Getting Data In

Thread Info

Splunk on Linux making WMI queries to Windows servers

I have Splunk running on a Linux server and I need to index WMI-based events, like perfmon data, from my Windows serv...

by Splunk Employee in

label fields in a flat file

I have activity files from a vpn radius server and I'd like to label the fields as they go into splunk... I'm not eve...

by New Member in

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Our Splunk environment has multiple indexes, with role restrictions on index access. I want to allow users to uplo...

by Path Finder in

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

I have a perpetual Enterprise license and having not been having any issues until the today when I started to see a m...

by Splunk Employee in

CSV fields and multiple timestamps

I have a csv tab-delimited file with entries that looks like this: GPDB20A LTO3 L03 03/08/11 06:01:20 1299592...

by Path Finder in

Yet another filtering problem. Many transforms in transforms.conf not filtering

I am trying to filter with many transform statements. I believe everything is configured correctly. But I get ALL eve...

by Path Finder in

I only want to index the last 365 days of data. Can this be done?

I only want to index the last 365 days of data. Can this be done in Splunk 4.1? Any data older than one year should b...

by New Member in

Splunk Hosts Not Showing Up

I have one Splunk receiver set up and several forwarders (forwarders using free version). About 9 of my hosts are lis...

by Explorer in

Parsing appended Robocopy job logs

Has anybody dealt with splunking Windows Robocopy.exe logs? I'm about to dive into it, and am looking for prior art. ...

by Path Finder in

Question about using virtual machines for intermediate forwarders

Hello folks, I'm trying to puzzle out getting around SPL-34965 (WMI not load balancing), not inundating a single i...

by Path Finder in

Inconsistent sourcetype while indexing CSV files

I'm indexing a CSV file and I just can't get Splunk to extract any fields or apply the proper sourcetype to the event...

by Path Finder in

Two different sourcetypes in the same folder

Hello, I am trying to pick up to files in specific directories under different sourectypes. [monitor:///app/em...

by Communicator in

Is there documentation of writing a "forwarder" from another system type?

We want to write an program to gather logging information from our HP NonStop system log files, both OSS and Guardian...

by New Member in

Field Names ending with underscore _

Hi, I have a sourcetype where i defined the field names in the transforms.conf Transforms.conf [my_parse] ...

by Builder in

Delete old hosts from web interface (all indexed data)

Hi, How can I delete old hosts from web interface (all indexed data) in search window? Thanks in advance

by Explorer in

Syslog-ng, filter by ip

I have some firewalls and stuff like that send logs to my Splunk server (using normal syslog at the moment). For now ...

by Path Finder in

Index Health Monitor

How can I proactively monitor my Splunk indexes to make sure they are still indexing? I have an SNMP monitoring appli...

by Explorer in

access_combined hide certain useragents

Hello Im looking to do some stats on the traffic to my companys webserver (apache). Im using splunk as a lightforward...

by Path Finder in

Using index time as time stamp

Is there anyway to ignore the events time stamp, and set it to the current system time (at the event's index time)? ...

by Communicator in

Not allowing to change sourcetype for UDP

I have UDP 514 input data configured for syslog but somehow if i select sourcetype From list : syslog and save it...

by Explorer in

Splunk on WINDOWS - Getting NetFlow into Splunk

Hi I'm new to Splunk and the tools looks very interesting - Currently Evaluating to replace ORiON SolarWinds APM. ...

by Engager in

building a search on windows event security logs

I'm trying to build a search on windows event logs, that will exclude activity by the real time antivirus scanner and...

by New Member in

Enable WMI:LocalNetwork

Hello, How to enable WMI:LocalNetwork? Where is the correct config file? Doesn't find anything about the syntax in...

by New Member in

Is it possible to route an overrided sourcetype to other index ?

I have overrided some souretypes out of a huge syslog feed ( Kiwisyslog) Now I want to route specific sourcetypes to ...

by Contributor in

Tricky Line break

Hi folks, I have following text with no timestamps, but some numeric markers that I wanna use for a line break: ...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk on Linux making WMI queries to Windows servers

label fields in a flat file

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

CSV fields and multiple timestamps

Yet another filtering problem. Many transforms in transforms.conf not filtering

I only want to index the last 365 days of data. Can this be done?

Splunk Hosts Not Showing Up

Parsing appended Robocopy job logs

Question about using virtual machines for intermediate forwarders

Inconsistent sourcetype while indexing CSV files

Two different sourcetypes in the same folder

Is there documentation of writing a "forwarder" from another system type?

Field Names ending with underscore _

Delete old hosts from web interface (all indexed data)

Syslog-ng, filter by ip

Index Health Monitor

access_combined hide certain useragents

Using index time as time stamp

Not allowing to change sourcetype for UDP

Splunk on WINDOWS - Getting NetFlow into Splunk

building a search on windows event security logs

Enable WMI:LocalNetwork

Is it possible to route an overrided sourcetype to other index ?

Tricky Line break

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Using different certificates for TCP and HEC Input...

Heavy Forwarder - Filtering Juniper events

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions