Getting Data In

Thread Info

How to change Date format from 12/21/2023 to 2023-21-12?

Hi , I want to change the date format from7/30/2023 12:00:00 AM to 2023-07-30 I am using following command but ...

by Engager in

How do I correctly index github enterprise logs?

All, I am looking GitHub Enterprise logs as captured by my Syslog-ng server on prem. The logs being sent are JSON ...

by Loves-to-Learn Lots in

Best method for pulling Microsoft DNS logs with Splunk?

What is the best method for pulling Windows DNS Logs with Splunk. I am looking at the following methods: Send dir...

by Splunk Employee in

How to route data with props and transforms over multiple HF?

Hi Community, how to route data with props and transforms over multiple HF?Source A to Data Collector > IDX Cluste...

by Engager in

How to filter dataset within a log index to a metrics index?

Hello, I have an existing high volume index and have discovered a chunk of event logs within the index that would ...

by Communicator in

Can I loop through URL and http_referrer to find original request?

Hi everyone, I'd like to see the flow from a given final URL, back to original URL the user typed. In my Web Pr...

by Explorer in

How to plot timechart on elapsed time from json array object?

Hi, I have an application(test.app) which invokes multiple downstream application apis(profile, payments etc)...

by Explorer in

SQS based S3 input is skipping some objects from s3 but deleting the message from sqs?

Hi We have a splunk add-on for aws to pull the logs from s3 bucket. we are using the sqs based s3 inputs created ...

by New Member in

How to monitor DB connect activities?

Hai All, Good day, we are using DB connect addon to pull logs from multiple DB"s and created several inputs ...

by Path Finder in

Resolve error: Splunk_TA_nix awk: record `HARD_DRIVES ssd2262 ...' too long?

Hi Team, Using Splunk_TA_nix addon Version 8.4. While running below three scripts getting below Errors. Customer ...

by Splunk Employee in

Trying to route ECS container logs to Splunk but receiving error and task does not run

Resourceinitializationerror: failed to validate logger args: Options "https://prd-p-88jca.splunkcloud.com:8088/servic...

by Loves-to-Learn in

Why can't I see all data is received in HEC?

Hello dear community Can you please advise me. My team is complaining that not all data comes from the HEC token f...

by Loves-to-Learn Everything in

Splunk Not Receiving Logs From Splunk Forwarder or Syslog-ng what could be the issue with splunk enterprise?

I have Splunk setup and it establishes connection with syslog and splunk universal forwarder from a remote server: ...

by Explorer in

JSON files are not being onboarded intermittently via SQS based S3 input?

Hello All, We have issue wherein JSON files are not coming in intermittently into Splunk from a SQS based S3 input...

by Explorer in

Is it best to ingest logs by parent path or each individual path?

/var/log VS /var/log/messages /var/log/auth.log /var/log/boot.log etc, etc, etc

by Engager in

How to parse NSG Flow Log?

Hi, I'm trying to onboard NSG Flow Logs and while I have managed to break the events into the specific tuples as p...

by Path Finder in

What is the strptime-style %-variable that TIME_FORMAT would use for subseconds?

What is the strptime-style %-variable that TIME_FORMAT would use for subseconds? The docs for props.conf suggest the ...

by SplunkTrust in

Why is inputs.conf meta not respected for Windows Event Logs on a 6.2.3 universal forwarder?

I sometimes use the _meta capability of inputs.conf to add a meta field to the data when it makes sense to do so. For...

by Contributor in

What is the difference between a inputs.conf whitelist and dorp events with Props.conf and Transfroms.conf?

Hi folks, I need a quick clarification, I need to know if I use a whitelist function on inputs.conf I will sa...

by Motivator in

UF status was not connected dashboard

Hi All, we are working on to create a dashboard on UF status connection by using phone home interval in DS using se...

by Path Finder in

Does anyone have an updated Lambda function for handling splunk-logging lambda & Cloudwatch logs?

I have deployed a Lambda function from the "splunk logging" blueprint for collecting VPC Flow logs and Cloudwatch eve...

by New Member in

How to configure hot, warm, and cold buckets?

Hello Splunkers , I have single machine splunk infrastructure. What stanzas I need to provide in indexes.conf for ...

by Communicator in

Splunk DB connect permission problem

Hello everyone, I am trying to configure Splunk DB connect app, and getting next one error in logs: 2023-01-12T14...

by Contributor in

What are best practices when the timestamp is an integer?

Hi experts, have .CSV file that timestamp is quite a simple integer and its incremental like 1,2,3,,,, I ...

by Splunk Employee in

AWS Add-on 6.3 errors with Generic S3 inputs

We recently updated our AWS Add-on to version 6.3, after which all Generic S3 inputs stopped ingesting. Noticed th...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to change Date format from 12/21/2023 to 2023-21-12?

How do I correctly index github enterprise logs?

Best method for pulling Microsoft DNS logs with Splunk?

How to route data with props and transforms over multiple HF?

How to filter dataset within a log index to a metrics index?

Can I loop through URL and http_referrer to find original request?

How to plot timechart on elapsed time from json array object?

SQS based S3 input is skipping some objects from s3 but deleting the message from sqs?

How to monitor DB connect activities?

Resolve error: Splunk_TA_nix awk: record `HARD_DRIVES ssd2262 ...' too long?

Trying to route ECS container logs to Splunk but receiving error and task does not run

Why can't I see all data is received in HEC?

Splunk Not Receiving Logs From Splunk Forwarder or Syslog-ng what could be the issue with splunk enterprise?

JSON files are not being onboarded intermittently via SQS based S3 input?

Is it best to ingest logs by parent path or each individual path?

How to parse NSG Flow Log?

What is the strptime-style %-variable that TIME_FORMAT would use for subseconds?

Why is inputs.conf meta not respected for Windows Event Logs on a 6.2.3 universal forwarder?

What is the difference between a inputs.conf whitelist and dorp events with Props.conf and Transfroms.conf?

UF status was not connected dashboard

Does anyone have an updated Lambda function for handling splunk-logging lambda & Cloudwatch logs?

How to configure hot, warm, and cold buckets?

Splunk DB connect permission problem

What are best practices when the timestamp is an integer?

AWS Add-on 6.3 errors with Generic S3 inputs

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions