Getting Data In

Thread Info

Applying NullQueue REGEX to ALL sources

Hi Guys - I'm trying to remove "DEBUG" messages from ALL inputs. What do I put in props.conf to apply a transform...

by Explorer in

Via CLI why did "add forward-server" work and "add search-server" failed?

Why i use "add forward-server" is work, but "add search-server" failed? [root@proxy splunkforwarder]# bin/splunk h...

by Engager in

wildcard in inputs.conf splunktcp stanza?

Hi guys, Is it possible to limit a splunk receiver via host wildcard. So curently I have in inputs.conf [splunk...

by Path Finder in

Accessing remote REST API in a search

Is it possible for Splunk to natively run a search against a remote Splunk REST API from within a search? For example...

by Path Finder in

splunk date and time variables

Hi, I have a requirement to create a dashboard view of events occuring from Friday last week to Thrusday running week...

by Explorer in

Editing props.conf after adding source?

Is there a way, in the GUI, to edit props.conf after creating a new source (and after indexing)? If not, where can I ...

by New Member in

Multiple indexes and license limits

Does data indexed in two separate indexes count twice against the license limit?

by Path Finder in

Using Splunk to forward data to third party servers

I was wondering if anyone is currently using Splunk forwarders as the means by which they receive all log data and th...

by Path Finder in

Monitor remote directory

I want to monitor a directory that resides on another machine which has a Splunk forwarder on it. There is one specif...

by Path Finder in

Disabling line breaking not working

I'm trying to index a bunch of plugin files such that each file is a single event. I've tried almost every combinatio...

by Path Finder in

Splunk won't correctly recognize timestamp

Why splunk won't correctly recognize this timestamp? 120129092233 my props.conf TIME_FORMAT=%Y%m%d%H%M%S TI...

by Path Finder in

Sending Email Alerts from Windows Splunk

I am trying to get alerting to send emails from our Windows 2008 (4.1.6 splunk) server. The email server is an open r...

by Explorer in

file and folder monitoring NOT indexing

I know many people had asked this questions, but I still can't seem to find a good way to solve this problem I hav...

by Path Finder in

External database to splunk lookupfile

I have a sql database which will update daily , How can i schedule a upload of the data from this DB to a lookupfile ...

by Path Finder in

main splunker doesn't collect forwarders

Hi. I have two linux boxes - one is full splunk with web interface. Second one is a test one, which is supposed...

by New Member in

File monitoring issues

I've set splunk to monitor a log file via data inputs and it has been going on fine till recently. When I noticed ...

by Contributor in

Break script output into top values on multi value keys

I have a script that produces output like the following: foo=abc, bar=efg, size=100 foo=abc, bar=kkk, size=102 foo...

by Engager in

Why getting the same data from multiple machines

Hello, I am new to Splunk setting up a test rig. From multiple machines they are all showing the same data(see bel...

by Communicator in

line breaking is not working

I am getting multiple line for an event 11-12-21 04:09:01 172.27.70.10 GET /OTPAuthentication/Service.asmx - 443 -...

by Builder in

NOOB - fschange setup not working

sorry for noob question, i am using splunk for 2 days... i am pulling my hair out, cant get it to work.... i have ...

by Engager in

Splunk Forwarder HA load balancing

I know that we could configure Auto-load balancing on multiple indexer. But I want to use an active standby approach...

by New Member in

Splunk removing perflib.dll?

Hello, We are in the midst of installing Splunk 4.2 universal agents across our entire enterprise. We installed i...

by Path Finder in

Forwarding FROM an INDEXER to another INDEXER

Hello, In working with Splunk on an H.A. solution, we came up with the following. We would take all events into o...

by Builder in

Missing Source data from Forwarder

Hi Group, I am new to the Splunk thing so bear with me. I have installed an indexer, configured it to look at some...

by New Member in

universal forwarder: handling server unavailability

Hello, I have an environment with many machines sending syslog (udp) to a central indexer. Since the machines are ...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Applying NullQueue REGEX to ALL sources

Via CLI why did "add forward-server" work and "add search-server" failed?

wildcard in inputs.conf splunktcp stanza?

Accessing remote REST API in a search

splunk date and time variables

Editing props.conf after adding source?

Multiple indexes and license limits

Using Splunk to forward data to third party servers

Monitor remote directory

Disabling line breaking not working

Splunk won't correctly recognize timestamp

Sending Email Alerts from Windows Splunk

file and folder monitoring NOT indexing

External database to splunk lookupfile

main splunker doesn't collect forwarders

File monitoring issues

Break script output into top values on multi value keys

Why getting the same data from multiple machines

line breaking is not working

NOOB - fschange setup not working

Splunk Forwarder HA load balancing

Splunk removing perflib.dll?

Forwarding FROM an INDEXER to another INDEXER

Missing Source data from Forwarder

universal forwarder: handling server unavailability

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions