Getting Data In

Discussions

Thread Info

Postgres Logs (linux UF) are not coming to correct index after using crcSalt=<SOURCE>

Currently, I have postgres system hosted on linux redhat. I have Uinersal Forwarder installed on this postgre system....

by Loves-to-Learn Lots in

Can the Splunk Add-on for Juniper extract SRX logs?

Hi, I'm bring SRX data into Splunk but the fields aren't getting extracted by the Juniper Add-On. Can the Juniper A...

by Explorer in

How to resolve: ServiceNow TA Error "Failed to load current state for selected entity in form!"

Loading the Configuration page from the Splunk_TA_snow ServiceNow TA yields the following error: Something we...

by Motivator in

Why is TIME_FORMAT not working?

Hello Friends, In a sourcetype , data are coming in from multiple hosts and host are residing in diff-2 time zones...

by Loves-to-Learn Lots in

How to write new requirements for refining Splunk logs?

Hi team,We are using the Splunk tool at the enterprise levelI have received a requirement to refine and create the l...

by Explorer in

timestamp in _raw contains p.m. -How to configure props.conf to correctly interpret this format?

the output in splunk console:3/3/232:05:41.000 AM03/03/2023 02:05:41 p.m. 14664 5046661 Note that the splunk _time...

by Explorer in

How to add API name in splunk logs

Hi team, I am very new to Splunk usage, just started using it recently. we are consuming around 60+ integration A...

by Explorer in

Why is my sourcetype auto classified as too_small?

When I load certain sets of data and don't specify a sourcetype, why is it always labeled as "sourcetype=too_small"?

by Splunk Employee in

Why is winEvent: DNS Server not getting across to Splunk Indexer for TA_Windows?

Currently, I am trying to extract the DNS logs from TA_Windows where inputs.conf file has [WinEventLog: //DNS Server)...

by Loves-to-Learn Lots in

How to count events for specific time period now and 7 days earlier?

Hi, I am preparing dashboard panel where I want to show number of events for specific period (chosen by user) and...

by Path Finder in

Importing HCL BigFix data from Insights, how to verify?

We are using HCL BigFix and HCL Insights as a data warehouse. There have been times when the import of data from HCL...

by Path Finder in

What is the best way to go about Splunk Server Migration?

Hello Members, Here at the company, we are going to carry out the total migration of Splunk Enterprise, which is c...

by New Member in

Cisco estreamer encore addon upgrade issue- Logs are no longer being received

I recently upgraded the estreamer addon from version 3.0.0 to the 5.1.0 on our Splunk Heavy Forwarder. Since there we...

by Contributor in

How would I find License usage by Field?

How would I find license usage by field? For example; I want to know which field values within a specific sourcety...

by Loves-to-Learn in

How would I go about getting Cisco FTD into Splunk Cloud?

Hi, How would I go about getting cisco FTD logs into Splunk Cloud? Would I need to install a forwarder on the...

by Explorer in

Removing unsent messages of Splunk universal forwarder

Hi, I have a simple setup of a Splunk universal forwarder on a windows server forwarding data to a single Linux serve...

by Explorer in

LINE_BREAKER=([\r\n]+) not working?

Hi, I have a test instance of splunk - fresh out of the box. Only configure the essentials and imported a dump from...

by Path Finder in

Splunk db connect- is there an automated update?

SQL query changes frequently every time I need to update manually in 20 db inputs is there an alternative

by New Member in

How do I use the line breaker parameter in props.conf?

Can someone tell me how to use the line breaker parameter fo the below events which is currently getting clustered to...

by Path Finder in

Why is mail not getting triggered from Splunk System?

Hi Team Facing issue in the Mail Trigger . SMTP Connections are valid but mail is not triggere...

by New Member in

Can I monitor a log from Aug 2022 if I installed a UF in Feb 2023?

Hi All I have one query with regards to Log Monitoring Let's say I want to monitor abc.log and the last Updated...

by Path Finder in

Splunk incorrect default line breaking- What am I doing wrong?

Hello, I have a sourcetype that have a default LINE_BREAKING and SHOULD_LINEMERGE=false, like so: Per my u...

by Communicator in

Best approach to move data to a different index?

Using Splunk 6.3.1, 1 search head, 4 indexers, 1 UF. I have ALOT of data that got put into the wrong index. We ha...

by Contributor in

Mismatched whitelist on syslog inputs- Is there a hierarchy in which monitor stanzas are loaded?

Hello, I have something strange going on. I need to monitor logs from three different systems. thus far I have o...

by Path Finder in

How to re-ingest data under a different sourcetype?

Recently, I ingested data from a windows event log going back 3 years using the XmlWinEventLog sourcetype. Later, I s...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Postgres Logs (linux UF) are not coming to correct index after using crcSalt=<SOURCE>

Can the Splunk Add-on for Juniper extract SRX logs?

How to resolve: ServiceNow TA Error "Failed to load current state for selected entity in form!"

Why is TIME_FORMAT not working?

How to write new requirements for refining Splunk logs?

timestamp in _raw contains p.m. -How to configure props.conf to correctly interpret this format?

How to add API name in splunk logs

Why is my sourcetype auto classified as too_small?

Why is winEvent: DNS Server not getting across to Splunk Indexer for TA_Windows?

How to count events for specific time period now and 7 days earlier?

Importing HCL BigFix data from Insights, how to verify?

What is the best way to go about Splunk Server Migration?

Cisco estreamer encore addon upgrade issue- Logs are no longer being received

How would I find License usage by Field?

How would I go about getting Cisco FTD into Splunk Cloud?

Removing unsent messages of Splunk universal forwarder

LINE_BREAKER=([\r\n]+) not working?

Splunk db connect- is there an automated update?

How do I use the line breaker parameter in props.conf?

Why is mail not getting triggered from Splunk System?

Can I monitor a log from Aug 2022 if I installed a UF in Feb 2023?

Splunk incorrect default line breaking- What am I doing wrong?

Best approach to move data to a different index?

Mismatched whitelist on syslog inputs- Is there a hierarchy in which monitor stanzas are loaded?

How to re-ingest data under a different sourcetype?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!