Getting Data In

Thread Info

Unique users, above threshhold, within timespan

Hi all, Having developed a filter that dials in the events and fields I want, I'd now like to have it display only...

by New Member in

Tranformations to set different sourcetypes based on fields in an event

I am trying to change the sourcetype on the events from a dataset based on certain fields in the dataset that is curr...

by New Member in

Can we Tag logs to determine which forwarder sent the logs?

All, We have three 4.1.8 forwarders that send to an indexer. Is there anyways we can determine from the indexer, w...

by Communicator in

Does Splunk support indexing of timestamps in tai64nlocal format?

I did not find this in the Splunk docs. As a test, I just indexed some sample events with tai64nlocal format and i...

by Splunk Employee in

perfmon no longer working?

Installed via command line with: msiexec /I splunk...msi /qn ALLUSERS=1 REBOOT=ReallySuppress AGREETOLICENSE=Yes ...

by Influencer in

Monitoring indexers through health checks / heartbeats?

Greetings Splunkers, I've seen in a lot of the online documentation about the "autoLB" mode of load-balancing, how...

by Builder in

Can I chain fields together between two different lookups (.csv files)?

Can I perform a lookup using one csv file and then use a returned field from that one to perform a second lookup in a...

by Splunk Employee in

dc01 and DC01 different host accoring to splunk

For some reason, splunk is showing one host as two, one as DC01 (example) and dc01. Is there any way to merge them?

by Path Finder in

Convert original log timestamp

The timestamp of log is 2011-06-02 06:06:45 , splunk will resolve it as 11-6-2 AM 06:06:45.000. But this is UTC time....

by Contributor in

Unviersal Forwarder without an app

Basically I want to be able to send JBoss server logs from one linux machine to another using the Splunk Universal Fo...

by Path Finder in

how can I setup splunk to monitor syslog-ng and other other logs via the UF?

Hi, Am a newbie to splunk, I am able to install splunk but i am not able to understand forwarders and where and ho...

by New Member in

Split multi-line events

I have a file that has multiple multi line events. Each event is broken up into "INFO: ---" or "ERROR: ---" ERROR:...

by Explorer in

esxi timezone

Hello I'm having trouble getting splunk to adjust the timezone. The data shows up two hours behind the timezone on...

by Path Finder in

Universal Forwarder

I have multiple LAMP servers that I am looking to monitor with Splunk. I got my server setup last Friday and setup th...

by New Member in

Why is "Number of files" 1 ?

I have installed latest Splunk and have monitoring on a number of shared log-directories on remote servers. If I g...

by New Member in

Can Splunk write the data it receives to raw syslog files?

Hi, I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom ...

by Builder in

Summary index syslog events doing line merge

A colleague of mine is summary indexing syslog events from a bigger syslog index. He's doing this to have a more focu...

by Path Finder in

Error checking/handling using the REST API

How is it possible through the REST api to figure out if an indexer is or was down during an export (query). The prob...

by Splunk Employee in

Why are my fields Missing after upgrade?

After upgrading from 4.2 to 4.2.1 all my inputs do not seem to be working. My props.conf file and transforms.conf fil...

by Splunk Employee in

How do you limit the amount of time that splunk looks into the past for log data?

I am trying to limit the windows event logs being pulled to 180 days instead of all logs from two years ago?

by Explorer in

Heavy, or Light?

I'd like to deploy a light-forwarder to reduce footprint, but I need to send different inputs to a different index on...

by Explorer in

store collected syslog data on NFS

Hi, i would like to run a splunk instance on a unix box. This splunk should receive syslog messages. How do i set ...

by SplunkTrust in

Multiple sourcetypes in the same directory

I know this question has been asked numerous times before, because I've read most of the questions and answers. I sti...

by Explorer in

where splunk store syslog data?

I install splunk and add syslog port as the input data. i wonder where splunk store the syslog that it received? Do s...

by Explorer in

What data should I index?

I am new to Splunk and have just installed a trial-licensed installation. I have configured Splunk to receive the eve...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Unique users, above threshhold, within timespan

Tranformations to set different sourcetypes based on fields in an event

Can we Tag logs to determine which forwarder sent the logs?

Does Splunk support indexing of timestamps in tai64nlocal format?

perfmon no longer working?

Monitoring indexers through health checks / heartbeats?

Can I chain fields together between two different lookups (.csv files)?

dc01 and DC01 different host accoring to splunk

Convert original log timestamp

Unviersal Forwarder without an app

how can I setup splunk to monitor syslog-ng and other other logs via the UF?

Split multi-line events

esxi timezone

Universal Forwarder

Why is "Number of files" 1 ?

Can Splunk write the data it receives to raw syslog files?

Summary index syslog events doing line merge

Error checking/handling using the REST API

Why are my fields Missing after upgrade?

How do you limit the amount of time that splunk looks into the past for log data?

Heavy, or Light?

store collected syslog data on NFS

Multiple sourcetypes in the same directory

where splunk store syslog data?

What data should I index?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions