Getting Data In

Ask a Question

Discussions

Thread Info

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

UF not in CMC

Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwa...

by Explorer in

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Hi Splunkers!!, We have recently configured SSO in Splunk using Keycloak, and it's working fine — users are able to...

by Motivator in

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

Hi, we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk (https://sp...

by Observer in

SourceTypes being changed by GUI

Hi All, Help please. Can I get people to agree with me that the following is a bug/design flaw - as my splunk cas...

by Path Finder in

Loosing logs for a specific host in several hours.

Hi All. Using Splunk for collecting logs from different devices. But logs from on devices on the network , is not...

by New Member in

ESXi and vSphere logs

Hello all, I am reviewing the Splunk add-on for vCenter Log and the Splunk add-on for VMware ESXi logs guides and h...

by Path Finder in

Ingest-time lookup

Hello, has anyone worked with ingest-time lookup and familiar with it? https://docs.splunk.com/Documentation/Splunk...

by Path Finder in

Does props.conf support wildcards?

All, I found myself writing this props.conf today. Say I have this: [tomcat:src:server] EXTRACT-springapp_...

by Builder in

Splunk Server logs to 3rd party using an Indexer

We have installed Splunk in windows and we want to send windows logs from Search Head, LM and CM to 3rd party using a...

by Loves-to-Learn Everything in

Can I send windows security logs using UF over HTTP to Logstash ?

Hello Experts , I am trying to send windows security logs to logstash(http) receiver . Below is what I have based ...

by Builder in

Splunk with CUCM

Hi Team,Greetings !! This is Srinivasa, Could you please provide Splunk with Unified Applications (CUCM) On-prem , ...

by Observer in

Delay during log ingestion from Azure

Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on...

by New Member in

OpenText NetIQ Logs onboarding via syslog

Hi All, Anyone who has worked with OpenText NetIQ Logs before? We are receiving the NetIQ logs via syslog, but th...

by Explorer in

Target data from specific Active Directory OU's

Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything els...

by New Member in

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f...

by Explorer in

Why to use syslog or tcp output?

Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c...

by Contributor in

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll...

by Engager in

Microsoft-AzureADPasswordProtection-DCAgent

I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ...

by Loves-to-Learn Lots in

ingest_eval lookup not working

I have the following transforms.conf file: [pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapp...

by Explorer in

Ingest time lookup to add fields does not work

I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1. I came acr...

by Explorer in

ingest_eval works on AIO instance but different results when applied at the HF tier

I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and...

by Path Finder in

Moving cribl events to their own index

Brand new to splunk, inherited a slightly configured system. I want to move certain cribl events to an index called...

by Engager in

forward logs from HF to third-party using syslog

i have used this approach to forward logs from specific index to third-party system in my case Qradar so i need...

by Explorer in

fully reindexing a file every time the datestamp changes

I've a few different automated pulls of data into directories of files I want splunk to index. These files get comple...

by Contributor in

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

Hi all, I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP proto...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Answers Content Calendar May 2025 🎉

Ask Questions, Get Help about Data Manager for Splunk Cloud

UF not in CMC

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

SourceTypes being changed by GUI

Loosing logs for a specific host in several hours.

ESXi and vSphere logs

Ingest-time lookup

Does props.conf support wildcards?

Splunk Server logs to 3rd party using an Indexer

Can I send windows security logs using UF over HTTP to Logstash ?

Splunk with CUCM

Delay during log ingestion from Azure

OpenText NetIQ Logs onboarding via syslog

Target data from specific Active Directory OU's

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

Why to use syslog or tcp output?

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Microsoft-AzureADPasswordProtection-DCAgent

ingest_eval lookup not working

Ingest time lookup to add fields does not work

ingest_eval works on AIO instance but different results when applied at the HF tier

Moving cribl events to their own index

forward logs from HF to third-party using syslog

fully reindexing a file every time the datestamp changes

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

ESXi and vSphere logs

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions