Getting Data In

Community Activity

Why am I having trouble with TLS? Hi everyone. I have followed the documentation for setting up TLS for inter-Splunk communication with self-signed cer... by NJ Path Finder in Getting Data In 03-28-2023 0 26	0	26
Splunk Add-On for Salesforce delayed 1-2 hours? My org has had a problem for awhile now where our Splunk logs pulled from SF are delayed between 1-2 hours. We are us... by adelamora Observer in Getting Data In 03-28-2023 0 1	0	1
Is it possible to preserve sourcetype, host, and source when using the collect command? We have an index with access logs from multiple hosts and systems with different sourcetypes. When I trying to add in... by gots Path Finder in Getting Data In 03-28-2023 1 5	1	5
How to resolve Splunk CIM errors and issues? I am in a environment and I am able to get data in from a general perspective. We have a index clustered and search h... by domino30 Path Finder in Getting Data In 03-27-2023 0 4	0	4
Where are Search head deployment and deployer located? We have a Search Head clustered and Indexer Clustered env. we have a deployers which is not a SH or and Indexer just ... by domino30 Path Finder in Getting Data In 03-27-2023 0 1	0	1
Having difficulties with a date/time conversion? I have been trying to create this sourcetype and am not sure I'm capturing it correctly. Sample date: [2023-... by NanSplk01 Communicator in Getting Data In 03-27-2023 0 1	0	1
Why are AWX and HEC not working? Hello, Newish to splunk here. We have an AWX instance (free Tower) and we are trying to send the logs to splunk using... by aaron_francis New Member in Getting Data In 03-27-2023 0 0	0	0
Is there a way to Rename ES Correlation search? Hi Team. I'm looking for a way to rename a correlation search that has been created with the wrong format. The CS is ... by VK18 Explorer in Getting Data In 03-27-2023 0 4	0	4
Why are source/host/sourcetype fields dropping through HEC? I'm posting a json struct such as { "index": "test_metrics", "time": 1679920906.0, "event": "metric", ... by Mels Engager in Getting Data In 03-27-2023 1 0	1	0
Execute script on forwarder with privileges Hello, teamI've made script, which uses the sudo command. I've deployed it on my forwarders, and I get the error:mess... by JohnDuatres Explorer in Getting Data In 03-27-2023 0 5	0	5
Help with creating a regex that splits API data into better format than 1 big event? Hi all, I am getting data in via an API (using the add on builder) but having creating a regex which splits it into ... by vishalduttauk Communicator in Getting Data In 03-27-2023 0 2	0	2
How to extract required data from the HEC _raw event and truncate the remaining information before indexing Hi,My single event length is too long so I want to extract and ingest the specific part from it. The part is in the m... by Charlize Engager in Getting Data In 03-27-2023 0 1	0	1
Splunk Standalone Search Head Default TZ Settings We want to set default TZ as SGT for a particular Search Head and that SH is in EDT TZ. We have already applied TZ se... by JGP Explorer in Getting Data In 03-27-2023 0 13	0	13
How do I get Windows server cipher data into Splunk? I am looking for a Splunk query that will pull the enabled and disabled ciphers from windows servers in my environmen... by andrewwhitlock New Member in Getting Data In 03-24-2023 0 0	0	0
Is it possible for a field alias for all sourcetypes to exclude a specific one? Hi folks, I have a field alias for my all sourcetypes [default] FIELDALIAS-cliente = index AS client b... by aasabatini Motivator in Getting Data In 03-24-2023 0 9	0	9
Analyzing Splunk Internal Logs- What is Tailing Processor and Watch file? Hi Everyone, I recently observed the splunk internal logs and found that there is a field component and found two v... by umesh Path Finder in Getting Data In 03-24-2023 0 1	0	1
Can't uninstall Splunk 9.x on Windows 2022 Hi, I took over a Splunk Cluster with Splunk on c:\program files\splunk which produces plenty of problems due to long... by bitnapper Path Finder in Getting Data In 03-24-2023 0 3	0	3
What PCRE regex can we use in our transforms.conf? Hi We need to ingest only those events which starts with any of the below strings ; (please note its starts with n... by roopeshetty Path Finder in Getting Data In 03-24-2023 0 1	0	1
Ingesting logs from SFTP Server via HF Hello,Can someone guide me on how can I ingest logs from a SFTP server? I have available Heavy Forwarders that sit ou... by tokio13 Path Finder in Getting Data In 03-24-2023 0 3	0	3
How to resolve SSL error with tcp-ssl input? I have a Splunk server which is receiving data on a tcp-ssl port successfully for a particular application (SecureCir... by roberteves Explorer in Getting Data In 03-23-2023 0 2	0	2
Do we have a Splunk script that will tell us the total number of disabled accounts or/and the rate of disablement? Would like to know if there is any query available that will tell us the total number of disabled accounts in Active ... by msusai02 New Member in Getting Data In 03-23-2023 0 1	0	1
Why is there log file data from some linux boxes and some are not sending data? I am getting log file data from some linux boxes and some are not sending data. Unable to find the reason why?Please ... by AK_Splunk Explorer in Getting Data In 03-22-2023 0 4	0	4
How to blacklist a forwarder? I have a 250 forwarders in my environment. I have one server that no one can reach a solution on due to low priority.... by mad4wknds Path Finder in Getting Data In 03-22-2023 0 11	0	11
How to configure the indexer for Linux Logs? I am attempting to audit the usage of commands such as chown or chomod on my linux environment. Through the below qu... by kymenope Explorer in Getting Data In 03-22-2023 0 5	0	5
Why doesn't my Transform sourcetype work? Hi, I'm tring to change the sourcetype of all data of a specific source in props.conf [source::/var/log/messages]TRAN... by manuelmosca New Member in Getting Data In 03-22-2023 0 4	0	4