Getting Data In

Discussions

Thread Info

HF having "Ingestion Latency" & "Large and Archive File Reader" & "Real-time Reader" issues

Hi Splunkers, I'm trying to troubleshoot an issue with Splunk that I'm facing:I have a Splunk heavy forwarder sett...

by Path Finder in

How to get stackname as a field in Splunk Cloud logs?

Hi we are using aws cloud to run and maintain our infrastructure. So now we are using splunk indexer in log configura...

by Loves-to-Learn in

Why do I have data ingestion issues on newly setup standalone server?

I installed Splunk standalone with https://splunk.github.io/splunk-ansible/Version 9.0.4 on Ubuntu jammy 22.04.2 I...

by Explorer in

HF third party forwarding plus events whitelisting

Hi Splunkers, my colleague and I are going to perform, this week, a change to forward data from Splunk HF to a thir...

by Contributor in

ERROR TcpOutputFd - Read error. Connection reset by peer : splunkforwarder

Hi , I am pretty much new to Splunk. I want to forward audit.log of one of my Linux servers to view in Splunk Web....

by New Member in

How to resolve Host metadata override?

Hi all, I'm trying to do something that seems pretty easy conceptually. I'm ingesting a .txt report into Splunk ...

by Loves-to-Learn Everything in

Azure connection concern

Hi I know there are many splunk add on's available to collect azure monitor metrics which collects the logs using ...

by Path Finder in

How to route a monitor input to specific indexer?

I have a Syslog collector receiving logs from multiple Syslog devices and writing them in a directory-structured log ...

by Explorer in

Why does FIELDALIAS work or doesn't depending on the name of the definition?

I have a field extracted with transforms called Parent_Process. I set up a field alias Parent_Process as parent_pr...

by SplunkTrust in

How to create an eval for a field if it does not exist?

I am in the process of normalizing data, so I can apply it to a data model. One of the fields which is having issues ...

by Path Finder in

Why is sourcetype defined as host in Splunk Cloud?

I created a inputs.conf on my deployment server and noticed that my logs were coming in as my sourcetype instead of m...

by Explorer in

How to extract multiline cell value in a CSV into an individual field for an event?

Hi All, I'm having issues with ingesting my CSV files properly into Splunk and did not come across any current Q&A...

by Path Finder in

How to collect data from “serverless” devices?

How can I collect data from “serverless” devices?

by Motivator in

Why Return items not present in a subsearch?

Given the simple scenario: I have users in a platform that have actions, I want to return all the users that haven...

by Loves-to-Learn in

Does the length of metadata fields and its value, host, source, and sourcetype count against license consumption?

Does the length of metadata fields and its value such as time, host, source and sourcetype count against license cons...

by Motivator in

Should we send ASA logs to 2 universal forwarders?

I am wondering if it makes sense to send logs from a network device to 2 separate machines that have universal forwar...

by Explorer in

Why won't Splunk forwarder send data after update?

Hello!When I updated my Splunk Universal Forwarder, my data stopped sending data into Splunk.I do not know how to fin...

by Path Finder in

Why isn't timestamp extraction showing milliseconds?

Hi, I managed to make the time format from Epoch to human readable but I can't really get the millisecond out. Exa...

by Path Finder in

Splunk account

Hi, we are using Splunk from long time but we don't have support account to get help from Splunk like to raise issue ...

by Explorer in

Why am I unable to get TA-metricator-for-nmonr working for VIOS?

Hi, We have installed the Splunk Universal forwarder on a VIOS server and pushed the TA-metricator-for-nmon. Howev...

by Path Finder in

How can Trellix/Epo on a windows server send data to indexers or HF?

As stated by the Title We have a test env for learning but at some point it will be a larger production deployment...

by Path Finder in

Can I configure Heavy Forwards to Reject Events older than a certain age?

I should clarify I am not talking about the "ignoreOlderThan" setting which by my understanding only looks at the fil...

by Contributor in

How to set custom user provided timestamp as the Splunk timestamp while logging to Splunk?

I have a use case in which our user sends us logs in batches in which each individual logs have their own timestamp(w...

by Loves-to-Learn in

Can accelerated data models work with summarized data?

Can accelerated data models handle pre-summarized data accurately? Take authentication messages for example. Most a...

by Builder in

Dropdown List

Based on the value from one dropdownlist i am hiding other drop downlist.(based on condition doing unset the token of...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

HF having "Ingestion Latency" & "Large and Archive File Reader" & "Real-time Reader" issues

How to get stackname as a field in Splunk Cloud logs?

Why do I have data ingestion issues on newly setup standalone server?

HF third party forwarding plus events whitelisting

ERROR TcpOutputFd - Read error. Connection reset by peer : splunkforwarder

How to resolve Host metadata override?

Azure connection concern

How to route a monitor input to specific indexer?

Why does FIELDALIAS work or doesn't depending on the name of the definition?

How to create an eval for a field if it does not exist?

Why is sourcetype defined as host in Splunk Cloud?

How to extract multiline cell value in a CSV into an individual field for an event?

How to collect data from “serverless” devices?

Why Return items not present in a subsearch?

Does the length of metadata fields and its value, host, source, and sourcetype count against license consumption?

Should we send ASA logs to 2 universal forwarders?

Why won't Splunk forwarder send data after update?

Why isn't timestamp extraction showing milliseconds?

Splunk account

Why am I unable to get TA-metricator-for-nmonr working for VIOS?

How can Trellix/Epo on a windows server send data to indexers or HF?

Can I configure Heavy Forwards to Reject Events older than a certain age?

How to set custom user provided timestamp as the Splunk timestamp while logging to Splunk?

Can accelerated data models work with summarized data?

Dropdown List

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Can we install Botsv3 on splunk 10.0.0 in windows...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!