Getting Data In

Community Activity

How to configure different sourcetypes for udp port 514 ? Hello, I have configured two network devices (cisco router and fortigate firewall) to send logs to Splunk server via... by aeshan Engager in Getting Data In 04-04-2023 1 12	1	12
Why isn't my Transforms.conf working as expected? I have below configurations in transforms and props config files to fetch only events containing keyword 'splunking' ... by DarshanBK Explorer in Getting Data In 04-04-2023 0 3	0	3
How to map my query with inputlookup values? I am running script to get ping status of the servers and i onboarded the logs and extract filed as Servers.Now in my... by karthi2809 Builder in Getting Data In 04-03-2023 0 2	0	2
Help needed with Props.conf Hello,Can some one please help me with props.conf for the below log?Timestamp Process TID Area Category EventID Level... by Roy_9 Motivator in Getting Data In 04-03-2023 0 15	0	15
Issue filtering events with regex and props.conf Hello, I am trying to figure out how to edit props.conf so that it splits my events properly. The events are added to... by xwill13 Engager in Getting Data In 04-03-2023 0 2	0	2
SEDCMD trouble- How to delete vfwew from field account? Hello everyone! I'm trying to make props file which will trim all not cyrillic symbols from field "account" My log ex... by bosseres Contributor in Getting Data In 04-02-2023 0 2	0	2
Looking for alternatives to outputcsv in a Cloud deployment Hi,Can someone recommend a way to save the results of a Splunk search locally or to shared drive? We`re using a hybri... by tomapatan Contributor in Getting Data In 04-01-2023 0 2	0	2
Need help with AD Hi.I want to try Splunk on windows server 2019, i have windows server and a client, what to do to make splunk read wh... by Splunk-tester Observer in Getting Data In 03-31-2023 0 2	0	2
serverclass whitelist.from_pathname auto-reload- Is there a better way? I setup half a dozen serverclasses leveraging CMDB sourced .csv and whitelist.from_pathnameThis works great to managi... by splunk_zen Builder in Getting Data In 03-31-2023 0 2	0	2
How to change from XML format to "Normal" format? Hi there, Before installing the Windows TA addon to a server , Windows Event Logs were shown in a different format, t... by jamie1 Communicator in Getting Data In 03-31-2023 0 5	0	5
html event line_break configuration? <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="Generator" content="Micro... by karu0711 Communicator in Getting Data In 03-31-2023 0 1	0	1
Ingesting Windows Service Status Data? Hi There, I am new to Splunk and am currently trying to get Windows Services data into Splunk. I am using Splunk Clou... by jamie1 Communicator in Getting Data In 03-31-2023 0 2	0	2
Why won't my regex mask my data? Hi,i have a challenge masking out password data from the ps-source/sourcetype events at indexing time. We have made ... by wsveum Explorer in Getting Data In 03-31-2023 0 5	0	5
How to show json data from different places in a table? Hi, i have below json data in splunk logs at different places(different rows). All are belongs to the unique id : 123... by Jasmine Path Finder in Getting Data In 03-31-2023 0 17	0	17
Solution : basic starter queries for Splunk admin Hello, sharing my experience for beginners, especially new Splunk customers  Connected UF / forwarders : index... by splunkreal Motivator in Getting Data In 03-31-2023 1 1	1	1
Microsoft IIS add-on - no logs being ingested? I have a Splunk Standalone instance running at v8.2.10 I have recently installed the Microsoft Add-on for Microsoft I... by mike_k Path Finder in Getting Data In 03-30-2023 0 7	0	7
How to create a new field while ingesting data using ingest-time eval? Hi Splunkers, I wanted to create a new field name called "app_id" and send it along data while ingesting into Splunk... by mala_splunk_91 Explorer in Getting Data In 03-30-2023 0 1	0	1
Why am I unable to store more than 50,000 results in lookup table? See title, I'm using a scheduled query to prune a set of results from a lookup table, this lookup table has over 2m r... by Mr_person Explorer in Getting Data In 03-30-2023 0 2	0	2
What is the recommended way to whitelist hosts to apply specific transforms? We have a transform to apply which sends events to nullQueue under certain conditions. We would like to initially wh... by smahoney Path Finder in Getting Data In 03-30-2023 0 2	0	2
Any advice on how to ingest and monitor appian application logs? Hi, We got a requirement to ingest and monitor the appian application logs from cloud into Splunk. Has anyone worked ... by Dayalss Engager in Getting Data In 03-30-2023 0 1	0	1
Event gen: timestamp for epoch time? I would like to ask a doubt: for the following time format, we can use the following timestamp, just for an example... by Nith Explorer in Getting Data In 03-30-2023 0 9	0	9
Required suggestion for data deletion and Update on splunk index? Can you please suggest the following? We are looking to delete/update particular indexed data from the splunk progr... by ASorathiya1986 Loves-to-Learn Everything in Getting Data In 03-30-2023 0 1	0	1
Where to find the raw logs coming from my Universal Forwarder to the Heavy Forwarder? Hello Community, Now that I have managed to map up the logs from my UF forwarding logs to the HF and then seeing it a... by DanAlexander Communicator in Getting Data In 03-30-2023 0 7	0	7
TargetUserName - Win7 Security Event Log I am struggling to find a text string - "TargetUserName" using SPLUNK. I have drilled down to the actual event log in... by gingerd New Member in Getting Data In 03-30-2023 0 4	0	4
How can I control or force the hostname to be a specific value via inputs.conf? How can I control or force the hostname to be a specific value via inputs.conf?Inputs.conf stanza[monitor:///var/log/... by AK_Splunk Explorer in Getting Data In 03-30-2023 0 1	0	1