Getting Data In

Thread Info

Multiline macro writing format problem

*emphasized text*i was defining a macro search writing the search each pipe in one line like: xxxx |aaa |bbb |ccc it ...

by Contributor in

TIMESTAMP QUERY

I have my log as SNM4 PGHF14LR.866F :: 04/03/13 11:46:32 :: Received file MOBIUSJ741.20130403 - 317982 bytes transfer...

by Explorer in

Need Help with Time Prefix and "|" character

I've got data that looks like this: YCTC3|YCTC3|A277537|20131013|225102|316739|E|001|TP0|THPNBAV05|10.124.130.71|...

by Communicator in

Mulitple versions of logs creating separate sourcetypes?

I have a log file that I created a transforms.conf and props.conf for specifying the log source in the props with [so...

by Explorer in

Occasional error in converting time stamps

Hi, I'm seeing a very weird behavior from splunk and wondering if anyone knows whats going on. My input is a cv...

by Path Finder in

access_combined Field Definitions

I haven't been able to find definitions of the access_combined source type fields. Does anyone know where they might ...

by Explorer in

Monitor linux host NFS I/O on local mount points

I am new to Splunk and as part of the evaluation i wanted to create a script that poled the NFS stats on one of our b...

by New Member in

Universal Forwarder and Splunk Technology Add-on for Windows questions

Does anyone know if there are any docs out there that describe the design/architecture of the Universal forwarder and...

by Explorer in

Time stamp extraction not working

I have events which start like 16OCT13 AAAB 12:59:00 JAJAS DKDJD KDD 16OCT13 AABB 13:00:00 AJAJA AKAJK AKA ...

by Contributor in

Syslog data from UDP. Maximum message size?

What's maximum message size which splunk's syslog will accept via UDP? How I can increase it?

by Engager in

Weird issue - forwarder app works on one server, but not another

Hey everyone. I have written a simple forwarding app which monitors 2 directories. I have this app deployed on 2 serv...

by Builder in

Monitor Who has made a change to a file

Hey Guys A simple one for someone out there im sure, I have a file on 3 servers that I currently monitor the chan...

by Communicator in

Events getting tagged with forwarder host name

Hi, I have several forwarders that rsyslog listens on 514 and I set it up so that certain logs go to separate file...

by Path Finder in

transforms.conf

[my_fields] REGEX = ^[[nspaces:clientip]]\s++[[nspaces:ident]]\s++[[nspaces:user_id]]\s++[[sbstring:req_time]]\s++[[q...

by Builder in

Log.cfg - reduce frequency of INFO StatusMgr messages in metrics.log due to disk space

I don't have a lot of disk space on my indexers. I know that i can reduce the amount of logging and number of metrics...

by Engager in

Parse words in a search result

Hello, I'm trying to extract data depending of one word (fail* or success*) from a field that is not always the sa...

by Explorer in

Load balancing cold buckets

Hi all, We currently have 4 indexers and 2 search heads running on VMs. We have two more physical servers on their...

by Communicator in

How to make input dependent on other inputs in a form?

How can I make a combo box dependent on another combo box in a form? The contents of the second combo box is depen...

by Explorer in

Forwarder is listed in Deployment Monitor but not in Search App

We are running Splunk 4.3.3 (in the process of upgrading but we are stuck on this version for the moment), and one Wi...

by Path Finder in

csv with headers processing

Hi, Trying (still) to get delimted files properly handled by Splunk, with automatic failed extraction. I followed ...

by Champion in

Configure Event Timestamp

Hi, I would like to know how to configure Splunk so that for each event that I'm feeding to it the system time is ...

by Path Finder in

How to modify some configurations in the input.conf of universal forwarder through deployment server

Hi all I need to make all universal forwarders to send with its own IP address to the server. I have a deployment ...

by Explorer in

Monitor Resources

Team so far , is splunk able to monitor how many types of resources ?like flat files,directory etc My requirement ...

by New Member in

Servername in local\server.conf

OK, so now I know how to deploy UF on a Citrix Golden Image: http://answers.splunk.com/answers/69715/citrix-golden-im...

by Communicator in

Windows 2008 Text File comes in as garbage

Hello, Reading in a file via inputs.confg, I have a text file I am reading in. The FIRST instances of reading in ...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Multiline macro writing format problem

TIMESTAMP QUERY

Need Help with Time Prefix and "|" character

Mulitple versions of logs creating separate sourcetypes?

Occasional error in converting time stamps

access_combined Field Definitions

Monitor linux host NFS I/O on local mount points

Universal Forwarder and Splunk Technology Add-on for Windows questions

Time stamp extraction not working

Syslog data from UDP. Maximum message size?

Weird issue - forwarder app works on one server, but not another

Monitor Who has made a change to a file

Events getting tagged with forwarder host name

transforms.conf

Log.cfg - reduce frequency of INFO StatusMgr messages in metrics.log due to disk space

Parse words in a search result

Load balancing cold buckets

How to make input dependent on other inputs in a form?

Forwarder is listed in Deployment Monitor but not in Search App

csv with headers processing

Configure Event Timestamp

How to modify some configurations in the input.conf of universal forwarder through deployment server

Monitor Resources

Servername in local\server.conf

Windows 2008 Text File comes in as garbage

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions