Getting Data In

Ask a Question

Discussions

Thread Info

How to populate the Date field in log in Splunk DBX 1.1.6 ?

Actual log format: event_name:myname event_date:150012356 event_id i Have chosen this event_date as timestamp colu...

by Path Finder in

What's the next step to setup my universal forwarder on a syslog server?

Hello, I am trying to bring a client's syslog data into Splunk using a universal forwarder (UF) on a syslog server...

by Explorer in

How can I roll data from one location to another based on volume max size?

All, I have the following config in my indexes.conf ### define volumes [volume:splunklocal] path = /splunk_dat...

by Builder in

Is there a way to check what sourcetypes a universal forwarder is sending to a heavy forwarder?

hi there, Is there a way to check what sourcetypes a universal forwarder is sending to heavy forwarder. Any query ...

by Path Finder in

Can Splunk cause DNS logs Event 3152?

I am running in to multiple DNS server having this event 3152 almost daily and the symptoms are that the DNS server w...

by Explorer in

Sed command - Large XML values in JSON events makes replacement execution fail

Objective My objective is to remove the value of an "XML" key from my JSON events. I believe I have stumbled upon a s...

by Path Finder in

Can a RHEL Universal Forwarder be installed on a RHEV host?

I have a Red-hat Enterprise Virtualization Hosts that I would like to put the Splunk Universal Forwarder on to collec...

by Motivator in

If I delete data from HDFS will it impact my Splunk instance?

I'm storing log data in HDFS that is being indexed by Splunk. Due to space constrains I'd like to delete data over a ...

by New Member in

Remove Index Command Not Working

Hello, I am looking to remove an index entirely. I ran the search "splunk remove index new_hires" where new_hires ...

by Path Finder in

Pairing data from two CSV files with a shared key value

I have two CSV files-- one is an inventory of sorts and the other is supplemental data that only applies to certain r...

by Explorer in

ASA filter not letting logs through?

Hello everyone, One of the projects I worked on was to build a filter for ASA logs in Splunk so logs we were not i...

by Path Finder in

How can I clear old logs when they hit 220 GB?

Hi, My Splunk gets bigger and bigger every day. I'm using only 3-4 modules. The thing is that every change I'm applyi...

by Engager in

How can I write a Python script that will backup my current CSV files in Splunk each week?

I want to get a script that will run each week to back up all of my files in a CSV format each week.

by Explorer in

how to get the time of arrival of a packet into Splunk-TA-Stream on Universal Forwarder?

Is there a method to get the time of arrival of a packet into the universal forwarder, so that I can compute the time...

by Contributor in

How can I redirect traffic based on host AND sourcetype with props/transforms?

All, Is there a way to route traffic based on host AND sourcetype? if sourcetype="abc" AND host="zxc" then ind...

by Builder in

Can I consolidate multiple arbitrary strings into an 'include file' so I can filter based on all of them?

Greetings, I'd like to remove some spurious errors from my application by filtering them out. Each error is distin...

by Path Finder in

Problems blacklisting multiple eventcodes and blacklist items

I am attempting to update my input.confs list with the following blacklist: blacklist1 = EventCode="4688|4648|4674...

by New Member in

How to blacklist specific occurrences of a particular eventcode?

I am attempting to blacklist a series of process creation events (eventcode 4688) because they are noise and will bre...

by New Member in

Forward data received on a port to a third party system

I have a Splunk instance configured to receive data on port 9997 from 2 forwarders. If I want to configure it to forw...

by Path Finder in

Managing disk space when moving data from old index to new index

Hi All, We wanted to move data from one index to another index, below is our scenario: 1) Create a new index A...

by Contributor in

Interactively open text/csv file based on the selection from the dropdown list

Hi everyone, I would like to ask on how to achieve this or if it is possible to implement. I have a dashboard with a ...

by Explorer in

How can I roll all of the events from this search to null queue?

Hi, I have a query which filters data in the Splunk search, I want to send the data returned from this query to nu...

by Communicator in

How to force to set certain fields (host and sourcetype) for events from HEC local stanza for each token

Is it possible to force Splunk to set up specific fields (sourcetype, source, host) from HEC local stanza but not fr...

by Path Finder in

Which version of Splunk is suitable for Oracle Linux?

I'm having one system with Oracle Linux branches-6/el6-u8, and I would like to setup Splunk Universal Forwarder on it...

by Engager in

Why are my headers are getting indexed as events every 1 hour?

Hi, I'm facing a strange issue. Header rows are getting extracted as events every 1 hour. I have files flowing int...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to populate the Date field in log in Splunk DBX 1.1.6 ?

What's the next step to setup my universal forwarder on a syslog server?

How can I roll data from one location to another based on volume max size?

Is there a way to check what sourcetypes a universal forwarder is sending to a heavy forwarder?

Can Splunk cause DNS logs Event 3152?

Sed command - Large XML values in JSON events makes replacement execution fail

Can a RHEL Universal Forwarder be installed on a RHEV host?

If I delete data from HDFS will it impact my Splunk instance?

Remove Index Command Not Working

Pairing data from two CSV files with a shared key value

ASA filter not letting logs through?

How can I clear old logs when they hit 220 GB?

How can I write a Python script that will backup my current CSV files in Splunk each week?

how to get the time of arrival of a packet into Splunk-TA-Stream on Universal Forwarder?

How can I redirect traffic based on host AND sourcetype with props/transforms?

Can I consolidate multiple arbitrary strings into an 'include file' so I can filter based on all of them?

Problems blacklisting multiple eventcodes and blacklist items

How to blacklist specific occurrences of a particular eventcode?

Forward data received on a port to a third party system

Managing disk space when moving data from old index to new index

Interactively open text/csv file based on the selection from the dropdown list

How can I roll all of the events from this search to null queue?

How to force to set certain fields (host and sourcetype) for events from HEC local stanza for each token

Which version of Splunk is suitable for Oracle Linux?

Why are my headers are getting indexed as events every 1 hour?

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions