Getting Data In

Thread Info

DB Connect with SHP - multiple Java bridge processes?

If I'm attempting to provide a bit of redundancy / high availability for my database inputs by installing DB connect ...

by Splunk Employee in

HTTPS authenticated input source

I have some data that I can access from Web Browser (via authenticated HTTPS). The data is plain text. I would like t...

by New Member in

Timestamp not added to CSV correctly

I've set up a DBConnect database input with output.format=csvh and output.timestamp=1. When rows are read, the timest...

by SplunkTrust in

log with key value pair or transforms.conf performance diffrence?

Hi, to gain index size I made the log format as below. I didn't use key value pair. 20121101095842|192.168.1.2|...

by New Member in

help with event filtering - excluding events before indexing

I have an overload of events no one wants and are eating up our license so I did the following and it is not working....

by Communicator in

Question on monitoring file

Hi i am trying to monitor some file in var/log on ubuntu. There is 4 file (auth.log,auth.log.1,auth.log.2.gz,auth.log...

by Path Finder in

Splunk not receiving syslog messages

Hi All, I've installed Splunk on a Windows 2008R2 server and am trying to get it to receive syslog messages on the...

by Engager in

Persistent Queues and index clustering

I've recently increased queue sizes on our indexers in our index cluster manually (editing the inputs.conf on the ind...

by Path Finder in

Extraneous Space in Timestamp

I read in syslog data from a network appliance that uses space delimited fields and have been experiencing an issue i...

by Explorer in

Bad request error from C# API

I am attempting to connect to our Splunk API instance via the C# API to do a search and I am receiving a 400 Bad Requ...

by Explorer in

json in splunk is ignoring the timestamp

Hi I currently have the following json in splunk: {"first_name": "john", "last_name": "black", "timestamp": "2013-...

by Path Finder in

Whitelist not matching

I have a whitelist to limit how far back splunk looks to import our syslogs from our ASA. The regex that I am using i...

by New Member in

How to seperate different index and sourcetype?

HI, I have one Splunk server. I would like to receive data from some servers and network devices. 1 I would send F5 (...

by New Member in

Getting interesting field's data for Custom Command's Calculation

Hi everyone, I am doing a custom command for some calculation, and i needed one of the fields which I have loaded in ...

by Engager in

How would i calucate the no of days that the data is present in my indexes ??

Hi.. I have certain indexes say "myperf" and "myapp" of 60 GB Size . Now in these indexes i need to calucalte how ...

by Motivator in

Field Extraction

I am trying to extract a field from the following lines but the field extraction does not result in a Field. The samp...

by New Member in

Using Splunk Uni Fwd 6.0, on Splunk 5.0.2 Backend

Can I start deploying 6.0 Splunk Forwarders, while I plan my migration from 5.0.2 Backend ? I have some realife ca...

by Explorer in

Input First Line of File

I have the requirement of inputing only the first line of a file. The first line is of interest then the rest of the ...

by New Member in

transforming timestamps

We have JSON data coming into Splunk. When it appears in Splunk the events shows a timestamp like 10/2/13 7:07:26.00...

by Path Finder in

Ingesting file data

I have a Powershell script that is writing data about sessions for an application to a file every 5 minutes so the fi...

by Explorer in

Indexer ignoring Time_Format settings in forwarder props.conf

I have events in plain text format like this: "[Process Id:3952 Thread Id: 4152] 03/10/2013 12:44:58 GetComponentD...

by New Member in

KV_Mode Splunk 6 not Working

We have an XML log file that properly gets extracted in Splunk 5, but in Splunk 6 it doesn't properly identify the ev...

by Communicator in

How do you show sourcetype of a monitor on a Universal Forwarder 5.0.4 via CLI

I set a source override for a monitor in Splunk version 5.0.4 Example: splunk add monitor /var/log/maillog-in -source...

by Explorer in

Does a windows install of splunk know what $SPLUNK_HOME means in a config file?

Exactly what the title says. I am writing an app to set up SSL that will be deployed on windows forwarders. I am just...

by Builder in

Can i run two splunk universal forwarders on a single windows server?

Hi, I have one splunkforwader installed on my windows server which is configured by some other user, Now I want to...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

DB Connect with SHP - multiple Java bridge processes?

HTTPS authenticated input source

Timestamp not added to CSV correctly

log with key value pair or transforms.conf performance diffrence?

help with event filtering - excluding events before indexing

Question on monitoring file

Splunk not receiving syslog messages

Persistent Queues and index clustering

Extraneous Space in Timestamp

Bad request error from C# API

json in splunk is ignoring the timestamp

Whitelist not matching

How to seperate different index and sourcetype?

Getting interesting field's data for Custom Command's Calculation

How would i calucate the no of days that the data is present in my indexes ??

Field Extraction

Using Splunk Uni Fwd 6.0, on Splunk 5.0.2 Backend

Input First Line of File

transforming timestamps

Ingesting file data

Indexer ignoring Time_Format settings in forwarder props.conf

KV_Mode Splunk 6 not Working

How do you show sourcetype of a monitor on a Universal Forwarder 5.0.4 via CLI

Does a windows install of splunk know what $SPLUNK_HOME means in a config file?

Can i run two splunk universal forwarders on a single windows server?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions