Getting Data In

Community Activity

How to Identify which HF is sending logs/metrics Hi,I have incoming data from 2 Heavy Forwarders.Both of forward HEC data and the internal logs, how do I identify whi... by _pravin Contributor in Getting Data In 13 hours ago 0 13	0	13
What's the best way to handle multiple different time formats in the same source? Hello Splunk Community,My team is currently processing logs from a single source that can contain events with differe... by spl_aficionado Observer in Getting Data In 20 hours ago 0 6	0	6
Splunk and TheHive integration Hey!My team is interested in integration of Splunk (especially ES) and TheHive Project products.The goal is to provid... by bil151515 Engager in Getting Data In yesterday 1 3	1	3
Struggling with setting up SC4S in an air-gapped environment – looking for the best deployment approach Hi,I’m trying to use Splunk as a log aggregation solution, and eventually as a SIEM. I have three industrial plants ... by kn450 Explorer in Getting Data In Monday 0 1	0	1
HF licensing when License Manager is not reachable due to network restrictions We have a distributed on-prem Splunk environment with strict network segmentation between sites.Scenario:Site B:Sourc... by ibrahim1 Explorer in Getting Data In Monday 0 11	0	11
Timestamp configuration in props for epoch time Dear All,I am getting data from the Search head in json format. The first field of the event is timestamp and it is i... by Tamilraj28 Engager in Getting Data In Sunday 0 1	0	1
How to use Lambda to push logs to Splunk Cloud I'm trying to onboard data from AWS to Splunk Cloud and planning to use Lambda But we have numerous options within La... by richah Explorer in Getting Data In Sunday 0 1	0	1
Field Extractions in Splunk GovCloud I'm in the process of setting up a new Splunk GovCloud instance, and I'm having no luck getting field extractions to ... by bpenny Explorer in Getting Data In Friday 0 5	0	5
Why do we have major indexing delays for some sourcetypes of Google Workspace? Looking at our Google Workspace data flow, and we experience consistent 4 to 5 hour indexing delays with most of the ... by danielbb Motivator in Getting Data In Friday 0 3	0	3
Dashboard Hey all, I am running into an issue on one of my dashboards. The issue in questions states "could not load lookup= LO... by 808antwon New Member in Getting Data In Thursday 0 1	0	1
Integration of MS Exchange server with splunk Dear All, I need your assistance in fetching Microsoft Exchange Server logs using the Splunk Universal Forwarder. I c... by I_B New Member in Getting Data In Thursday 0 3	0	3
Splunk Enteprise Delayed searches Hello Team,I wanna ask something that I really cannot figure out by myself , I have a splunk entreprise Installed on ... by fedayn05 Explorer in Getting Data In a week ago 0 8	0	8
[HEC] Endpoint : TCP reset session all time Hello Everyone, I need your help about a problem with Splunk HEC. I use the endpoint "event" to send logs into multip... by shinigami35 Explorer in Getting Data In a week ago 0 16	0	16
Splunk does not detect new files on CIFS-mounted directory until restart EnvironmentSplunk Enterprise (single-instance: indexing + monitoring on same host)OS: LinuxLog directory mounted via ... by koyachi Explorer in Getting Data In a week ago 0 1	0	1
How can I stream Google Workspace Vault logs into Splunk? I want to add vault logs to my inputs.conf for the Google Workspace TA. I added the following stanza[activity_report:... by danielbb Motivator in Getting Data In a week ago 0 3	0	3
Splunk Add-On for Windows - Incorrect TaskCategory I am running into an issue where the TaskCategory field extracted by the Splunk Add-On for Windows does not match the... by nixhydra Explorer in Getting Data In a week ago 0 11	0	11
Best architecture for collecting logs from a third-party app hosted on AWS via API calls (Splunk Enterprise On-Prem) Hello Splunk community,I’m working with Splunk Enterprise On-Prem and have three Heavy Forwarders (HFs) in my enviro... by Nicolas2203 Path Finder in Getting Data In 2 weeks ago 0 2	0	2
Why Splunk HF sends all its inthernal logs to Syslog reciever Hello Team , I want to send splunk HF windows security logs to a syslog server . I have syslog-ng installed there whi... by vikasg Loves-to-Learn Lots in Getting Data In 2 weeks ago 0 4	0	4
CyberArk Audit for Splunk Is there any documentation on creating an input for this app? (https://splunkbase.splunk.com/app/6608)I installed the... by vh Explorer in Getting Data In 2 weeks ago 0 7	0	7
Why does /var/log/messages get flooded by one host? We configured rsyslog to route data from a certain host to the file system of the server, and what we see is that lot... by spl_aficionado Observer in Getting Data In 2 weeks ago 0 6	0	6
Clarity on metrics license usage and how the data is stored in the disk HiI am trying to understand how the metrics events are being tracked and how the disk space is utilised in Splunk.I a... by _pravin Contributor in Getting Data In 2 weeks ago 0 0	0	0
Access to Data Management Experience / Edge Processors Hello,I'm trying to access the Data Management Experience and specifically Edge Processors. Our company has Splunk En... by mmendez-opentec Explorer in Getting Data In 2 weeks ago 0 1	0	1
Error while Addding an Edge Processor Hi,I am test using Edge Processor (Data Management).I have just enable Edge Processors from Data Management App on Sp... by karn Path Finder in Getting Data In 2 weeks ago 0 2	0	2
Extract json fields I have multiple fields under the interesting fields section named field1, field2, field3, and so on. Each of these fi... by falcon Observer in Getting Data In 3 weeks ago 0 4	0	4
o365 add-on upgrade Hello,I need to upgrade the o365 add-On to the latest version on both the search head and the heavy forwarder, can so... by maheshnc Path Finder in Getting Data In 3 weeks ago 0 5	0	5