Getting Data In

Ask a Question

Discussions

Thread Info

still splitting on blank line

Hi, All. I'm trying to parse trend micro logs on a windows system using a heavy forwarder. Running into issues get...

by Path Finder in

Cannot delete from command line

I recently upgraded from 4.2 to 4.3. Since then, I cannot delete from a remote command line. sourcetype="dontcare"...

by Contributor in

Specify index for windows Eventlogs in Universal Forwarder

Hi, I've installed a Universal Forwarder and it is forwarding Windows events fine to the Splunk server. Hoever,...

by New Member in

Setting sourcetype and source fields dynamically via inputs.conf

I was reading the docs for inputs.conf and noticed that there are host _regex and host _segment attributes to the mon...

by Path Finder in

Indexed CSV wont line break?

Im indexing a CSV file and i have SHOULD_LINEMERGE set to "false" so it will break after each new line. However pe...

by Splunk Employee in

Input monitor wildcard and whitelist

Hi I read all I could find in the docs and in splunkbase but I'm still struggling with that simple problem: I need...

by Engager in

REST API - How to?

I want to know the following in relation to the REST API: Can we hit endpoints on UFs and LWFs?What is the REST en...

by Splunk Employee in

Forwarding remote WMI information

I need to configure a universal forwarder to remotely collect WMI information (eventlogs) from various Windows hosts,...

by New Member in

Two timestamps, trying to index based on the second with TIME_PREFIX

I have logs with two timestamps, one in UTC, one in local. I'm trying to index based on the second, because the first...

by Communicator in

How should Splunk integrate with other operations management/monitoring tools?

We're investigating how to best help customers who are using both Splunk and other operations management/monitoring t...

by Contributor in

How-To Change Indexed Data?

v4.3.1 on sles 11.1 i have some data that was incorrectly indexed, the host name assignment got messed up. is ther...

by Contributor in

How to only forward Windows Security logs

Hi, I would like to forward only successful and failed Windows login attempts from my Windows 2008 Server to my RH...

by Explorer in

Use of Multiple Timestamps in one Index

For the purpose of this problem lets say I have one index, in this index I receive syslog events - one such event has...

by Explorer in

Issue with blacklisting service name in inputs.conf file

I have 6 directories that I'm indexing from /tom/ /linda/ /joe/ /time/ /jil/ /sue/ Each of the directories has...

by Path Finder in

Missing Windows Event Logs?

Since the Windows Event Viewer archives and generates a new log at 20MB (its maximum capacity), is there a risk that ...

by Communicator in

Indexing hostname by segment issue

v4.3.1 on sles linux i have a source which is a file in a dynamic path and the source is configured to use segment #4...

by Contributor in

After setting non-system default timezone external commands fail with error code 1 or "ImportError: No module named site"

In new 4.3 instance running on Win2008 R2, external commands (e.g. sendemail) have started failing with errors like t...

by Path Finder in

Whitelist for standard /var/log

v4.3.1 on sles 11.1 the standard whitelist for data source /var/log will produce dupe indexing because by default ...

by Contributor in

getting syslog from juniper firwall

hello i want to get data from my juniper firwall , i set a configuration of juniper and i mention the port and the...

by Path Finder in

Removing Blank/Empty events with Splunk

I have indexed a file that contains a number of blank event s with a timestamp, my goal is to remove those blank/Empt...

by Builder in

Issue with Palo Alto apps

I have an issue with the Palo Alto apps. It seems that the transforms doesn't work. I can see my Palo Alto logs in th...

by Explorer in

Where to start debugging why Splunk receiver is not getting data from universal forwarder?

From this line in the splunkd.log it appears the forwarder and receiver are connected? /opt/splunkforwarder/var/lo...

by Path Finder in

remote data inputs

hello i want to extract logs of the firewall juniper ;, so i select remote event log collectiosn i insert the ip...

by Path Finder in

Mapping syslog events with IP adresses through DHCP events

Hi, I'm indexing DHCP and Syslog events. To make it for the network administrators a lot easier when they have to ...

by Explorer in

AD Monitoring - Help?

Hi, I have just installed a splunk trial, that is monitoring AD events and Windows Security logs of the DC. My que...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

still splitting on blank line

Cannot delete from command line

Specify index for windows Eventlogs in Universal Forwarder

Setting sourcetype and source fields dynamically via inputs.conf

Indexed CSV wont line break?

Input monitor wildcard and whitelist

REST API - How to?

Forwarding remote WMI information

Two timestamps, trying to index based on the second with TIME_PREFIX

How should Splunk integrate with other operations management/monitoring tools?

How-To Change Indexed Data?

How to only forward Windows Security logs

Use of Multiple Timestamps in one Index

Issue with blacklisting service name in inputs.conf file

Missing Windows Event Logs?

Indexing hostname by segment issue

After setting non-system default timezone external commands fail with error code 1 or "ImportError: No module named site"

Whitelist for standard /var/log

getting syslog from juniper firwall

Removing Blank/Empty events with Splunk

Issue with Palo Alto apps

Where to start debugging why Splunk receiver is not getting data from universal forwarder?

remote data inputs

Mapping syslog events with IP adresses through DHCP events

AD Monitoring - Help?

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions