Getting Data In

Thread Info

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Data missing from universal forwarder on a Linux host

I have a puzzle with a Linux host running RHEL 8.10, which is running Splunk Universal Forwarder 9.4.1, configured to...

by Contributor in

Props and transforms hostname override not working

Hi all. Having an issue with hostname override for snmp logs. An issue I’m having is i created this props and transfo...

by Explorer in

Misp42

Hey everyone I am using the misp42slunk app but can't get the events and I don't see any errors what am I doing wrong...

by Observer in

ExecProcessor Error

Good day team. Getting this error. That is date corresponds to the last day the host was seen.05-28-2025 11:51:03.469...

by New Member in

Extract fields from RFC5424 syslog with nested json field

Hello, I put this regex on SHC inline extraction : "<(?<pri>\d+)>1\s(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}...

by Motivator in

Few logs are getting truncated

Few event logs are getting truncated while others are getting perfectly. We are using akamai add-on to pull logs to S...

by Communicator in

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Hello all Is the Nutanix TA (version 2.5.0) compatible with Splunk 9.3.4+? It is listed as such on the splunk b...

by Contributor in

What is the URI for HTTP Event Collector for Splunk Cloud?

I am trying out Splunk Cloud and I want to set up an HTTP Event Collector. The instructions here to set up the HEC UR...

by Engager in

How do I get Proofpoint Targeted Attack Protection logs ingested into Splunk?

Hi , I have my Proofpoint servers over my side. I want the logs to be ingested into Splunk. How can i proceed...

by Explorer in

Why is "Deployment Client is disabled"? How do I resolve this issue?

Today I noticed that one of the heavy forwarders in our distributed environment was not calling back to the deploymen...

by Contributor in

Why is the Tenable vulnerability time stamp off?

We're using the Tenable Add-on for Splunk (TA-tenable) to ingest data from Tenable.io. the app's props.conf, has the ...

by Motivator in

Failed to load source for JointJS Diagram visualization

Hello, im on splunk enterprise Im facing with this error on my Dashboard : Failed to load source for JointJS D...

by Engager in

Licence agreement for Databricks and Splunk integration

Are there any licencing concerns to be considered for the integration between SPlunk and Databricks using the Plugin ...

by New Member in

Dataset Constraint

In the documentation <https://help.splunk.com/en/splunk-enterprise/manage-knowledge-objects/knowledge-management-manu...

by Explorer in

How to improve indexing thruput if replication queue is full?

Here are the configs for on-prem customers willing to apply and avoid adding more hardware cost.9.4.0 and above most ...

by Splunk Employee in

How to calculate Daily Data Volume on Splunk Clustering

Dear everyone, I have a Splunk Clustering (2 indexers) with:Replication Factor=2Searchable Factor=2 I supposed to...

by Path Finder in

Syslog Configuration required for custom sourcetypes

I think Splunk doesn't have a built-in/defined sourcetype for ExtremeCloud XIQ logs. Can we define a custom sourcetyp...

by Explorer in

Source attribute has to be a certain length?

Hi, we've encountered some unusual behaviour when ingesting data and are at a loss as to what might be causing it. We...

by New Member in

remove specific folder from input

I have configured syslog-ng to listen on multiple ports, save them in a folder with IP name and hf to send logs to in...

by Communicator in

Why is Splunk unable to detect modified files when monitoring files on CIFS mount?

I have a CIFS mount from Azure on a server. Then a Splunk forwarder monitoring the mounted folder. I discovered th...

by Splunk Employee in

Splunk Start fails after upgrading from 9.3.1 to 9.4.0

Yesterday I upgraded Splunk on one of my Deployment Servers from 9.3.1 with the 9.4.0 rpm on a Amazon Linux host and ...

by Path Finder in

Need to write a regex for time extraction

Need to write a regex for same as time and same as event given below in image

by Communicator in

Need Proper props configuration for extracting date-time information and breaking down events.

Need to know while am adding the data in splunk am getting the below error Same data would be like :-{"vers...

by Communicator in

Heavy Forwarder - Filtering Juniper events

Greetings, I have been reading through documentation and responses on here about filtering out specific events at the...

by Explorer in

HAProxy server client IP

I have a serious problem, please help me. We have an HAProxy server that receives logs from various clients and for...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk Answers Content Calendar May 2025 🎉

Ask Questions, Get Help about Data Manager for Splunk Cloud

Data missing from universal forwarder on a Linux host

Props and transforms hostname override not working

Misp42

ExecProcessor Error

Extract fields from RFC5424 syslog with nested json field

Few logs are getting truncated

Splunk Nutanix TA and Splunk Enterprise 9.3.4

What is the URI for HTTP Event Collector for Splunk Cloud?

How do I get Proofpoint Targeted Attack Protection logs ingested into Splunk?

Why is "Deployment Client is disabled"? How do I resolve this issue?

Why is the Tenable vulnerability time stamp off?

Failed to load source for JointJS Diagram visualization

Licence agreement for Databricks and Splunk integration

Dataset Constraint

How to improve indexing thruput if replication queue is full?

How to calculate Daily Data Volume on Splunk Clustering

Syslog Configuration required for custom sourcetypes

Source attribute has to be a certain length?

remove specific folder from input

Why is Splunk unable to detect modified files when monitoring files on CIFS mount?

Splunk Start fails after upgrading from 9.3.1 to 9.4.0

Need to write a regex for time extraction

Need Proper props configuration for extracting date-time information and breaking down events.

Heavy Forwarder - Filtering Juniper events

HAProxy server client IP

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions