Getting Data In

Provide Splunk Cloud feedback in this confidential UX survey by June 17
for a chance to win a $200 Amazon gift card!

Start a Conversation

Discussions

Start a Conversation

Thread Info

coldToFrozenDir per index

I was running a cold to frozen script that moved the forzen files into a separate directory per index. /opt/splun...

by Path Finder in

Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers?

I have noticed that universal forwarders receiving data from a high-traffic input will fail to distribute events even...

by Splunk Employee in

Syslog from Firewall issue

I asked my Firewall admin to change the port for syslog to the Splunk indexer. He changed it from 514 to 1514. ...

by Motivator in

transforms.conf fields are visible but returns zero rows when clicked/selected

My props and transforms.conf work fine and I am able to see the fields on the GUI of search heads ( We are running sp...

by Path Finder in

Splunk server stops taking client data

Situation: I log into to splunk and find that data is not present when it should be. I log into the client machine...

by Contributor in

How much data can i index per second on a single indexer?

I've already got my single indexer spec'd to handle under 100Gigs a day and it meets the requirements. However i am g...

by Splunk Employee in

Removing Header row after outputcsv command

What are some of the methods that I can remove the header row after running the 'outputcsv' command in my search? ...

by Communicator in

Timestamp in every single line in multiline events

I've configured my splunk to recieve data from syslog via udp. The application uses a SyslogAppender in it's log4j co...

by New Member in

does scripted input need to belong to an app

Hi, I'm a splunk newbie. I want to collect data via snmp and display it on charts/graphs. Does the scripted input ...

by Champion in

Upgrade to 4.3: AttributeError: 'str' object has no attribute 'os_startIndex'

After an upgrade from 4.2.4 to 4.3 on Windows 2008 R2 Server (64bit) I get the following error after the login: 50...

by Contributor in

Applying NullQueue REGEX to ALL sources

Hi Guys - I'm trying to remove "DEBUG" messages from ALL inputs. What do I put in props.conf to apply a transform...

by Explorer in

Via CLI why did "add forward-server" work and "add search-server" failed?

Why i use "add forward-server" is work, but "add search-server" failed? [root@proxy splunkforwarder]# bin/splunk h...

by Engager in

wildcard in inputs.conf splunktcp stanza?

Hi guys, Is it possible to limit a splunk receiver via host wildcard. So curently I have in inputs.conf [splunk...

by Path Finder in

Accessing remote REST API in a search

Is it possible for Splunk to natively run a search against a remote Splunk REST API from within a search? For example...

by Path Finder in

splunk date and time variables

Hi, I have a requirement to create a dashboard view of events occuring from Friday last week to Thrusday running week...

by Explorer in

Editing props.conf after adding source?

Is there a way, in the GUI, to edit props.conf after creating a new source (and after indexing)? If not, where can I ...

by New Member in

Multiple indexes and license limits

Does data indexed in two separate indexes count twice against the license limit?

by Path Finder in

Using Splunk to forward data to third party servers

I was wondering if anyone is currently using Splunk forwarders as the means by which they receive all log data and th...

by Path Finder in

Monitor remote directory

I want to monitor a directory that resides on another machine which has a Splunk forwarder on it. There is one specif...

by Path Finder in

Disabling line breaking not working

I'm trying to index a bunch of plugin files such that each file is a single event. I've tried almost every combinatio...

by Path Finder in

Getting Data In

Discussions

coldToFrozenDir per index

Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers?

Syslog from Firewall issue

transforms.conf fields are visible but returns zero rows when clicked/selected

Splunk server stops taking client data

How much data can i index per second on a single indexer?

Removing Header row after outputcsv command

Timestamp in every single line in multiline events

does scripted input need to belong to an app

Upgrade to 4.3: AttributeError: 'str' object has no attribute 'os_startIndex'

Applying NullQueue REGEX to ALL sources

Via CLI why did "add forward-server" work and "add search-server" failed?

wildcard in inputs.conf splunktcp stanza?

Accessing remote REST API in a search

splunk date and time variables

Editing props.conf after adding source?

Multiple indexes and license limits

Using Splunk to forward data to third party servers

Monitor remote directory

Disabling line breaking not working

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >

WIndows Active Directory sourcetypes

Splunk Metrics

REST API storage/collections/config return errors

Cortex XDR Alerts into Splunk

ERROR JsonLineBreaker causes

Getting Data In

Discussions

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey.Earn $50 in Amazon cash! Full Details! >

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >