Getting Data In

Thread Info

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Our Splunk environment has multiple indexes, with role restrictions on index access. I want to allow users to uplo...

by Path Finder in

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

I have a perpetual Enterprise license and having not been having any issues until the today when I started to see a m...

by Splunk Employee in

CSV fields and multiple timestamps

I have a csv tab-delimited file with entries that looks like this: GPDB20A LTO3 L03 03/08/11 06:01:20 1299592...

by Path Finder in

Yet another filtering problem. Many transforms in transforms.conf not filtering

I am trying to filter with many transform statements. I believe everything is configured correctly. But I get ALL eve...

by Path Finder in

I only want to index the last 365 days of data. Can this be done?

I only want to index the last 365 days of data. Can this be done in Splunk 4.1? Any data older than one year should b...

by New Member in

Splunk Hosts Not Showing Up

I have one Splunk receiver set up and several forwarders (forwarders using free version). About 9 of my hosts are lis...

by Explorer in

Parsing appended Robocopy job logs

Has anybody dealt with splunking Windows Robocopy.exe logs? I'm about to dive into it, and am looking for prior art. ...

by Path Finder in

Question about using virtual machines for intermediate forwarders

Hello folks, I'm trying to puzzle out getting around SPL-34965 (WMI not load balancing), not inundating a single i...

by Path Finder in

Inconsistent sourcetype while indexing CSV files

I'm indexing a CSV file and I just can't get Splunk to extract any fields or apply the proper sourcetype to the event...

by Path Finder in

Two different sourcetypes in the same folder

Hello, I am trying to pick up to files in specific directories under different sourectypes. [monitor:///app/em...

by Communicator in

Is there documentation of writing a "forwarder" from another system type?

We want to write an program to gather logging information from our HP NonStop system log files, both OSS and Guardian...

by New Member in

Field Names ending with underscore _

Hi, I have a sourcetype where i defined the field names in the transforms.conf Transforms.conf [my_parse] ...

by Builder in

Delete old hosts from web interface (all indexed data)

Hi, How can I delete old hosts from web interface (all indexed data) in search window? Thanks in advance

by Explorer in

Syslog-ng, filter by ip

I have some firewalls and stuff like that send logs to my Splunk server (using normal syslog at the moment). For now ...

by Path Finder in

Index Health Monitor

How can I proactively monitor my Splunk indexes to make sure they are still indexing? I have an SNMP monitoring appli...

by Explorer in

access_combined hide certain useragents

Hello Im looking to do some stats on the traffic to my companys webserver (apache). Im using splunk as a lightforward...

by Path Finder in

Using index time as time stamp

Is there anyway to ignore the events time stamp, and set it to the current system time (at the event's index time)? ...

by Communicator in

Not allowing to change sourcetype for UDP

I have UDP 514 input data configured for syslog but somehow if i select sourcetype From list : syslog and save it...

by Explorer in

Splunk on WINDOWS - Getting NetFlow into Splunk

Hi I'm new to Splunk and the tools looks very interesting - Currently Evaluating to replace ORiON SolarWinds APM. ...

by Engager in

building a search on windows event security logs

I'm trying to build a search on windows event logs, that will exclude activity by the real time antivirus scanner and...

by New Member in

Enable WMI:LocalNetwork

Hello, How to enable WMI:LocalNetwork? Where is the correct config file? Doesn't find anything about the syntax in...

by New Member in

Is it possible to route an overrided sourcetype to other index ?

I have overrided some souretypes out of a huge syslog feed ( Kiwisyslog) Now I want to route specific sourcetypes to ...

by Contributor in

Tricky Line break

Hi folks, I have following text with no timestamps, but some numeric markers that I wanna use for a line break: ...

by Splunk Employee in

Regarding WMI Input Collections, only 24 are displayed in the Splunk GUI?

When I go to add new WMI collections it seems there's a limit and the GUI only displays 24 Inputs, even though I've a...

by Splunk Employee in

Splunk Web on Windows won't listen on port 8000

I have a UAC-enabled Server 2008 R2 machine with Splunk splunk-4.1.7-95063-x64-release installed. I am using a low...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

CSV fields and multiple timestamps

Yet another filtering problem. Many transforms in transforms.conf not filtering

I only want to index the last 365 days of data. Can this be done?

Splunk Hosts Not Showing Up

Parsing appended Robocopy job logs

Question about using virtual machines for intermediate forwarders

Inconsistent sourcetype while indexing CSV files

Two different sourcetypes in the same folder

Is there documentation of writing a "forwarder" from another system type?

Field Names ending with underscore _

Delete old hosts from web interface (all indexed data)

Syslog-ng, filter by ip

Index Health Monitor

access_combined hide certain useragents

Using index time as time stamp

Not allowing to change sourcetype for UDP

Splunk on WINDOWS - Getting NetFlow into Splunk

building a search on windows event security logs

Enable WMI:LocalNetwork

Is it possible to route an overrided sourcetype to other index ?

Tricky Line break

Regarding WMI Input Collections, only 24 are displayed in the Splunk GUI?

Splunk Web on Windows won't listen on port 8000

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions