Getting Data In

Community Activity

How to improve indexing thruput if replication queue is full? Here are the configs for on-prem customers willing to apply and avoid adding more hardware cost.9.4.0 and above most ... by hrawat Splunk Employee in Getting Data In 09-20-2025 0 6	0	6
Regex works but transforms.conf extracts only part of the last field I'm working on a transforms.conf to extract fields from a custom log format. Here's my regex:REGEX = ^\w+\s+\d+\s+\d+... by sigma Path Finder in Getting Data In 09-20-2025 0 3	0	3
Is there away to find the exact hostname from the (SQUASHED) details in Splunk? index=_internal [`set_local_host`] source=license_usage.log type="Usage" \| eval h=if(len(h)=0 OR isnull(h),"(SQUAS... by rickymckenzie10 Explorer in Getting Data In 09-19-2025 0 1	0	1
Props.conf Extractions Not Applied to Saved Search (collect) Output in New Index Hi All, i do create new index but the source data is from savedsearch let say i create savedsearch from index=ABC the... by zksvc Contributor in Getting Data In 09-19-2025 0 6	0	6
How can I clone data from a HF to two different splunk instances? How can I clone data from a HF to two different splunk instances? Doubling defaultgroup in outputs.conf does not work... by lucacaldiero Path Finder in Getting Data In 09-16-2025 0 4	0	4
How to use STOP_PROCESSING_IF in transforms.conf Can anyone give me some examples of using STOP_PROCESSING_IF in transforms.conf? Seems there is no examples exists wi... by vincentwhn Engager in Getting Data In 09-16-2025 0 6	0	6
Sending logs from F5 Big-IP to Splunk How can I configure my F5 BIG-IP to forward logs from a load-balanced server pool to Splunk? by Fares_Hossam Engager in Getting Data In 09-16-2025 0 1	0	1
filtering search results not working as expected I have a not-very-complicated query that returns a table of my roles and associated default search indexes. One role ... by utoddl Explorer in Getting Data In 09-15-2025 0 1	0	1
sc4s app_parsers don't seem to work Hello,We're currently having an issue of SC4S tagging Cisco firepower data as nix:syslog, but I was having this issue... by davidoff96 Path Finder in Getting Data In 09-15-2025 0 2	0	2
I wanna forward all data from a single hf to 2 diffenrent splunk instances Hello,I wanna forward all data from a single HF to two splunk different instances. How can i do that? Thanks #splunk ... by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 10	0	10
Specify all hosts or sources in props How can I specify all host or sources in a stanza of props.conf?Thank you @gcusello by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 3	0	3
Are there any ways to whitelist specific fields from json format logs during data-onboarding? Due to privacy concerns, I would like to modify the _raw content during the data onboarding phase in order to impleme... by vincentwhn Engager in Getting Data In 09-15-2025 0 7	0	7
Cannot get logs from specific source to seperate by line I have a source of logs that I want to ingest into splunk, where each line documents a seperate event. After having s... by Ghostoverflow25 Engager in Getting Data In 09-14-2025 0 1	0	1
How does one use an API to pull Splunk Documentation into a repository? What would it take to use something like REST API to pull down documents from Splunk Documentation website? The searc... by jackbenimble New Member in Getting Data In 09-12-2025 0 1	0	1
Missing per_*_thruput metrics on 9.3.x Universal forwarders. Apply following workaround in default-mode.confAdditionally you can also push this change via DS push across thousand... by hrawat Splunk Employee in Getting Data In 09-12-2025 4 17	4	17
Particular sourcetype not appearing in search CentOS 7.7.1908, Splunk v9.1.0.2I want to get an example event for each sourcetype on each host (excluding one host)... by JyPl4wNYu7GV1uL Explorer in Getting Data In 09-12-2025 0 4	0	4
Tag Definition and Field value pair Hi All,I’m looking for an SPL query that can return the list of Tag Names along with their associated field-value pai... by kumva01 Loves-to-Learn Lots in Getting Data In 09-12-2025 0 2	0	2
Blacklist Question for local proc directory I'm new to Splunk... I'm currently running Splunk on an Ubuntu system. I've noticed that the /proc directory is show... by taskmaster Engager in Getting Data In 09-12-2025 0 4	0	4
a problem in Splunk UBA Installation Hi, I am installing Splunk UBA 5.4.2 on my laptop in a virtual machine (RHEL 8.8) for testing. I followed the install... by Nrsch Explorer in Getting Data In 09-10-2025 0 2	0	2
SC4S routing configuration not working Hello, I am trying to get logs from my opnsense FW to go to an index called prod_opnsense but everything I have tried... by L_Petch Path Finder in Getting Data In 09-10-2025 0 1	0	1
How to handle multiline events from k8s via opentelemetry / HWF Hi - we have been sending data from our K8s cluster to splunk hwf which then forwards to the indexer. It works great... by rk99 Explorer in Getting Data In 09-10-2025 0 3	0	3
Documentation for implementing Semperis DSP We are looking at bringing in Semperis DSP logs to evaluate them. Is there documentation on sending those logs to Spl... by kramer0101 Engager in Getting Data In 09-09-2025 0 2	0	2
Proofpoint On Demand Email Security Add On Audit Logs Ingestion Are we able to ingest into Splunk the config change events such as the attached image, using "Proofpoint On Demand Em... by d_lim Path Finder in Getting Data In 09-09-2025 0 1	0	1
Juniper switch add-on Hi at all,I have to parse Juniper Switch logs that are very similar to Cisco ios.In the Juniper Add-On there isn't an... by gcusello SplunkTrust in Getting Data In 09-09-2025 0 4	0	4
.NET Application Runtime Metrics Not Showing in Splunk APM Dashboard I’m currently instrumenting a .NET application to send telemetry to Splunk Observability Cloud using the Splunk Distr... by sirisha New Member in Getting Data In 09-09-2025 0 0	0	0