Getting Data In

Ask a Question

Discussions

Thread Info

Timezones - what am i missing?

Hi. We have some log data where each line starts with a timestamp that looks like this: 2012-09-28 15:44:35,302...

by Path Finder in

How to check a directory is being indexed (Monitor a Directory)

Hi, I'm trying to get to grips with splunk to evaluate it for a company I work for.. I'm having trouble doing some...

by Path Finder in

How to schedule a transfer on a forwarder?

I create a forwarder on a remote site. The speed of network is limited. I need transfer the event log in middle-night...

by Engager in

Timestamp issue with Fortigate Logs

Hello, I receive Fortigate Firewall Logs via Syslog. To separte the Logs into different facilities I've enabled t...

by Explorer in

Is it possible to switch off forwarder from web?

Hi Does splunk web have an option to switch off the universal forwader that is installed on a remote machine and s...

by Path Finder in

should i define source type in splunk or props.conf at first??

I am uploading my_file.txt in splunk under sourcetype TARGET_ONE.The content of my file is Fname|Mname|Lname|age|loca...

by New Member in

Index/send logs generated while Splunk indexer is down?

When you use a syslog server like syslog-ng or the Splunk Universal Forwarder, what happens to the logs if the Splunk...

by Path Finder in

automating the missing forwarder records query

Newbie to splunk, hello everyone... I use the UniversalForwarder on a pool of windows IIS servers. Each server has...

by New Member in

How to I find my ACCESS_TOKEN for the REST API?

How to I find my ACCESS_TOKEN to use the REST API?

by New Member in

Forwarding Data From on Universal Forwarder to Another Universal Forwarder

Is it possible to forward the data from one Universal Forwarder to another Universal Forwarder ? If so can you please...

by Communicator in

what is this typos in outputs.conf ?

Hello I got a strange error as: Checking conf files for typos... Possible typo in stanza [indexAndForward] in /...

by Contributor in

Linux Splunk server and Windows Event Logs?

I am confused about using Splunk installed on a Linux OS and viewing Windows Event logs. I plan to send all of my log...

by Path Finder in

Best Practice for monitoring indexer health

Currently we ping the HTTP, SplunkTCP, and MgmtHostPorts to provide us with status of the splunk indexers. At busy ti...

by Path Finder in

Splunk lightforwarder to Index/Search server using custom sourcetype settings

My lightforwarders are working and sending event information to my index/search server but the customer sourcetypes I...

by Explorer in

DateParserVerbose - A possible timestamp match

I am using splunk 4.3.1 and have a custom sourcetype props.conf [vlf] REPORT-a=voxeo-vlf TRANSFORMS-a = voxeo-v...

by Path Finder in

Remotely Managing Data Inputs

Is there a way to remotely manage data inputs, via configuration files pushed out by a deployment server? I have p...

by Engager in

Trim an index down to 90 days and recover space

So say I have an index that's got data in it back 120 Days, and I want to delete events older than 90 days, keeping t...

by Communicator in

Trouble setting host from a hostname field in a json datastructure.

Here is our props.conf: [aristajson] TIME_PREFIX = hosttime": " MAX_TIMESTAMP_LOOKAHEAD = 22 BREAK_ONLY_BEFORE = {...

by Explorer in

Overwrites to multiple indexed fields possible in one transforms.conf stanza?

We have some syslog feeds coming directly into an indexer. While this will eventually get addressed with forwarders I...

by Motivator in

Multi Line Events "truncate"

Hi I am testing the log length with sending about two pages of data only 1 character. Lets say "b" so the data wil...

by Explorer in

How to anonymize data after indexation

Hi ! I know how to anonymize data before adding them to an index (using sed & props.conf). But how to apply this sed ...

by Engager in

json -> event -> Truncate=0

I have a sourcetype that the events are in json format. Each json event could be more the 2000 lines. I have the foll...

by Motivator in

How to capture udp logs on Windows Server and then forward it to the Indexers

Hi Need advice on the following inquires: Scenario: Currently I got a Windows Sever 2003 running and is listeni...

by New Member in

Problem configuring lookup table with external script

Have been trying to configure a lookup table with an external python script to no avail. Was trying to model it after...

by Path Finder in

How do I filter event by specifiing bytes>(1024*10), having simple calculation on the right side of the field?

Hi, I am trying to search: sourcetype=access* bytes>1024*10 But this returns event bytes less than 1024, an...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Timezones - what am i missing?

How to check a directory is being indexed (Monitor a Directory)

How to schedule a transfer on a forwarder?

Timestamp issue with Fortigate Logs

Is it possible to switch off forwarder from web?

should i define source type in splunk or props.conf at first??

Index/send logs generated while Splunk indexer is down?

automating the missing forwarder records query

How to I find my ACCESS_TOKEN for the REST API?

Forwarding Data From on Universal Forwarder to Another Universal Forwarder

what is this typos in outputs.conf ?

Linux Splunk server and Windows Event Logs?

Best Practice for monitoring indexer health

Splunk lightforwarder to Index/Search server using custom sourcetype settings

DateParserVerbose - A possible timestamp match

Remotely Managing Data Inputs

Trim an index down to 90 days and recover space

Trouble setting host from a hostname field in a json datastructure.

Overwrites to multiple indexed fields possible in one transforms.conf stanza?

Multi Line Events "truncate"

How to anonymize data after indexation

json -> event -> Truncate=0

How to capture udp logs on Windows Server and then forward it to the Indexers

Problem configuring lookup table with external script

How do I filter event by specifiing bytes>(1024*10), having simple calculation on the right side of the field?

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions