Getting Data In

Community Activity

Forward Server Active Check Is there a way to check and see if a forward is actively forwarding? For example, at one point splunk add forward-se... by bauron Explorer in Getting Data In 02-26-2013 0 1	0	1
Excessive logging activity I see that the source file splunkd.log is logging excessively. When I look into the diagnostics, I find that my searc... by mike7860 Explorer in Getting Data In 02-25-2013 0 7	0	7
How do I know if universal forwarder has finished reading and complteted forwarding data to indexers? Hi, I have been looking for information about REST API point to know if UF has completed reading the file and sendin... by melonman Motivator in Getting Data In 02-25-2013 0 2	0	2
Extracting multiple occurrences of a field from a syslog-ng statistics message. Hi, I am trying to extract multiple occurrences of two fields from the statistics message that is generated by syslo... by brettw10 Explorer in Getting Data In 02-25-2013 0 2	0	2
Structuring nested data Hi all, I have an application that needs to write some data that may be several levels deep and I'm struggling to un... by Tim Explorer in Getting Data In 02-24-2013 0 2	0	2
To which source the _geo field belongs to?? Hi All, Please let me know to which source or sourcetype the _geo field belongs to? I want this for second search que... by shri_27 Path Finder in Getting Data In 02-23-2013 0 1	0	1
time difference issues I need to be able to calculate the time difference between two dates and everytime i try anything...it returns blank ... by testAnalysis Explorer in Getting Data In 02-22-2013 0 1	0	1
Windows Events filtering Hi All, Trying to filter on Win Sec events, dropping events that don't have particular eventids and Account Name con... by only4luca New Member in Getting Data In 02-22-2013 0 4	0	4
indexing a file uploaded with same filename Hi, scenario: a log uploader application helps in uploading logs to a directory. let it be splunkdata/timeofupload/yo... by smolcj Builder in Getting Data In 02-22-2013 0 6	0	6
Anonymize data using regex transform Hi Splunk experts, I am using regex transform to mask data in splunk. But splunk only masks first occurence of string... by vaibhavagg2006 Communicator in Getting Data In 02-22-2013 0 5	0	5
TIME_FORMAT ignored Hi, I'm trying to set timestamp recognition for a sourcetype, in order to avoid recognising timestamp in the event's... by echalex Builder in Getting Data In 02-22-2013 0 3	0	3
active directory monitoring is generating too many audit events in WinEventLog:Security I just turned on a splunk forwarder with the active directory monitoring on my AD server. Since the windows logs WinE... by yannK Splunk Employee in Getting Data In 02-21-2013 3 1	3	1
Monitor Files via UNC outside of the Domain I need to come up with a way to monitor files via UNC (I know this is not the preferred way) for ~140 servers that ar... by ShaneNewman Motivator in Getting Data In 02-21-2013 0 1	0	1
Data replication across two indexers I have currently one Splunk server who works as indexer and searcher. I want to add second server which will be a mir... by bckq Path Finder in Getting Data In 02-20-2013 0 5	0	5
App deployment in Splunk 5.0 clustering from a master node Is it possible to deploy an app from the Splunk master node /master-app/cluster/local to all the peer nodes ? by ssankeneni Communicator in Getting Data In 02-20-2013 2 4	2	4
Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection I have a requirement where in order for the remote machine to send data over the TCP connection to Splunk, it needs S... by rohitgupta New Member in Getting Data In 02-20-2013 0 1	0	1
NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start Hello, I'm new in splunk. Splunk with syslog works correct now. I try test netflow from cisco asa. I set netflow int... by popo80 New Member in Getting Data In 02-20-2013 0 1	0	1
How to force the host with syslog sourcetype This is a common issue with the syslog sourceytype. By default it behave differently from the other inputs, the host ... by yannK Splunk Employee in Getting Data In 02-20-2013 2 1	2	1
props. conf file help Using [monitor://path] Stanza i need to monitor a folder which contains binary data. When i set the props.conf as, [... by chimbudp Contributor in Getting Data In 02-20-2013 0 3	0	3
How to monitor a folder in Windows ? C:\Windows\assembly I would like to monitor assembly folder in windows. Path :- C: \Windows \assembly I have set the inputs.conf in Univ... by chimbudp Contributor in Getting Data In 02-20-2013 0 8	0	8
SEDCMD to anonymize CC data isnt working Hi, Ive been playing with the SEDCMD in my props.conf to anonymize CC data in a log. Originally I tried this: [... by doreno Explorer in Getting Data In 02-19-2013 0 11	0	11
Indexing only specific fields in an event I want to index only specific fields like error status in an event and discard the rest. How do I set splunk to do th... by pdash Path Finder in Getting Data In 02-19-2013 0 3	0	3
Inputs.Conf - Historical Logging - Chicken and the Egg? I know that you can control the Universal Forwarder to grab historical event logs from Windows using "current_only = ... by vragosta Path Finder in Getting Data In 02-19-2013 0 2	0	2
Inputs.conf $decideonstartup Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added... by dchodur Path Finder in Getting Data In 02-19-2013 1 6	1	6
To monitor a Folder in Windows Server ? I need to monitor the Assembly folder in Windows Server : [monitor://C:\Windows\assembly] index=Assembly_monitor th... by chimbudp Contributor in Getting Data In 02-19-2013 0 4	0	4

Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community, We're thrilled to share an exciting update that will help you manage your data more ...

Getting Data In

Forward Server Active Check

Excessive logging activity

How do I know if universal forwarder has finished reading and complteted forwarding data to indexers?

Extracting multiple occurrences of a field from a syslog-ng statistics message.

Structuring nested data

To which source the _geo field belongs to??

time difference issues

Windows Events filtering

indexing a file uploaded with same filename

Anonymize data using regex transform

TIME_FORMAT ignored

active directory monitoring is generating too many audit events in WinEventLog:Security

Monitor Files via UNC outside of the Domain

Data replication across two indexers

App deployment in Splunk 5.0 clustering from a master node

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

How to force the host with syslog sourcetype

props. conf file help

How to monitor a folder in Windows ? C:\Windows\assembly

SEDCMD to anonymize CC data isnt working

Indexing only specific fields in an event

Inputs.Conf - Historical Logging - Chicken and the Egg?

Inputs.conf $decideonstartup

To monitor a Folder in Windows Server ?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Access to Data Management Experience / Edge Proces...

ServiceNow Technical Add-on for CMDB Pull

Bangalore Splunk Usergroup meeting(Dec 2025)

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

Getting Data In

Join the Conversation