Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Uploading logs

UncleHugo
Explorer
‎11-13-2025 02:35 PM

I am trying to upload logs and whenever I do the logs come out scattered.

Do I have to give every colum a title e.g In the column where there are src_ip's do I have to indicate that as the header of that column? Because in the raw logs there isn't anything of such just values.

Anytime I try doing a query for example index=** sourcetype=*** | top limit=10 user src_ip

It doesn't give me any result.

The only time I get a result is just with the index=** sourcetype=*** 

In the second photo attached, the INTERESTING FIELD has the values instead of the name.

 

  • How do i resolve this, pleasssse!! Been stuck here.

20251113_232404.jpg20251113_232613.jpg

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-13-2025 11:25 PM

Hi @UncleHugo ,

the issue isn't in the search that you're using but in the log ingestion.

How did you ingest these logs?

Where did they come from: a csv or whatelse?

Using the corect way to ingest logs you have the correct fields to use in the searches.

At the same time, the reason because you don't have results using user and src_ip fields in the top command is probably that you don't have in your events one (or both) of the fields that you're using in the top command: user or src_ip; do you see them in interesting fields? 

In addition, to help us to help you: 

  • use "Inser/Edit Code Sample" button to share the searches,
  • use a screenshor (not a photo).

My hint is to follow some training in Getting data in: you can run a search on Google and find training documentation and videos, starting from the Search Tutorial: https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial

Ciao.

Giuseppe

 

Reply

UncleHugo
Explorer
‎11-14-2025 04:23 PM

Thanks @gcusello 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...