Getting Data In

Thread Info

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

exclude winevent older than 7 days from ingest

Hello, I am about to onboard 1000+ Windows UF. Those have windows event logs going back many years. Is there a way ...

by Explorer in

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Hi Splunk Community, We’re currently onboarding SUSE Linux (SLES/OpenSUSE) logs into Splunk Enterprise Security (ES...

by Observer in

Lost AWS events after ingestion

I am in the middle of a Splunk migration. One of the tasks is to moved data from some sourcetypes onto the new server...

by Communicator in

splunk enterprise | services start error

why this issues I was trying to upgrade the splunk enterprise Checking prerequisites... Checking http port ...

by Observer in

update to Splunk Add-on for Infoblox?

I'm struggling to get data in from Infoblox using Splunk Add-on for Infoblox. I looked at the documentation and real...

by Path Finder in

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Hello all Is the Nutanix TA (version 2.5.0) compatible with Splunk 9.3.4+? It is listed as such on the splunk b...

by Contributor in

Syslog Configuration required for custom sourcetypes

I think Splunk doesn't have a built-in/defined sourcetype for ExtremeCloud XIQ logs. Can we define a custom sourcetyp...

by Path Finder in

s4cs Fallback error

Hey FolkesIngesting ZPA logs in Splunk using the Zscaler LSS service, I believe the configuration is correct based on...

by Observer in

Splunk HEC/kafka raw logs parsing / addons

Hello, is it possible in Splunk HEC from Kafka to receive raw events on HF in order to parse fields with addons? It...

by Motivator in

SPlunk query

Hello team , Please help me modify this query such that it is able to loop through all the values of the csv file ...

by Loves-to-Learn Lots in

Extract fields from RFC5424 syslog with nested json field

Hello, I put this regex on SHC inline extraction : "<(?<pri>\d+)>1\s(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}...

by Motivator in

JSON Data extraction issues with Comma

Hi Team,We are trying to extract JSON data with custom sourcetype and With the current configuration, all JSON object...

by Loves-to-Learn Lots in

Windows UF stop after batch mode is finished

Hello, I have a Windows machine with an UF installed that logs various logs such as wineventlog. These logs work corr...

by Engager in

_TCP_ROUTING with clustered indexers system logs

Hello, we have 2 Splunk platforms and we are using _TCP_ROUTING to forward logs. System logs from 1st platform in...

by Motivator in

Utilize on-prem Splunk Heavy Forwarder with Cisco Security Cloud for FMC logs into Splunk Cloud instance

Hello, I have been trying to configure this application on one of our on-prem Heavy forwarder to be able to ingest ...

by Observer in

SPL challenge ! Fusionning a multi |eval expression into one line ?

Hi, I'm onboarding some new data and I'm working on the fields extraction.Data is some proper JSON related to email...

by Path Finder in

Zscaler ZPA Log stream via LSS to Splunk

Hey everyone, I'm doing testing regarding ingesting Zscaler ZPA Logs into Splunk using LSS, I'd like any assistance a...

by Observer in

Auditd logs are not being discarded as expected!

I am trying to setup props & transforms in indexers to send PROCTITLE events to null queuei tried below regex but tha...

by Explorer in

Misp42

Hey everyone I am using the misp42slunk app but can't get the events and I don't see any errors what am I doing wrong...

by Observer in

Daylight Saving issue column

Hello, I have search for some old posting, but i did not find the proper answers. In Splunk i have a column date ...

by Path Finder in

Akamai SIEM add-on configuration IDs in batch

We are currently pulling Akamai logs to Splunk using akamai add-on in Splunk. As of now I am giving single configurat...

by Communicator in

TIME_PREFIX Challenge

Hello folks, I'm fighting some events in the future and am having some trouble breaking the code for parsing an eve...

by Explorer in

Issues with csv Splunk File Monitoring

Hi Splunkers, a colleague team si facing some issues related to .csv file collection. Let me share the required cont...

by Contributor in

Failed Create Component SplunkUI Yarn Setup

Hi Everyone, I encountered an issue while creating a new component for SplunkUI. I have followed the documentation...

by Communicator in

HF consuming almost full memory due to high pipeline size

Our data flow is syslog server sending more number of data to one HF1, then its routing to a indexer cluster as well ...

by Loves-to-Learn in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk Answers Content Calendar May 2025 🎉

Ask Questions, Get Help about Data Manager for Splunk Cloud

exclude winevent older than 7 days from ingest

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Lost AWS events after ingestion

splunk enterprise | services start error

update to Splunk Add-on for Infoblox?

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Syslog Configuration required for custom sourcetypes

s4cs Fallback error

Splunk HEC/kafka raw logs parsing / addons

SPlunk query

Extract fields from RFC5424 syslog with nested json field

JSON Data extraction issues with Comma

Windows UF stop after batch mode is finished

_TCP_ROUTING with clustered indexers system logs

Utilize on-prem Splunk Heavy Forwarder with Cisco Security Cloud for FMC logs into Splunk Cloud instance

SPL challenge ! Fusionning a multi |eval expression into one line ?

Zscaler ZPA Log stream via LSS to Splunk

Auditd logs are not being discarded as expected!

Misp42

Daylight Saving issue column

Akamai SIEM add-on configuration IDs in batch

TIME_PREFIX Challenge

Issues with csv Splunk File Monitoring

Failed Create Component SplunkUI Yarn Setup

HF consuming almost full memory due to high pipeline size

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions