Getting Data In

Thread Info

indexes.conf - Can multiple indexers save to same "cold" directory?

We have two indexers and a single search head: Splunk1 Splunk2 Splunkweb Both Splunk1 and Splunk2 have their own i...

by Path Finder in

Heartbeat for forwarder

Hi, I am trying to setup a heartbeat to know if our Splunk forwarders are working fine. From this forum, I found I...

by Path Finder in

listdown the sourcetype from the index

Hi all i used the below code..to list down the sourcetype of the main indx in the dropdown .. sources ...

by Communicator in

Indexing issues

Hey, I have a 16-core windows 2003 server running Splunk v4.3.1 which is used for both searching and indexing. On ...

by Motivator in

Some Single Line Messages Are Merged into a Single Event

I'm working with data that looks like this: QA4 :: 1354371771 :: 020_grid_progress :: M020_grid_progress :: a...

by New Member in

Delete a record conditional

How can I delete the older UPDATE_TIME record(record2). UNIQUE_ID, UPDATE_TIME・・・・・・ record1: 10001,2012/12/01,・・・...

by New Member in

Why are so many files being tracked because of this one monitor?

Copying everything exactly how it appears... I have this in my inputs.conf: [monitor:///opt/firewalker/data/*/*...

by Communicator in

suppression of event content

Is is possible to suppress the display of selective content (already indexed) within an event in the search results? ...

by Explorer in

Net-SNMP help needed

Hi everyone. can someone please tell me what net-SNMP does? am i correct in thinking it just writes out to a logfile ...

by Explorer in

log file type

Hi all , can anyone tell me wt is the type of the log file for the below given logs 2011-12-17 00:03:54,415 IN...

by Communicator in

Want to import Excel data in SPLUNK

Is it possible to import Excel data into SPLUNK, If yes, kindly let me know the procedure Your help is required i...

by Contributor in

nullQueue transformation behavior in a multiline event

I am indexing a series of files where each file is a single, multiline event. Each file has series of pound sign pref...

by Explorer in

Cisco syslog and data availability

With data availability and failover in mind, what would be the splunk best practise to ensure that Cisco network sysl...

by New Member in

How to get Cisco App working

I've installed the Cisco Firewalls app. My colleague has pointed the firewall to the splunk server:port. There is no ...

by New Member in

Splunk Development Environment (Best Practices)

Hey Guys, Trying to brainstorm on ways to create a development environment for my production splunk instance. ...

by Contributor in

Configuring Splunk with a Snare/ Windows Security Log Sourcetype

Ok, so for reasons beyond this discussion we are unable to use the universal forwarder. So, we have decided to bring ...

by Path Finder in

make indexer easy accessable

Hi, people often don't like it to use "index=...". I've tried to make logs easy accessable for them by using macro...

by Communicator in

Confused about the data

I've enabled Forwarding & Receiving to accept input from the Universal Forwarder that I installed on my servers. Usin...

by New Member in

How to extract the correct timestamp from a SAS log

Hi. I have an audit log from SAS SPDServer, where they use their internal time format, this looks like an epoch fo...

by Contributor in

Data import in SPLUNK

Hi, I have a Digital Guardian( DG) Tool installed in around 10 systems to prevent the data leakage, DG tool genera...

by Contributor in

Getting an error in checking authentication.conf

We are getting the following error on one of our Search Heads. Splunk ver = 4.2.3 This happens when we run the "splun...

by Communicator in

Forwarder only sends Error

Hi, I'm new to Splunk, only started evaluating it for a few days. I'm using the SplunkForwarder to monitor a lo...

by Explorer in

High availability setup - daily indexed volume

We have a set-up where all of the forwarders send data to indexer A and indexer A forwards this on to indexer B, henc...

by New Member in

Changing host for syslog

Hi, I have syslog messages coming in from thousands of servers, and I'm using splunk to index those messages. The ...

by Champion in

After upgrading to Splunk 5, hostname field is incorrectly extracted

Hello, I've been running Splunk 4 for about 2 years now, and I've been feeding it using syslog-ng to aggregate an...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

indexes.conf - Can multiple indexers save to same "cold" directory?

Heartbeat for forwarder

listdown the sourcetype from the index

Indexing issues

Some Single Line Messages Are Merged into a Single Event

Delete a record conditional

Why are so many files being tracked because of this one monitor?

suppression of event content

Net-SNMP help needed

log file type

Want to import Excel data in SPLUNK

nullQueue transformation behavior in a multiline event

Cisco syslog and data availability

How to get Cisco App working

Splunk Development Environment (Best Practices)

Configuring Splunk with a Snare/ Windows Security Log Sourcetype

make indexer easy accessable

Confused about the data

How to extract the correct timestamp from a SAS log

Data import in SPLUNK

Getting an error in checking authentication.conf

Forwarder only sends Error

High availability setup - daily indexed volume

Changing host for syslog

After upgrading to Splunk 5, hostname field is incorrectly extracted

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

ESXi and vSphere logs

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions