Getting Data In

Discussions

Thread Info

Scheduled data input script, no data found

I have created a data input to run a wrapper script, which executes a python script, and gather its output. It was w...

by Observer in

Windows UF ignores CSV header until restart

I have a simple CSV file input on a Windows UF with a header of field names in the top row. The file is overwritten d...

by Builder in

Merge lines from rotated file

Hello, I have some difficulties to ingest properly logs from rotated file, where the rotation is fully handled by a...

by Explorer in

Indexing all text log files in a directory

I have a directory with about 750 log files. The files are all text files and the total size of this directory is 117...

by Explorer in

HEC Collector behind WAF

We are looking to security our HEC Collector a bit more by putting it behind a WAF. But can't find any documentation ...

by New Member in

How to monitor Windows Defender evtx file?

Hello everyone, I try to "ADD DATA" and specifically add the file "Microsoft-Windows-Windows Defender% 4Operational...

by Observer in

Extraction of time if there are multiple formats

Hello, I have syslog events that come with the _time either in seconds(epoch 1620685037) OR time in microseconds f...

by Explorer in

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Has any Splunk guru ever written a Splunk Maintenance plan? What would you include in it? Would you share your insigh...

by Contributor in

Issues with wildcard input stanza

I've been having issues with wildcarded input monitoring. In an attempt to adjust for an issue with file path naming...

by Explorer in

Can Any Red Hat Satellite Logs be Ingested?

Hello! Has anyone ever successfully ingested Red Hat Satellite logs using Splunk? If not, are there any plans on ma...

by Path Finder in

Not able to search index=_internal from searchead

I'm trying to do a search against index=_internal but I do not see this index on my searchhead. I do see it when I...

by New Member in

Best AWS ingestion approach

Hello, I am trying to settle on a new AWS event collection strategy. We are currently collecting using the older p...

by Explorer in

FortiAnalzer Field Extraction

Hi, I'm receiving FortiGate event via FortiAnalyser and I need to set the Host to the name of the device that creat...

by Explorer in

Why is my Index Current Size greater than my Max Size (Cluster)

Hi Splunk Folk, I've spent most of the morning trying to find this with no luck, I've seen some similar posts but n...

by Explorer in

Incorrect Timestamp

hello, I have some xml files coming in which is working fine, however, despite setting the TIME_FORMAT to %d/%...

by Explorer in

Write to Output lookup

HI Team, Need one help, I want to run a schedule for the below search events every 1 hr and capture the inportant ...

by Path Finder in

JSON parsing after transforms

Hello Splunk Community, I have an issue with JSON parsing in Splunk and hope you can help me with that. Situa...

by Engager in

Bug: Duplicate values with INDEXED_EXTRACTION?

Hi, this is a long running issue with splunk creating duplicates as multi-value mv fields when JSON extraction run...

by Builder in

Please help with LINE BREAKING/Truncate issue

Hello, Can anyone please help me with the line breaking and truncate issue which I am seeing for the nested Json ev...

by Path Finder in

Configuring Splunk_TA_stream 7.1.3 to ingest netflow from pfSense 2.4.4 on SE 7.3.1

Hi all, It doesn't matter how much I read the documentation https://docs.splunk.com/Documentation/StreamApp/latest...

by Explorer in

Getting Data In

Discussions

Scheduled data input script, no data found

Windows UF ignores CSV header until restart

Merge lines from rotated file

Indexing all text log files in a directory

HEC Collector behind WAF

How to monitor Windows Defender evtx file?

Extraction of time if there are multiple formats

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Issues with wildcard input stanza

Can Any Red Hat Satellite Logs be Ingested?

Not able to search index=_internal from searchead

Best AWS ingestion approach

FortiAnalzer Field Extraction

Why is my Index Current Size greater than my Max Size (Cluster)

Incorrect Timestamp

Write to Output lookup

JSON parsing after transforms

Bug: Duplicate values with INDEXED_EXTRACTION?

Please help with LINE BREAKING/Truncate issue

Configuring Splunk_TA_stream 7.1.3 to ingest netflow from pfSense 2.4.4 on SE 7.3.1

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Windows UF ignores CSV header until restart

Merge lines from rotated file

How to monitor Windows Defender evtx file?

Extraction of time if there are multiple formats

Has any Splunk guru ever written a Splunk Maintena...

Getting Data In

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >