Getting Data In

Discussions

Thread Info

splunk universal forwerder to splunk enterprise with configured HEC (all on centos 7)

Hello , i have spent couple of days to reach some proper loggin to HEC on my enterprise splunk but cant handle it. I...

by New Member in

What options are available to offload the data from Splunk Indexers?

I'm currently facing an immediate situation where my Splunk Indexers are running of of the disk space. Please let me ...

by Splunk Employee in

How can I make the sourcetype WinEventLog:Application active?

abl-bccwprhyb01 07/19/2017 22:17:10 sqleventlog WinEventLog:Application EPS INACTIVE (7-30days) Source type WinEve...

by Engager in

How do I forward latest file from group of files?

I have a folder being monitored by a UF. Three (3) xml files are generated by a software and placed at the same time ...

by Path Finder in

How to override automatic key-value extraction which contain single quotes?

We have got some data in below format 2018-07-26T01:00:01 empID=12345 empName='Spider Man' department='IT' 2018-07...

by Super Champion in

How to create two text boxes on a dashboard with a submit button using JavaScript where entered values get stored in a CSV file?

Hi, I want to create a dashboard in which two text boxes will be there with one submit button. Upon clicking the s...

by Contributor in

How to split multiple lines of data into individual lines?

Hello every one, I have some data in my Splunk server that is not separated correctly. I want to split this data ...

by Communicator in

Is it safe to delete .bundle files from /opt/splunk/var/run/search peers ?

Hi All, Currently we have an disk space issue in two of the splunk indexer instances and we have separate volume c...

by Motivator in

Possible to use setup.xml in an app to create a new data input?

So I created an app that defines a new data input type in default/inputs.conf. It uses a modular input and some custo...

by Explorer in

Index time mapping in inputs.conf

I have two fileds TIME and Last execution TIME. In input.conf i have mapped TIME field to use a index time(_time) ...

by Builder in

Splunk unable to read files

Hi, Splunk UF is setup to read files from particular directory. It reads files normally for few minutes, but suddenly...

by Contributor in

CSV data vs key-value data. Which is faster for performance?

hi, We have an incoming custom dataset which consumes approx 700GB a day and is currently used for CIM. Currently it ...

by Super Champion in

Logs have been FIFO'd but i still need. How do i get them back in?

Working in Windows I have a directory of sharepoint logs that i have been pulling for years. I've recently started to...

by Builder in

Why does clustering always appear as a repeat phenomenon without a reason?

hello, I have a strange question, This question is described as a bit rough. I have a single site cluster that contai...

by Communicator in

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded - data_source=

we are getting the below errors from splunkd.log. the issue is we weren't able to search the logs from splunk console...

by New Member in

Why is JSON from scripted input raw events in random orders?

have no idea what is going on here. I can make the same api call that the script is and receive the json back in the ...

by Builder in

passing of events field with spaces

Hi, I wanted to display Message in message field value. I wanted to do the set up in prof.conf. Can anyone please hel...

by New Member in

Modify JSON Objects at indexing time

Hello there, I have the issue that there are more events in one JSON-Object. Heres an example: { category: Net...

by Path Finder in

Pull syslog data from EC2 instance into Splunk

We're running an on-prem instance of Splunk Enterprise behind a firewall which (currently) does not permit ingress on...

by New Member in

To monitor which Windows server are not sending logs to Splunk

I want to check which server are not sending logs to Splunk as our monthly maintenance. Can you guys help me what is ...

by New Member in

Does Splunk support LEEF formatted events?

Does it support LEEF, Log Event Enhanced Format?

by Champion in

Windows IIS Log and Splunk

On a Windows 2012 Server the daily IIS log is held open and sits at "0" bytes in size throughout the day. It appears ...

by New Member in

How to send data from IBM AS400 to Splunk via syslog?

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn...

by Communicator in

Host rewrite not working...

I'm trying to rewrite the host field based upon values in my data. Here is a sample event: {"href":"/orgs/1/audit_...

by Builder in

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queir...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

splunk universal forwerder to splunk enterprise with configured HEC (all on centos 7)

What options are available to offload the data from Splunk Indexers?

How can I make the sourcetype WinEventLog:Application active?

How do I forward latest file from group of files?

How to override automatic key-value extraction which contain single quotes?

How to create two text boxes on a dashboard with a submit button using JavaScript where entered values get stored in a CSV file?

How to split multiple lines of data into individual lines?

Is it safe to delete .bundle files from /opt/splunk/var/run/search peers ?

Possible to use setup.xml in an app to create a new data input?

Index time mapping in inputs.conf

Splunk unable to read files

CSV data vs key-value data. Which is faster for performance?

Logs have been FIFO'd but i still need. How do i get them back in?

Why does clustering always appear as a repeat phenomenon without a reason?

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded - data_source=

Why is JSON from scripted input raw events in random orders?

passing of events field with spaces

Modify JSON Objects at indexing time

Pull syslog data from EC2 instance into Splunk

To monitor which Windows server are not sending logs to Splunk

Does Splunk support LEEF formatted events?

Windows IIS Log and Splunk

How to send data from IBM AS400 to Splunk via syslog?

Host rewrite not working...

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

Configuring Splunk OTel Collector for Linux/Window...