Getting Data In

Thread Info

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Unable to remove prefix by SEDCMD in sourcetype but able to run in search

I am trying to remove everything before the { character to preserve the JSON format. I am using SEDCMD-keepjs...

by Explorer in

Extracting a value from MQTT string before parsing to JSON

I have an requirement to extract a value from an mqtt string before i parse it to json.Initially i was using MQTT Mod...

by Engager in

Can Windows UF send some EventCodes as XML and all othesr as Classic?

Short question: can I configure my window UF inputs.conf to collect Security Event logs as renderXML=false , unless i...

by Engager in

Solaris UFs have different build hash than others

This just makes things confusing - why do the RPM and DEB versions (both x86 and ARM) and Windows of v9.3.3 have buil...

by Path Finder in

Why does linebreaking regex have no capturing groups?

Hi Need help to fix the below error My Props : Sample events:

by Path Finder in

How do I set timezone properly in props.conf?

Our data source is generating syslog data using UTC. Time in the syslog header is formatted as Oct 22 15:51:14. We ma...

by New Member in

Running rsyslog and Splunk Enterprise on the same machine

Hi, I have a small lab (air gapped) with about 2 Linux servers not including the Splunk server and 25 Windows machin...

by Path Finder in

How to run a scripted input on only one of several heavy forwarders?

We have a Splunk app that includes multiple scripted inputs.The app is deployed to 15 heavy forwarders, but we want o...

by Motivator in

_time is being set to mtime instead of parsed event time

I have the following source log files:[root@lts-reporting ~]# head /nfs/LTS/splunk/lts12_summary.log2014-07-01T00:00:...

by Engager in

Please help me out to understand the below configs

We have one index os_linux which has 2 source type and i see props and transform is written .can you help me to under...

by Engager in

Missing per_*_thruput metrics on 9.3.x Universal forwarders.

Apply following workaround in default-mode.confAdditionally you can also push this change via DS push across thousand...

by Splunk Employee in

How to Splunk the SAP Security Audit Log

The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the conten...

by Contributor in

Unable to get logs in splunk from mulesoft

Hi, I have created a new token and index in splunk for my mulesoft project. These are the configurations I have don...

by Observer in

cant search data in indexer

i installed splunk in distributed management environment. furthermore, my indexer server got reboot and i can't query...

by Loves-to-Learn Everything in

Akamai add-on logs are not populating.

We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ...

by Communicator in

Unable to send events through log4j in Spark to Splunk

We want to use splunk-library-javalogging to send logs via Log4j to Splunk Service Environment: Spark with log4...

by Observer in

Problem with DC windows Secure logs sending

Hello team! We have a problem with sending data from several Domain Controllers to our splunk instance. We are coll...

by Loves-to-Learn Lots in

How to determine if data sent to HEC came in on Event or Raw endpoint

Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really...

by Communicator in

1 hour from indexing to Splunk-Web

Hello, Some of the forwarder installations are behaving strangely.They take an hour for the data to be indexed and ...

by Path Finder in

add customerID to incoming data (event & metric)

Hello, We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID. I've...

by Explorer in

CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel.

Hi All, Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share y...

by Contributor in

Palo alto Strata logging service logs

Hi, I have onboarded palo-alto ...

by New Member in

Redirecting specific logs using a regex

Hi splunk community, I have a question on logs cloning/redirection Purpose : Extract logs containing "network-gue...

by Path Finder in

Why is linecount 2 when it's clearly 1?

For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case?

by Motivator in

Filter/modify data prior to ingestion?

Not sure this is even possible, but I'll ask anyway... I have application(s) that are sending JSON data into Splunk...

by Loves-to-Learn Lots in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Ask Questions, Get Help about Data Manager for Splunk Cloud

Unable to remove prefix by SEDCMD in sourcetype but able to run in search

Extracting a value from MQTT string before parsing to JSON

Can Windows UF send some EventCodes as XML and all othesr as Classic?

Solaris UFs have different build hash than others

Why does linebreaking regex have no capturing groups?

How do I set timezone properly in props.conf?

Running rsyslog and Splunk Enterprise on the same machine

How to run a scripted input on only one of several heavy forwarders?

_time is being set to mtime instead of parsed event time

Please help me out to understand the below configs

Missing per_*_thruput metrics on 9.3.x Universal forwarders.

How to Splunk the SAP Security Audit Log

Unable to get logs in splunk from mulesoft

cant search data in indexer

Akamai add-on logs are not populating.

Unable to send events through log4j in Spark to Splunk

Problem with DC windows Secure logs sending

How to determine if data sent to HEC came in on Event or Raw endpoint

1 hour from indexing to Splunk-Web

add customerID to incoming data (event & metric)

CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel.

Palo alto Strata logging service logs

Redirecting specific logs using a regex

Why is linecount 2 when it's clearly 1?

Filter/modify data prior to ingestion?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...