Getting Data In

Discussions

Thread Info

Wildcard for subfolders

I need to index a CSV file that gets created daily in a folder with that day's name on it. So today's path is ..long ...

by Explorer in

Importing data

Hello, I am going to set Splunk up on a test rig for work as a possible tool that might be used. If snare is insta...

by Communicator in

Getting "unclean shutdown detected" alerts and "fast recovery" prompts on splunkd start-up after 4.2 upgrade

Since I upgraded my indexer to 4.2, I very frequently see the following output on Splunk start-up : [root@splunk-i...

by Splunk Employee in

Can multiple indexers write to a single index

My question is about Splunk topology. Can multiple indexer processes write to a single physical index? Or is there...

by Path Finder in

Inputs.conf

by Motivator in

Splunk forwarder not working

Hello I couldnt see the log files indexed in splunk Could you please help and mafdetlogindexer is the index name in t...

by New Member in

Convert datetime(in user format) extracted from field to splunk understandable format

I have time logged in as the below format .... 2011-11-18T00:00:00 .... I am able to extract that tim...

by Contributor in

Parametrized universal forwarders in a distributed env.

Perhaps I'm missing out on something but I haven't found details in the Splunk documentation about how we can setup g...

by Engager in

monitoring splunk server(s)

Hi, I would like to know if there is a 'best practice' document around the topic of monitoring and alerting about a s...

by Explorer in

splunk's internal logs for indexing process

hi... I have huge amount of data to be indexed and all of them are being indexed with 1 log format (sourcetype) but s...

by Communicator in

Source type is not setup properly and field extractions are not working

I need to monitor/splunk multiple files in a directory "/app/products/xxxx/yyy/logs/" This directory has files lik...

by Path Finder in

scripted input batch script cant access files in same dir

Hi, My Windows batch script executes a bin file and uses a text file to hold the state of the last execution, all ...

by Engager in

Firewall Services Search

Need a search to list the top 25 non-http and non-https services people are connecting to through my ASA. Does anyone...

by Explorer in

Notify Splunkd about a new index after move

Hi, In my cold to frozen script I copy the bucket to another server. The second server is used to access the older...

by Path Finder in

Firewall Traffic

I need a search to show the top 25 non-http and non-https services going out of my firewall. Does anyone have a searc...

by Explorer in

Installing Splunk Light Forwarder on Linux

We have two servers. One primary server (Debian Linux) running our software and a secondary server (also Debian Linux...

by Engager in

UDP:514 and source types

I wonder if someone could please explain to me how to achieve the following - I am running Splunk 4.2.4 I have a s...

by Engager in

Routing not working as expected

I made the following edits in the to the local\props and transforms files in order to redirect all events coming from...

by Communicator in

Source rename for IIS logs on default sites

Hello, I've noticed an issue with IIS logs that are being written from sites with a default site ID such as (...\...

by Path Finder in

Removing duplicate WinEventLog data

Hi, Sorry, this is one of those "How do I remove duplicates" questions. We have a customer who is currently usi...

by Path Finder in

Should I include indexer's 3rd party cert AND private key in forwarder configuration

Hello, I am using the following documents for configuring an Indexer and Forwarder to utilize a 3rd party certific...

by Path Finder in

Splunk Forwarder

I am new to splunk, want to forward my logs by universal forwarder to specific index by CLI. Please help me out.

by New Member in

Not monitoring DEFAULT.PFL

We have a text file DEFAULT.PFL(which has just 3 lines of text) in all the below paths /usr/sap/IX4/SYS/profile /usr/...

by Path Finder in

Setting up Windows Splunk to accept universal forwarder data

My setup is a single forwarder sending logs to a Splunk server. Both machines are running Windows 2008. After editing...

by Explorer in

Getting data forwarded

How can I get the data from http://localhost:8000/en-US/app/search/flashtimeline?auto_pause=true&q=search%20host%3D%2...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Wildcard for subfolders

Importing data

Getting "unclean shutdown detected" alerts and "fast recovery" prompts on splunkd start-up after 4.2 upgrade

Can multiple indexers write to a single index

Inputs.conf

Splunk forwarder not working

Convert datetime(in user format) extracted from field to splunk understandable format

Parametrized universal forwarders in a distributed env.

monitoring splunk server(s)

splunk's internal logs for indexing process

Source type is not setup properly and field extractions are not working

scripted input batch script cant access files in same dir

Firewall Services Search

Notify Splunkd about a new index after move

Firewall Traffic

Installing Splunk Light Forwarder on Linux

UDP:514 and source types

Routing not working as expected

Source rename for IIS logs on default sites

Removing duplicate WinEventLog data

Should I include indexer's 3rd party cert AND private key in forwarder configuration

Splunk Forwarder

Not monitoring DEFAULT.PFL

Setting up Windows Splunk to accept universal forwarder data

Getting data forwarded

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions