Getting Data In

Ask a Question

Discussions

Thread Info

Can I enable distributed indexer using Enterprise Trial license ?

Hi - I am using Splunk Enterprise Trial license at home network for learning purpose. I have installed Splunk(Linu...

by New Member in

Anonymize data

Hi, How would I anonymize the following example: BankName=South!@Indian!@Bank I want everything to the righ...

by New Member in

Why isnt't our firewall showing events? We're sending syslogs to a UDP port

Good afternoon, We have 3 firewalls that are sending their syslogs to a udp port. 2 are showing events, one is not. I...

by Path Finder in

Best way to deal with the \local configuration files after deploying new configuration files under \apps?

I have integrated a deployment client into my environment to manager the configuration files but now I am having mult...

by Path Finder in

How to use pipeline to get results which match the timestamp?

Hi All, I have a particular situation in which two logs lines which are related, have only the timestamp in common...

by New Member in

No data being received form syslog server

New Splunk environment just stood up. All was working well on Friday, came back after the weekend and now getting an ...

by New Member in

inputs.conf and outputs.conf for SSL encryption

Hi, Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for ...

by Path Finder in

Where does the forwarder enqueue files?

We see the following messages in the forwarder - 10-18-2017 11:15:29.630 -0500 WARN TailReader - Enqueuing a ver...

by Ultra Champion in

How can I set an alert for max thruput?

What is the search query to alert when the forwarder reaches max thruput?

by New Member in

Extracting specific JSON field where duplicate exists within array

I have a JSON feed that I'm trying to parse fields in and the event contains fields with identical names but are diff...

by New Member in

Can we rename fields in transforms.conf?

In the following thread we extracted the name value pairs from the embedded json document - How can we extract a json...

by Ultra Champion in

Help with props.conf configuration to remove outer curly bracket before ingesting JSON file to get event ID

props.conf to remove outer curly bracket before ingesting json file from { "filters": [ { "id": "94960710-78a8-139d-6...

by Communicator in

How to omit a field from search on a text input if the field is blank/null

Hello all, Fairly new to Splunk and have a question. I am trying to build what seemed like a fairly simple tool...

by Engager in

How to reduce the daily ingestion on Splunk cloud?

Hi, We use splunk cloud and our daily ingestion limit is 800 GB, we are ingesting about 100 GB over the limit. I'm...

by New Member in

earliest_time not working in REST post data, but working in search

I am sending a POST request to Splunk REST 'services/search/jobs' endpoint. If I submit with 'earliest_time' param...

by Path Finder in

What is the best way to stream data out of one Splunk instance to another?

All, We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing...

by Builder in

Capture second timestamp that includes subseconds

Here's an example beginning of an event line Oct 20 20:57:03 sfo-prd-wsux02 apache2: [Fri Oct 20 20:57:03.398765 2...

by Engager in

How do you transfer indexes stored in a search head to other search peers?

We have a Splunk environment with 1 search head, multiple indexers, and search peers. Currently search head stores a ...

by Engager in

Custom date format extraction using datetime.xml

A colleague was tying to use Splunk to ingest a log file with a unusual date/time format. The DATE of the event is...

by Splunk Employee in

Inputlookup subsearch to match on field A and output field B in CSV file

Im trying to correlate info based on a lookup file and no matter how I try, I cant make it work. I have a CSV with...

by Communicator in

REST call to show the number of logged-in users in a clustered environment?

I've got a cluster question regarding REST calls and translation into a clustered environment. I have multiple search...

by Path Finder in

Splunk is ingesting archived data from our syslog servers. How do I stop this?

We have a syslog server with universal forwarder (UF) installed on it and my inputs.conf states /opt/splunk/syslogs/c...

by Communicator in

How can we split the lines in logs as individual events?

Hi Team, Currently we have the logs getting indexed into Splunk in this format but we require that each line has t...

by Path Finder in

Delay in Splunk purging old events

My Splunk is a single Splunk 6.5.x instance, which needs to retain the last 30 days events, so I configured frozenTim...

by Explorer in

Performance / Design recommendations for dimensions in Metrics Index

Does Splunk have any guidelines or limitations on the number of dimensions (i.e., cardinality) that the new Metrics I...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can I enable distributed indexer using Enterprise Trial license ?

Anonymize data

Why isnt't our firewall showing events? We're sending syslogs to a UDP port

Best way to deal with the \local configuration files after deploying new configuration files under \apps?

How to use pipeline to get results which match the timestamp?

No data being received form syslog server

inputs.conf and outputs.conf for SSL encryption

Where does the forwarder enqueue files?

How can I set an alert for max thruput?

Extracting specific JSON field where duplicate exists within array

Can we rename fields in transforms.conf?

Help with props.conf configuration to remove outer curly bracket before ingesting JSON file to get event ID

How to omit a field from search on a text input if the field is blank/null

How to reduce the daily ingestion on Splunk cloud?

earliest_time not working in REST post data, but working in search

What is the best way to stream data out of one Splunk instance to another?

Capture second timestamp that includes subseconds

How do you transfer indexes stored in a search head to other search peers?

Custom date format extraction using datetime.xml

Inputlookup subsearch to match on field A and output field B in CSV file

REST call to show the number of logged-in users in a clustered environment?

Splunk is ingesting archived data from our syslog servers. How do I stop this?

How can we split the lines in logs as individual events?

Delay in Splunk purging old events

Performance / Design recommendations for dimensions in Metrics Index

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions