Getting Data In

Ask a Question

Discussions

Thread Info

What PCRE regex can we use in our transforms.conf?

Hi We need to ingest only those events which starts with any of the below strings ; (please note its starts ...

by Path Finder in

Ingesting logs from SFTP Server via HF

Hello, Can someone guide me on how can I ingest logs from a SFTP server? I have available Heavy Forwarders that sit...

by Path Finder in

How to resolve SSL error with tcp-ssl input?

I have a Splunk server which is receiving data on a tcp-ssl port successfully for a particular application (SecureCir...

by Explorer in

Do we have a Splunk script that will tell us the total number of disabled accounts or/and the rate of disablement?

Would like to know if there is any query available that will tell us the total number of disabled accounts in Active ...

by New Member in

Why is there log file data from some linux boxes and some are not sending data?

I am getting log file data from some linux boxes and some are not sending data. Unable to find the reason why?Please ...

by Explorer in

How to blacklist a forwarder?

I have a 250 forwarders in my environment. I have one server that no one can reach a solution on due to low priority....

by Path Finder in

How to configure the indexer for Linux Logs?

I am attempting to audit the usage of commands such as chown or chomod on my linux environment. Through the below qu...

by Explorer in

Why doesn't my Transform sourcetype work?

Hi, I'm tring to change the sourcetype of all data of a specific source in props.conf [source::/var/log/message...

by New Member in

How to join match on closest time?

Hi, After some advice please. I am using a left join with Max=0 as need to find some events over a 24 hour period...

by Explorer in

Why is wildcard not working in log file name for input.conf?

Hello, I have the input.conf for several log files as [monitor:///u01/mnt/log-1/data/trafficmanager/acces...

by Communicator in

Receiving error that “could not load lookup xxx” when using Splunk API to call report, but no such lookup files

hi i got a weird problem when i call Splunk API'https://localhost:8089/servicesNS/-/search/search/jobs?output_mode...

by Explorer in

How to clean up dnslogs and replacing and trimming characters?

We have some MS dns logs we want to ingest and we want to clean up some of the text before processing. Essent...

by Explorer in

Why is Splunk showing a time difference?

HiWe are trying to write the props from couple of days Issue: splunk showing time difference 4 to 5 hours logs ...

by Loves-to-Learn in

Windows Eventlogs from windows splunk universal forwarder lacking timezone

Timezone on my splunk indexer is GMT and windows machine is PST. I found that the metadata from Windows Eventlogs ...

by Loves-to-Learn in

How to send event from UF to multiple Heavy Forwarders and different indexers

I have the following situation: I have an universal forwarder that were sent logs to (HF1 and index=idx1) Could y...

by Loves-to-Learn Everything in

Why am I receiving warning about apps and default apps?

does this affect anything typically? I ask this because I have apps that I downloaded from splunkbase and put int...

by Path Finder in

Documentation for AWS app for S3

Hi We have a requirement to pull data from third-party aws account. Third party provider will push the data to a ...

by Explorer in

For inputs.conf, can the time_before_close setting be used with [batch]?

Follow on question to https://community.splunk.com/t5/Getting-Data-In/Can-batch-read-a-partial-file-such-that-the-of-...

by Path Finder in

How do I individual count each of them in this path?

So, I wanted to Split the path into multiple events so that i can count whatever i want to count like active or dev o...

by Engager in

DB Connect - Problemas con JDBC (petaSQL)?

I am new to Splunk technology and I would like to learn Splunk.I have tried to connect a petaSQL server from Splunk, ...

by New Member in

How to uninstall Splunk Enterprise on Windows 11?

Hello, I would like to uninstall Splunk on my windows machine, do i need to stop the service first and then uninst...

by Motivator in

Why does btool quit with "SPLUNK_HOME must be set. Stopping."?

My GoogleFu is failing me. There's a lot of btool tutorials, but I can't find this solution... I'm on a Windows 10...

by Communicator in

Multiple file monitors on Windows machine- Some work only when others are disabled?

I'm having difficulty ingesting log data from flat files into Splunk. I'm monitoring six different directories, each ...

by Path Finder in

How to search for events with domains on DNS Blocklist?

I have lookup table with a DNS blocklist. What query can I use to search for events with any of the blocklisted domai...

by Path Finder in

Getting mainframe logs into Splunk?

hi, How can i get logs from mainframe into splunk is there any forwarder avaialble? if not whatelse can be done to...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What PCRE regex can we use in our transforms.conf?

Ingesting logs from SFTP Server via HF

How to resolve SSL error with tcp-ssl input?

Do we have a Splunk script that will tell us the total number of disabled accounts or/and the rate of disablement?

Why is there log file data from some linux boxes and some are not sending data?

How to blacklist a forwarder?

How to configure the indexer for Linux Logs?

Why doesn't my Transform sourcetype work?

How to join match on closest time?

Why is wildcard not working in log file name for input.conf?

Receiving error that “could not load lookup xxx” when using Splunk API to call report, but no such lookup files

How to clean up dnslogs and replacing and trimming characters?

Why is Splunk showing a time difference?

Windows Eventlogs from windows splunk universal forwarder lacking timezone

How to send event from UF to multiple Heavy Forwarders and different indexers

Why am I receiving warning about apps and default apps?

Documentation for AWS app for S3

For inputs.conf, can the time_before_close setting be used with [batch]?

How do I individual count each of them in this path?

DB Connect - Problemas con JDBC (petaSQL)?

How to uninstall Splunk Enterprise on Windows 11?

Why does btool quit with "SPLUNK_HOME must be set. Stopping."?

Multiple file monitors on Windows machine- Some work only when others are disabled?

How to search for events with domains on DNS Blocklist?

Getting mainframe logs into Splunk?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions