Getting Data In

Community Activity

Questions about CentOS rsyslog and Splunk configuration I have a dedicated syslog server running on CentOS6 (rsyslog) which gathers all logs from other servers/devices (stor... by InteractM Explorer in Getting Data In 09-09-2013 1 4	1	4
Windows EventLog details - Exchange Management Log In Server 2008 and above the Windows Event Log has a general tab and a details tab. Splunk is great at polling and in... by pcjunkie Explorer in Getting Data In 09-09-2013 1 3	1	3
Send filtered data to syslog and not index it How to send filtered system log errors only to syslog and NOT index that data? My current configuration send to sysl... by cloud_cloud Explorer in Getting Data In 09-09-2013 0 3	0	3
Timestamps for two different field Hi, I met one log file that have two timestamps on different field. The first one is the exported time by program o... by johnwyane New Member in Getting Data In 09-09-2013 0 3	0	3
Key/Value pairs from json are not showing up as fields We have the events in the below format and i was thinking i would see the fields without any extraction. But that did... by xvxt006 Contributor in Getting Data In 09-09-2013 0 3	0	3
Times Unchanged For Newly Indexed Data After Time Zone Config Changes I am using splunk-5.0.4-172409-x64 for Windows and can't get the time zone to offset from GMT to CDT. I have changed ... by mj9999 New Member in Getting Data In 09-08-2013 0 4	0	4
Splunk stopped receiving forwarder connections Hey, Just wondered if anyone has seen this issue in their environment? I noticed, by chance, that our license usage... by MHibbin Influencer in Getting Data In 09-08-2013 0 2	0	2
How to add hosts to splunk server Hi, I have installed splunk in centos and it is working fine. And i have installed the universal forwarder in anothe... by wanted819 Engager in Getting Data In 09-08-2013 0 1	0	1
Starting splunk forwarder at boot Here is the situation We have a splunk forwarder installed (from rpm), but never started in an Amazon AMIWhat we wan... by amanteja Path Finder in Getting Data In 09-07-2013 1 1	1	1
How do I match a specific set of numbers in transforms.conf? I have this in transforms.conf to match a specific subset of syslog events I'm interested in. [setparsing] REGEX = ... by mark_law Engager in Getting Data In 09-06-2013 0 2	0	2
TZ Settings I have systems that forward logs via syslog-ng to my splunk server. Systems are in different TZ's mix of EDT and GMT ... by trumpjk Explorer in Getting Data In 09-06-2013 0 1	0	1
Complex Search causes Script Alert Action to not fire Hi All, I ran into an issue where certain searches seem to caused scripted alert actions to fail. In trying to figu... by richnavis Contributor in Getting Data In 09-06-2013 0 5	0	5
Field in Space Delimited Logging Source Offsetting Field Extractions Hello, I have an issue in which my searches are suddenly offset by one field. In other words, the Action field now c... by wbordeau Explorer in Getting Data In 09-06-2013 0 2	0	2
How to Forward Splunk WMIEventLog:Security to syslog_ng with backend MYSQL I am new to Splunk and am attempting to forward Splunk WMIEventLog:Security to syslog_ng with a backend MYSQL. This ... by smile_4u_2 New Member in Getting Data In 09-06-2013 0 2	0	2
"Export results..." output blank when using inputlookup If I perform a search for: index=myindex \| table field1, field2, field3 and then use the "Actions" menu to "Export... by rtadams89 Contributor in Getting Data In 09-06-2013 1 4	1	4
Forwarding selected events from Indexer to thrid-party application Hi, in our system we have same universal forwarders, one indexer and a third-party system that expect only events in ... by tobiasvollrath Explorer in Getting Data In 09-06-2013 1 2	1	2
How to handle a csv with field name only consist of numbers Hi All, I have a csv looks like below Name, Description, 1960,1961,1962,1963,1964,....,2013 test, testdescription, ... by dennisj Engager in Getting Data In 09-06-2013 0 2	0	2
Forwarding indexed data I know that there has been many variations of this question asked but I cannot seem to find the one that suites me. ... by freeborn Explorer in Getting Data In 09-05-2013 0 3	0	3
Timestamp Problem My data is formatted in a CSV file with only two kinds of data: "Time: 7/4/2012, 213" The columns are the date of a... by ctmoses New Member in Getting Data In 09-05-2013 0 1	0	1
Importing CSV File I'm setting up a CSV file for import and analysis, and when I do I get the following error: SyntaxError: Unexpected... by timhegwood Engager in Getting Data In 09-05-2013 1 2	1	2
TIME_FORMAT Ignoring Milliseconds I'm having problems getting Splunk (through data preview) from correctly parsing the following timestamp: 2013.08.14... by llow Explorer in Getting Data In 09-04-2013 1 3	1	3
Sourcetype not changing for windows application logs I have a universal forwarder sending the application logs for a windows 2003 server we have that only runs one applic... by jericksonpf Path Finder in Getting Data In 09-04-2013 0 5	0	5
Help deleting data input via REST API Please I am successfully utilizing the Splunk API through .Net and using GET, POST, and DELETE for many actions and all are ... by sloaniebaloney Engager in Getting Data In 09-04-2013 0 1	0	1
datetime.xml problem with a word "hour" I have a non - standard, Adobe / Omniture log standard timestamp that I want to extract. The value after the word Ho... by davecroto Splunk Employee in Getting Data In 09-04-2013 0 5	0	5
Can't get UF to translate cooked to plain old syslog I'm trying to use splunkforwarder-4.2.2-101277-linux-2.6-x86_64.rpm as an aggregator and translator for a bunch of Sp... by nisse Explorer in Getting Data In 09-04-2013 0 2	0	2

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest! As your trusted partner in data innovation, the ...

Getting Data In

Questions about CentOS rsyslog and Splunk configuration

Windows EventLog details - Exchange Management Log

Send filtered data to syslog and not index it

Timestamps for two different field

Key/Value pairs from json are not showing up as fields

Times Unchanged For Newly Indexed Data After Time Zone Config Changes

Splunk stopped receiving forwarder connections

How to add hosts to splunk server

Starting splunk forwarder at boot

How do I match a specific set of numbers in transforms.conf?

TZ Settings

Complex Search causes Script Alert Action to not fire

Field in Space Delimited Logging Source Offsetting Field Extractions

How to Forward Splunk WMIEventLog:Security to syslog_ng with backend MYSQL

"Export results..." output blank when using inputlookup

Forwarding selected events from Indexer to thrid-party application

How to handle a csv with field name only consist of numbers

Forwarding indexed data

Timestamp Problem

Importing CSV File

TIME_FORMAT Ignoring Milliseconds

Sourcetype not changing for windows application logs

Help deleting data input via REST API Please

datetime.xml problem with a word "hour"

Can't get UF to translate cooked to plain old syslog

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation