Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Enterprise Trial + VMware app : licence quota quite exceeded : 17 550 345 400% !!!

Hello, I am quite new to splunk and installed an enterprise version for testing purpose. I also installed *nix add...

by New Member in

Why is my _TCP_ROUTING configuration not working as expected to send log files to two different Splunk instances?

Hi, I want to send my log files to two different Splunk instances, but the data is only only being sent to one of ...

by Path Finder in

Can I influence the dynamic options for filtering in pivot?

I still haven't taken to data models and pivot entirely, and now I have found another thing that annoyed me. Going...

by SplunkTrust in

Still seeing connection_host typos on universal forwarder version 6.0.5 in my custom app

I saw an answer that said this was corrected in 4.2 but I'm seeing this on 6.0.5 universal forwarder. Noticed the spe...

by Path Finder in

DB Connect 1: Why is the timezone not appearing correctly?

Hello All I have an issue with the TZ not appearing correctly. I have two different inputs coming in and both have...

by Contributor in

Why is Splunk assigning the same and wrong timestamp to thousands of indexed events?

Splunk n00b here. Our Splunk system was recently indexing the wrong timestamp. I made some alterations to props.co...

by New Member in

What is the best way to use a universal forwarder to monitor a file that overwrites itself at random periods throughout the day?

Hoping that someone has seen this before and might be able to help. I'm fairly new to SPLUNK and I am attempting t...

by New Member in

How do I disable monitoring on a server for a certain time period without stopping Splunk, but have the option to reenable monitor inputs later?

Hi, I have Splunk forwarder 6.1.x installed on my servers. Splunk monitoring (many alerts) has been set up for the...

by Contributor in

splunk is down after upgrade

hi, i had 2 splunk instance in one VM, when i tried to upgrade one of the version with ports 9000 and 7089, the other...

by Builder in

Date on first line of log - time in event - jump in 5 hours causes splunk to misinterpret timestamp

I'm trying to get logs time stamped correctly in Splunk. The format of the logs is one line per event, each line has ...

by Contributor in

Why are today's events showing as yesterday for certain events?

I have a forwarder configured to pull data from a local server as a generic single line sourcetype. The events in the...

by New Member in

How do I edit my props.conf for proper line breaking when indexing a CSV file with a large amount of quotes and newlines?

I have a csv file that's giving me a headache while trying to index it. It has 100+ columns, several of which are mak...

by Path Finder in

How to clear text input after submitting?

Hi everyone, I have created a drop-down linked with text input. I am able to search by field1, field2, field3. How...

by Explorer in

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Hi All, I have configured Splunk SSO configuration with siteminder for my application. All the siteminder configur...

by Motivator in

Why is my inputlookup search not returning all results from the CSV file?

Hello All, I have a CSV file with a single column, address, with about 1000 IP addresses below. I am attempting t...

by Engager in

Can a single universal forwarder forward data to two different indexers?

Hi I am using a Universal Forwarder, say in Machine A. It has logs at one path, say Log Path1. Now I want this For...

by Builder in

Problem Removing Leading Zeros From IP Address

Splunk is indexing a CSV file that contains an IP address and it looks something like this: "Windows 7","SSHEFFIER...

by Path Finder in

Why does Splunk ask me to restart when I create a new index?

Hi everyone, I don't understand why, but when I create a new index, Splunk needs a restart. Do you have best pr...

by Path Finder in

How to add a new sourcetype to an existing index?

Hi, Sorry if my question is repeated. I have an index with sourcetype as 'firewall' and now I want to add one m...

by Path Finder in

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Hi Splunkers, Kindly suggest any approach/steps for Syslog must Switch to another Splunk Heavy Forwarder autom...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Enterprise Trial + VMware app : licence quota quite exceeded : 17 550 345 400% !!!

Why is my _TCP_ROUTING configuration not working as expected to send log files to two different Splunk instances?

Can I influence the dynamic options for filtering in pivot?

Still seeing connection_host typos on universal forwarder version 6.0.5 in my custom app

DB Connect 1: Why is the timezone not appearing correctly?

Why is Splunk assigning the same and wrong timestamp to thousands of indexed events?

What is the best way to use a universal forwarder to monitor a file that overwrites itself at random periods throughout the day?

How do I disable monitoring on a server for a certain time period without stopping Splunk, but have the option to reenable monitor inputs later?

splunk is down after upgrade

Date on first line of log - time in event - jump in 5 hours causes splunk to misinterpret timestamp

Why are today's events showing as yesterday for certain events?

How do I edit my props.conf for proper line breaking when indexing a CSV file with a large amount of quotes and newlines?

How to clear text input after submitting?

After configuring Splunk SSO with Siteminder for my application, why are REST API commands not working in Internet Explorer?

Why is my inputlookup search not returning all results from the CSV file?

Can a single universal forwarder forward data to two different indexers?

Problem Removing Leading Zeros From IP Address

Why does Splunk ask me to restart when I create a new index?

How to add a new sourcetype to an existing index?

What are suggested approaches/steps for Syslog to switch to another heavy forwarder when primary goes down?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Bypass response format check in PersistentServerCo...

Control Tower AWS - Log Archive account access

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server

Ingest Actions error