Getting Data In

Discussions

Thread Info

Filter according folders of the source filed

Hi, I would like to have the option to filter according the sub folders of the source. For example: If my source i...

by Explorer in

How do I receive events whenever someone plugs/unplugs a USB device?

What data can Splunk gather that shows if a USB is being used on a (Windows) desktop. Is that data we can collect via...

by Splunk Employee in

Exclude CSV Header from monitoring and being indexed

I'm monitoring files from a local directory on splunk , those files are CSV's files with a header that describe each ...

by Builder in

Heavy Forwarder configure to populate data to two separate indexes

We are running a heavy forwarder. We want to send the perfmon data that it is currently receiving to two separate ind...

by Communicator in

Problem with Splunk App upload

Hello together I've been trying for hours to upload a new Splunk App on Splunkbase. Unfortunately this does not wo...

by Path Finder in

How to audit REST api initiated searches?

I'm looking to audit REST API search activity and I'm unable to locate any logging of REST API initiated searches. I ...

by Champion in

Scheduler not running?

I am simply lost as to what is going on here. My splunk scheduler seems to have just stopped running. Restarting the ...

by Engager in

Splunk Newbie

I am far from being an advanced user of splunk and as a result have a question that I would imagine would be quite si...

by New Member in

Too many source files listed

I noticed that we have > 2200 sources listed (and growing) and researching the matter seems to indicate that I can us...

by Contributor in

Forwarders hosts are also being displayed as consumed data

Hi I have used the following query to find indexer host wise mb consumed in indexeing. index=_internal source...

by Motivator in

Average Time over two Timestamps

I am trying to get the average Session duration by USER_ID, but a single USER_ID can have multiple SESSION_ID. The SE...

by Communicator in

How to enable WMI data collection on a Domain Server

Hi, I've a problem with the WMI privilege on a Domain Controller running Win 2003 R2. This is what I done: Add use...

by Explorer in

Unable to extract timestamp from a CSV file

Hi All, I'm trying to extract some reports form a sample csv file. the first two lines are: BOT_ID,TECHNOLOGY,TEST...

by Engager in

Monitoring an entire folder with yesterday flagged files

Hello Splunk Experts, I have a folder that i need to monitored entirely: the folder contains a list that is repres...

by Builder in

HadoopConnect: How do I reset the HDFS input?

I have a folder in HDFS that has log files continuously being put into it. I decided to test the HadoopConnect app's ...

by Explorer in

Cannot open or write to file from custom controller

I've been experimenting with creating a custom controller for an splunk webapp we're working on. Ultimately, we want ...

by Explorer in

Minimal capabilities required for adding events via Splunk REST API

Hi, I'm trying to add events into an existing index, via the REST API (specifically, using javascript-sdk). Eve...

by Path Finder in

Powershell Scripts for Splunk for Cisco UCS not working

Hi everyone, I'm currently testing out the Splunk App for Cisco UCS on Splunkbase (http://splunk-base.splunk.com/apps...

by Communicator in

Limit Memory used by forwarder on Domain Controller

All of our Domain Controllers are VMs with limited resources. We have the UF running on them, catching Windows Event ...

by Communicator in

Whitelisting/Blacklisting files inside tgz files

I have a bunch of .tgz files that are being regularly uploaded to a directory and I'd like to only index a subset of ...

by Explorer in

Extracting event date from file path

hello all, I have a set of log files being created in a directory structure as: /data/hostname/year/month/day/logf...

by Path Finder in

discard not needed events

Hi, I am new to splunk, I only want to forward specific events to splunk (for example: failures)and discard the rest....

by New Member in

How do I get unique values in form dropdown?

I want the list in the dropdown to be unique values in a form. What do I have to put in the 'populatingSearch' ele...

by Explorer in

how do I remove a source

Ok, this is massively frustrating. I downloaded Splunk and installed it on my computer. I ran through the tutorials j...

by Path Finder in

can I pass additional source info from inputs.conf

Is it possible to pass extra info from inputs.conf? e.g. [inputs.conf] [default] host = my_host [monitor://s...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Filter according folders of the source filed

How do I receive events whenever someone plugs/unplugs a USB device?

Exclude CSV Header from monitoring and being indexed

Heavy Forwarder configure to populate data to two separate indexes

Problem with Splunk App upload

How to audit REST api initiated searches?

Scheduler not running?

Splunk Newbie

Too many source files listed

Forwarders hosts are also being displayed as consumed data

Average Time over two Timestamps

How to enable WMI data collection on a Domain Server

Unable to extract timestamp from a CSV file

Monitoring an entire folder with yesterday flagged files

HadoopConnect: How do I reset the HDFS input?

Cannot open or write to file from custom controller

Minimal capabilities required for adding events via Splunk REST API

Powershell Scripts for Splunk for Cisco UCS not working

Limit Memory used by forwarder on Domain Controller

Whitelisting/Blacklisting files inside tgz files

Extracting event date from file path

discard not needed events

How do I get unique values in form dropdown?

how do I remove a source

can I pass additional source info from inputs.conf

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions