Getting Data In

Discussions

Thread Info

How to change a search into a marco filter?

This is a follow up to Background exclusion The question I have now is no longer on topic with the original posted he...

by Contributor in

Issue in using same VM for Intermediate Splunk Deployment Server and forwarder

Are there any know issues in using the same machine for Splunk deployment server and Splunk Universal Forwarder ? Cur...

by Communicator in

Exchange Powershell cmdlets not accessible to Splunk for Exchange Powershell Modules?

Hi, I've installed the Splunk App for Exchange and it appears that none of the powershell modules are functioning...

by Contributor in

Windows or Linux

We are purchasing Splunk and I wanted to see if there is any advantage on using a Linux box over a Windows box or vic...

by Path Finder in

dbx running script jbridge_server.py a lot

Anyone know what this script is for and why it needs to run so often?

by Motivator in

breaking lines before a regex

We have a tcp input that is merginging lines when they come in too fast. I have (inputs) [tcp://5140] connectio...

by New Member in

Does rsyslog work well with Splunk

Does both Enterprise (supported) and free rsyslog support wildcarding? Does rsyslog work well with Splunk? Is...

by Splunk Employee in

inputs.conf -> time_before_close

Have any of you had the necessity to use time_before_close in inputs.conf. if so could you share your scenario? I am ...

by Motivator in

How to execute a saved and on demand search using REST API ?

by Path Finder in

Problem: Importing file of JSON data from Twitter results in one single event?

Hi, I'm having a problem importing JSON formatted data into Splunk. It's retrieved via the Twitter API, stored in a f...

by New Member in

Index-time extraction of multiple timestamps fields within a single event

Need to set up searching and alerting for batch-job logging. Each log line will have the following format: timesta...

by Engager in

Nagios or Net-SNMP

Hi I'll start to work with SNMP and before start i would ask your advices. We are using Splunk as an unique interface...

by Communicator in

How to debug multi-line events not working

I'm trying to determine why multiline events are not working when syslog sends the data over to my splunk indexer. Th...

by Explorer in

Transfering data from one index to another

Hello Everyone, Is there any functionality in splunk to tranfer event from one to other index source/sourcetype wise?...

by Champion in

Does Splunk REST API provide searches with cursor-like locators for the event stream?

We would like our application to pull events from a given customer's Splunk instance instead of forwarding. Forwardin...

by Explorer in

How do I Configure the Universal Forwarder to send UnCooked Data?

We have a Universal Forwarder on a Domain Controller (DC) that is forwarding all the local logs to a 4.1.7 Forwarder....

by Communicator in

Using splunk forwarder to send system/application logs to another SIEM like ArcSight

Hi Guys, We are using a third party solution to help us monitor event logs and they use ArcSight as their SIEM So...

by Contributor in

I'm trying to add Reddit as a data input, getting back only one result

I'm using this endpoint - www.reddit.com/domain/xxxx.com/.json Do I need a modhash for pulling domain data? www.reddi...

by Explorer in

setting hostname via syslog

Hi, I have a feed that is collecting data and resending it to Splunk via syslog. I'd like to extract the hostname ...

by Champion in

Split forwarding - locally indexing Splunk internal audits; forwarding system operating logs

I should probably know the answer to this, but it eludes me. The search head of my deployment also acts as the ent...

by Motivator in

Transforms.conf SOURCE_KEY Questions

I run HAProxy and grab it via a universal forwarder and send it to our receiver/indexer (all on same host). I modifie...

by Engager in

Continuous polling from remote windows server via wmi

Hi, I am evaluate splunk 5.0.3 for windows servers. How do i get continuous polling of event logs from servers thr...

by New Member in

Adding data retention to the main index

I've tried to add a 6 month retention policy to the main index. As the main index is already defined in the default i...

by Communicator in

displays multiple hostname in search result

Good day!can someone help me, i am newbie here in splunk..i just dont understand why splunk displays same hostname in...

by Explorer in

Windows Performance Counters using WMI

Has anyone come up with a solution to WMI rounding down decimal values for Windows 2003 performance monitor counters?...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to change a search into a marco filter?

Issue in using same VM for Intermediate Splunk Deployment Server and forwarder

Exchange Powershell cmdlets not accessible to Splunk for Exchange Powershell Modules?

Windows or Linux

dbx running script jbridge_server.py a lot

breaking lines before a regex

Does rsyslog work well with Splunk

inputs.conf -> time_before_close

How to execute a saved and on demand search using REST API ?

Problem: Importing file of JSON data from Twitter results in one single event?

Index-time extraction of multiple timestamps fields within a single event

Nagios or Net-SNMP

How to debug multi-line events not working

Transfering data from one index to another

Does Splunk REST API provide searches with cursor-like locators for the event stream?

How do I Configure the Universal Forwarder to send UnCooked Data?

Using splunk forwarder to send system/application logs to another SIEM like ArcSight

I'm trying to add Reddit as a data input, getting back only one result

setting hostname via syslog

Split forwarding - locally indexing Splunk internal audits; forwarding system operating logs

Transforms.conf SOURCE_KEY Questions

Continuous polling from remote windows server via wmi

Adding data retention to the main index

displays multiple hostname in search result

Windows Performance Counters using WMI

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Automatic Discovery Part 2: Setup and Best Practices

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions