Getting Data In

Discussions

Thread Info

Blacklisting in [WinEventLog://Security]

Im looking to drop EventID 4673 where the action=failure Here is an example log 3/15/2023 02:51:42 PM LogName...

by Path Finder in

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we s...

by New Member in

Search to get difference of data from current month and previous month?

Hi Legends, I want to know is this type of splunk query possible to create? We want a query which will pull 2 t...

by Explorer in

AWS CloudTrail SQS Based S3 error?

Hi, I tried to configure CloudTrail SQS Based S3 and I got the following message: "Warning: This message does n...

by Loves-to-Learn in

Looking for solutions for Linux/Unix Auditing?

Fairly new Splunk user here looking for Linux auditing solutions. I am running a disconnected version of Splunk Ente...

by Explorer in

High CPU utilization with splunk 9.x ( mainly windows UF)

After upgrade to 9.x, higher cpu utilization.

by Splunk Employee in

Timestamp parsing from filename

Hi I want to write the props for below logs. Actually the logs are coming with no timestamp and the file name hav...

by Path Finder in

Way to exclude ingestion of events for a specific IP address from a SourceType?

When I try use : transforms.conf [setnull] REGEX = 192\.168\.1\.50, 172\.16\.1\.50 DEST_KEY = queue FORMAT =...

by Loves-to-Learn Lots in

What version of Splunk is the Splunk UF Daylight Savings Time bug fixed in?

Good day. I have looked in the community posts and know that there is a daylight savings time bug in some Splunk UF'...

by Loves-to-Learn in

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

Hello, I have a scripted input with a CRON set to 50 5-23 * * * so that it "sleeps" between the hours of midnight a...

by Motivator in

DB Connect replacing trailing Zero's?

Hi Has anyone seen this before, I'm using DB connect to pull data in from a MySQL db, and this is the results show...

by Explorer in

Get Blob Data W/O Key or SAS Token (use service account)?

Hi All,One of our team just asked me about pulling logs in from an Azure blob container. I read his doc about using a...

by New Member in

Qualys TA: WARNING: Failed to parse API Output...XML or text declaration not at start of entity

My Qualys VM detection pull stopped working. I found a new warning log. TA-QualysCloudPlatform ( ...

by Contributor in

Data from a subsearch is repeated in the stats column?

TL;DRWhat is wrong with the SPL at the end? I am trying to list the IIS cs_user_Agent(s) for each test customer.Th...

by Path Finder in

Is there any splunk insertion limitation?

Our customer is running a script that is performing around 80k times of individual data insertion into Splunk. We...

by Explorer in

Drop 9 of 10 Events (Sampling)

Hi @ All Splunkynators how to sample incoming (HEC) data?I want get statistical data /events to save license volume...

by Engager in

break events each 6lines

Hello, I'm having issues with line break for some reason. I'm looking to break an event every 6 lines. Any suggest...

by Explorer in

Splunk Indexing rate in extremely high

Hello, We are using a Splunk enterprise license currently with 24 gb of license space. Our problem is that are inde...

by Explorer in

Dealing with OMG huge events

I've got a few log4j application logs that can get extremely long when my developers decide to dump out message paylo...

by Motivator in

HTTP Event Collector: Is it possible to send multiple events in one API call?

In HTTP Event Collector, is it possible to send multiple events in one API call? I tried setting line break propertie...

by Engager in

How to delete the uploaded log file?

Hi team, I have uploaded the log file in Splunk via the upload option from settings. How to delete the uploaded lo...

by Explorer in

How to log date when report/query adds new values?

I have created a Report with a Query that updates a list of NAMES on CSV file.If the NAMES field have empty strings o...

by Explorer in

Why is one indexed field only giving me a multivalue containing "none" in addition to the field value?

Hello, I am receiving cloud data from AWS via HEC in JSON format but I am having trouble getting the "timestamp" fi...

by Motivator in

Does crcSalt cause monitoring stanzas to only consider one "backup" file name?

Hi All, Having these 2 monitor stanze in one inputs.conf, but able to get data only for latest one monitor...

by Path Finder in

Postgres Logs (linux UF) are not coming to correct index after using crcSalt=<SOURCE>

Currently, I have postgres system hosted on linux redhat. I have Uinersal Forwarder installed on this postgre system....

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Blacklisting in [WinEventLog://Security]

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

Search to get difference of data from current month and previous month?

AWS CloudTrail SQS Based S3 error?

Looking for solutions for Linux/Unix Auditing?

High CPU utilization with splunk 9.x ( mainly windows UF)

Timestamp parsing from filename

Way to exclude ingestion of events for a specific IP address from a SourceType?

What version of Splunk is the Splunk UF Daylight Savings Time bug fixed in?

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

DB Connect replacing trailing Zero's?

Get Blob Data W/O Key or SAS Token (use service account)?

Qualys TA: WARNING: Failed to parse API Output...XML or text declaration not at start of entity

Data from a subsearch is repeated in the stats column?

Is there any splunk insertion limitation?

Drop 9 of 10 Events (Sampling)

break events each 6lines

Splunk Indexing rate in extremely high

Dealing with OMG huge events

HTTP Event Collector: Is it possible to send multiple events in one API call?

How to delete the uploaded log file?

How to log date when report/query adds new values?

Why is one indexed field only giving me a multivalue containing "none" in addition to the field value?

Does crcSalt cause monitoring stanzas to only consider one "backup" file name?

Postgres Logs (linux UF) are not coming to correct index after using crcSalt=<SOURCE>

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions