Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | Hi guys, I'm having trouble configuring my splunk. Indeed, i try to set sourcetype based on regex but, nothing work... by cdherbigny New Member in Getting Data In 02-17-2014 0 1 | 0 | 1 | |
| | I have an xml file that I've tried to index but have had a very difficult time with it. I just want a new event made ... by sdorich Communicator in Getting Data In 02-17-2014 1 4 | 1 | 4 | |
| | I'd like to parse some data provided by syslog. The format is: date host service: key1=value1 key2=value2 key3=value... by Unister Explorer in Getting Data In 02-17-2014 0 2 | 0 | 2 | |
| | Hi, I have an input file in the format as follows; 1|{json_data} 1|{more_json_data} 2|aa|bb|cc 3|11|aa|bb|dd Th... by tt1 Explorer in Getting Data In 02-17-2014 0 2 | 0 | 2 | |
| | Windows event log, I want to index only part of the message exemple LogName=Security SourceName=Microsoft Windows... by mrain7 New Member in Getting Data In 02-16-2014 0 5 | 0 | 5 | |
| | Does anyone know how to remove the generic Host-001, ACME-001, etc that shows up in the indexed data? I think this is... by jviteka Explorer in Getting Data In 02-16-2014 0 9 | 0 | 9 | |
| | I have the export of an open ldap directory, in ldif format. I need to have this data indexed and somehow pivoted. I... by abuschel New Member in Getting Data In 02-16-2014 0 1 | 0 | 1 | |
| | I just installed Windows v5.0.2 I have an error on restart from the command line. "Possible typo in stanza [ui] in %S... by mad4wknds Path Finder in Getting Data In 02-16-2014 0 1 | 0 | 1 | |
| | Hi, I have a Splunk forwarder sending data to my prod box and i see a need to build a new dev server for testing/res... by nikhilmehra79 Path Finder in Getting Data In 02-14-2014 0 5 | 0 | 5 | |
 | I have searched for hours on this and can't seem to find a way to do it. I have a .csv file being read in with input... by EricLloyd79 Builder in Getting Data In 02-14-2014 0 3 | 0 | 3 | |
| | I've just installed the Universal Forwarder on Windows using the MSI. During installation, I told it to only monitor ... by ajmorris Engager in Getting Data In 02-14-2014 0 2 | 0 | 2 | |
| | I tried to modify the configuration through props.conf. After modification I tried to make the changes effective by r... by reynold_kwok New Member in Getting Data In 02-14-2014 0 1 | 0 | 1 | |
| | I'm very new to Splunk, so if this is a over simple question please bear with me. I need to find the mac addresses f... by Celeste Engager in Getting Data In 02-13-2014 0 3 | 0 | 3 | |
| | Can the forwarder be installed on server core edition of Windows? Is thee any issues? by jmp13 Explorer in Getting Data In 02-13-2014 2 2 | 2 | 2 | |
| | I can't seem to get Splunk to injest IIS 8.0 logfiles. I've installed a universal forwarder on a Windows Server 2012... by groundLoop New Member in Getting Data In 02-13-2014 0 2 | 0 | 2 | |
| | We have a system, Splunk 4.2.1 (build 98164), that scans a directory to read in CSV files, which include comma-delimi... by scaster New Member in Getting Data In 02-13-2014 0 1 | 0 | 1 | |
| | I have a CSV file that has the following header: ColumnName1, ColumnName2, Date1, Date2, Date3, Date4, Date5, Date6,... by Moogz Splunk Employee  in Getting Data In 02-13-2014 0 1 | 0 | 1 | |
| | I want splunk to start indexing my log file only after it encountered a specific string/regex. Everything before tha... by KidCrippler Engager in Getting Data In 02-13-2014 1 1 | 1 | 1 | |
| | Splunk 5.0.3 I am using the default iis sourcetype for IIS logs, and got iis-2 type created. I added a new field on... by yuvalba Path Finder in Getting Data In 02-13-2014 0 3 | 0 | 3 | |
| | Is there a way to strip the header from a data input? This is coming from a universal forwarder example this is ga... by jhallman Explorer in Getting Data In 02-13-2014 0 2 | 0 | 2 | |
| | I have been running the latest Splunk 4.1.1 and have been unsuccessful at getting the auto header extraction to work ... by Justin Path Finder in Getting Data In 02-13-2014 1 7 | 1 | 7 | |
| | Hello, I'm having trouble importing Fortinet log CSV file delimited with double quotes and seperated by comma. The h... by davem1984 New Member in Getting Data In 02-13-2014 0 2 | 0 | 2 | |
| | Hi, I'm trying to not have in my events the header of a txt file separated by tab (I suppose it's at index time), af... by emaccaferri Communicator in Getting Data In 02-13-2014 0 3 | 0 | 3 | |
| | All, I have been following this documentation; http://docs.splunk.com/Documentation/Splunk/6.0/Data/Extractfieldsfro... by mcrawford44 Communicator in Getting Data In 02-13-2014 1 5 | 1 | 5 | |
| | Hi, I want to index a csv file, the data looks like "ID","Name","hiredate" "1","John","01-12-2014" "2","Bob","01-12... by surendrarhi New Member in Getting Data In 02-13-2014 0 1 | 0 | 1 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Top Labels
-
add-on
1 -
administration
13 -
blacklist
92 -
configuration
32 -
CSV
208 -
data
485 -
development
5 -
eval
2 -
field extraction
560 -
fields
5 -
forwarder
1 -
forwarder management
3 -
heavy
1 -
heavy forwarder
950 -
host
158 -
HTTP Event Collector
440 -
index
540 -
indexer
707 -
indexing performance
1 -
inputs.conf
833 -
installation
5 -
intermediate forwarder
143 -
introduction
3 -
JSON
393 -
kvstore
1 -
Linux
456 -
login
1 -
Mac
30 -
metadata
1 -
metrics
2 -
modular input
191 -
monitor
310 -
monitoring console
1 -
other
55 -
proactive Splunk component monitoring
2 -
props.conf
982 -
regex
5 -
saved search
2 -
scripted input
244 -
search
1 -
search head
2 -
source
291 -
sourcetype
494 -
Splunk Enterprise
1 -
Splunk Investigate
1 -
splunk-assist
2 -
subsearch
1 -
syslog
319 -
time
204 -
transforms.conf
579 -
troubleshooting
15 -
universal forwarder
1,556 -
using Enterprise Security
3 -
using Splunk Cloud
4 -
using Splunk Enterprise
16 -
whitelist
60 -
Windows
589 -
XML
91
- « Previous
- Next »
Get Updates on the Splunk Community!
Splunk MCP & Agentic AI: Machine Data Without Limits
Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...
Finding Based Detections General Availability
Overview
We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...
Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience
Hands-On Learning and Technical Seminars
Sometimes, you just need to see the code. For those looking for a ...
