi All, I have log files in directory structure like this: /var/log/data/index-a/logfile1.log /var/log/data/index-... by mahesh_ravji1 Explorer in Getting Data In 05-01-2014 0 2	0	2
monitoring php hey! i want to monitor php. at the moment i use splunk-6.0.2-196940-x64-release. so for this goal i did the followin... by jimmyfallon New Member in Getting Data In 05-01-2014 0 11	0	11
props on the indexer Hi, I should know this at this point, but want to confirm... Is a restart of the indexer required if an updated prop... by a212830 Champion in Getting Data In 05-01-2014 0 3	0	3
Display hosts that didn't have events only Hey There, I have a list of 150 servers which listed in a csv file (lookup table). Here's my current search earliest ... by Raghav2384 Motivator in Getting Data In 05-01-2014 1 6	1	6
Windows Universal Forwarder - initial configuration settings dont seem to be in *.conf When installing a UF on Windows, the installer prompts for sources to forward, including event logs or a path. I put... by bbegyperkspot Explorer in Getting Data In 04-30-2014 0 2	0	2

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest! As your trusted partner in data innovation, the ...

Getting Data In

Adding a field and changing source from Source

Monitor Windows Service Startup Type Changes

Forward data from splunk to splunk instance

forwarder, syslog & blacklist

Splunk on Windows Server 2012 R2

Break Large Events into Many Small Events

Splunk for Windows and OSSEC

Windows Event Logs and Splunk-Can Splunk be configured to delete event logs?

What is the recipe for creating new SSL certs for forwarding with no auth?

Excluding search results ending with a $ sign

Recursive monitoring of directories

Help with line breaking

Time it takes for an indexer to respond to a search request

Line breaks per single line for IP address

DATETIME field error

How do I convert time stamp from UTC to local time at index time?

ignore all static content files from indexing

logrotate (sort of) file monitoring issue in Splunk LWF 6.0.2

dbmon-dump not indexing my records

Moving data in indexers (clustered environment) to frozen bucket

Dynamically set index based on source file path

monitoring php

props on the indexer

Display hosts that didn't have events only

Windows Universal Forwarder - initial configuration settings dont seem to be in *.conf

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation