Getting Data In

Discussions

Thread Info

Spath queries return no results. How to troubleshoot?

I have a Json formatted log. Splunk shows my fields just fine. If I click one of my fields to filter by that field, S...

by Explorer in

How to delete some indexed data and free up disk space?

Hi There, We have an index which is approx. 250GB in size. After change in requirements we no longer require appro...

by Explorer in

How to run a search of data in one index and update data in another index if the certain parameters are met

I would like to run a search of data in one index and update data in another index if the certain parameters are met....

by Explorer in

Delete the data after indexing

lets say daily I recieve 5 files, and I am indexing 5 files and running my query to generate the report. Now, my requ...

by Contributor in

If a text file indexed in Splunk is completely replaced every 15 minutes, how to delete the old data from the index without restarting Splunk?

Hi, I'am working with a text file indexed in Splunk. Every 15 minutes this file is completely replaced. At this mo...

by New Member in

monitoring TCP input status remotely

Hi, is there anything pokeable from a load balancer over TCP to validate the availability of a TCP data input? I c...

by Path Finder in

Timestamp issues

I have a timestamp that is not coming incorrectly. Splunk is reading the seconds portion of time in my event as minut...

by New Member in

microseconds in time range of search

Hi, i have events with microseconds in timestamp, for example 2013-02-13:22:09:43.687263. I see that in custom time s...

by Path Finder in

JSON, TCP Input and _meta

Hi! I'm sending a JSON document to a TCP Data Input on my Splunk server. I noticed the magical field _time that a...

by Explorer in

Why am I getting cooked mode v3 data testing TCP input on Universal Forwarder?

I'm not exactly sure what is going on but when I installed universal forwarder and the receiver my splunk is getting ...

by Explorer in

Is it possible to configure a forwarder to run a Powershell script to collect data at a certain time rather than setting an interval?

In Inputs.conf you can set an interval that a powershell script runs to collect data... but can you somehow set the f...

by Explorer in

How do you filter windows event log?

Hi, when I do the filtering windows log, I use the main program 6.1.4 then changed forwarder license, so Windows AD (...

by Path Finder in

Why am I getting unexpected behavior specifying files as data inputs versus directories?

I am not getting expected behavior when specifying inputs. All my logs are in a folder called "/syslog/" 1.3M -...

by Explorer in

Define python binary for universal forwarder 5.0.5?

I'm working in an environment where we have the universal forwarder (5.0.5 - old I know) installed on all our systems...

by Explorer in

Why does Splunk forwarder not report on any default monitored directories?

I noticed that a new install of splunkforwarder automatically monitors the following directories: Monitored Direct...

by Path Finder in

Non-matching timestamps and wrong breaks on timestamp

I have a log file with a timestamp at the beginning of an event in the format YYYY-MM-DD HH:MM:SS.mmm. The automatic ...

by Path Finder in

What happens when a log file gets renamed and later compressed?

Hi, I've looked though similar questions about log rotation and also the most related documentation topic here htt...

by Path Finder in

"DateParserVerbose - Failed to parse timestamp" Error: Can TIME_FORMAT accept multiple formats?

I am getting these errors, even though i think i have the timestamp parsed correctly based on other splunk answers. ...

by Contributor in

How to convert time format of 2014-10-22 15:32:00 to 10/22/2014 15:32:00

by New Member in

Can SSL configuration be applied on Splunk Universal Forwarders?

Can SSL configuration be applied on Splunk Universal Forwarders? My understanding is that it was only available on Sp...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Spath queries return no results. How to troubleshoot?

How to delete some indexed data and free up disk space?

How to run a search of data in one index and update data in another index if the certain parameters are met

Delete the data after indexing

If a text file indexed in Splunk is completely replaced every 15 minutes, how to delete the old data from the index without restarting Splunk?

monitoring TCP input status remotely

Timestamp issues

microseconds in time range of search

JSON, TCP Input and _meta

Why am I getting cooked mode v3 data testing TCP input on Universal Forwarder?

Is it possible to configure a forwarder to run a Powershell script to collect data at a certain time rather than setting an interval?

How do you filter windows event log?

Why am I getting unexpected behavior specifying files as data inputs versus directories?

Define python binary for universal forwarder 5.0.5?

Why does Splunk forwarder not report on any default monitored directories?

Non-matching timestamps and wrong breaks on timestamp

What happens when a log file gets renamed and later compressed?

"DateParserVerbose - Failed to parse timestamp" Error: Can TIME_FORMAT accept multiple formats?

How to convert time format of 2014-10-22 15:32:00 to 10/22/2014 15:32:00

Can SSL configuration be applied on Splunk Universal Forwarders?

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...

Connection error with Splunk HEC data input?