Getting Data In

Thread Info

How to put together a listing of hosts, forwarder version and Index the hosts belong to in a search?

So far I can get the hosts and forwarder version, but I am unable to get the index the forwarders belong to: index...

by Communicator in

How to I index a payload that has leading and trailing quotes, and is delimited with pipe character?

Hello, I have log events that follow this structure: "2023-01-10 09:54:18.566 | ERROR | 1 | GroupManagement| Exce...

by Motivator in

Splunk logs : After randomization, why current is first in the list swapping with last item?

Splunkd logs - in universal forwarder I notice, INFO AutoLoadBalancedConnectionStrategy [XXXXX TcpOu...

by Contributor in

Brand new Deployment client will not connect. 401 errors in splunkd_access logs on DS

I'm having trouble getting a new deployment client to connect to the DS. I can see connectivity is established, but t...

by Communicator in

Is there a way to tell what is populating a LOOKUP csv file?

I inherited a Splunk environment I was informed the other day that a computers.csv lookup is not generating any resul...

by Contributor in

How to ingest archived event logs?

Hi there, So we have one of our event logs set to archive. But there were some files that are already there bef...

by Explorer in

Help with monitor input blacklist

Hi Community! I'm hoping someone can set my head straight. I have two app inputs. One that I push to all *NIX se...

by Path Finder in

Why is Splunk Triggering Windows Event 6417?

Greetings, I'm running Splunk Enterprise on a Windows Server (requirement driven). The Windows Server & Splunk hav...

by New Member in

What are the Best Practices regarding managing queues size?

Hallo About this post,https://community.splunk.com/t5/Building-for-the-Splunk-Platform/Impact-of-increasing-the-...

by Builder in

Filtering Windows 4662 logs in Windows - Not working?

Hello all, I am trying to filter out those noisy 4662 logs eating our license like anything as recommended in Splu...

by Observer in

Why is the Duo Splunk Connector indexing very few events and throwing some python errors?

Hey folks, I just installed the Duo Splunk Connector (v1.1.7) on a heavy forwarder running Splunk Enterprise v7...

by Explorer in

How to check for artifacts found during playbook execution?

Hi, I am working on a playbook which will check for any new artifact that has been added during the playbook execut...

by Loves-to-Learn in

Mac OS X Sierra - How to get all logs from the Unified Log database?

Couldn't find a similar question to this one. How are people retrieving logs from Mac OS X Sierra that are in the Uni...

by Engager in

Is there an API to add new server to a serverclass without specifying a whitelist number?

I want to know if there's an API to add a new server (app05) to serverClass:Legacy_App and it will auto generate the ...

by New Member in

Fix timezone Issue - logs showing up in UTC time but generated in a different time

Background:I am sending data to Splunk Cloud through an Intermediate Forwarder, which is a universal forwarder from m...

by Explorer in

Why is there Timing (parsing) Issue on Splunk Cloud?

There are five different hosts on our fleet on two different timezones with four sourcetypes on each. The problem is...

by Explorer in

Why are IIS logs not reliably getting in?

I am sending IIS logs to SplunkCloud. My inputs.conf looks like this: [monitor://C:\inetpub\logs\LogFiles\W3...

by Explorer in

How to write rex to extract multiple Ips?

I am trying to extract Ips from the field called Text, where this field contains Ips & some string values , this fie...

by Engager in

How to parse array to get only required attribute?

Hello, I have an array of timeline event. Timeline: [ [-] { [-] deltaToStart: 788 startTi...

by Engager in

Is it possible to use Paessler PRTG Modular input with indexer cluster?

Hi, I have a question if there is a possibility to use the APP Paessler PRTG Modular Input in a distributed indexe...

by Explorer in

How to pull in logs from User's Appdata

Hi there, I am trying to ingest data which is stored within the profile of a user's AddData location: C:\User...

by Communicator in

Splunk Enterprise logs monitoring: How do you create those alerts and assigned them to someone to be follow up on?

I am wondering if anyone has this issue or use case. We are trying to see if we can have a system that would alert us...

by Explorer in

Is it possible to remove unnecessary JSON wrapping before it's ingested to save license?

Hey there, we have a large volume (about 500-600gb) of data coming in daily but about 200gb of this is a JSON wrapper...

by Communicator in

How to edit Splunk Cloud DATETIME_CONFIG=CURRENT?

I have a json source with input via a Splunk Add-on for AWS input. Sometimes there's a timestamp-like field, sometime...

by Explorer in

Log4j2-TF-7-AsyncLoggerConfig-4 ERROR Unable to send HTTP in appender [Splunk] Connection timed out: connect

Hello Support I am trying to configure my mule application with the below configuration in LOG4J2. I am getting the...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to put together a listing of hosts, forwarder version and Index the hosts belong to in a search?

How to I index a payload that has leading and trailing quotes, and is delimited with pipe character?

Splunk logs : After randomization, why current is first in the list swapping with last item?

Brand new Deployment client will not connect. 401 errors in splunkd_access logs on DS

Is there a way to tell what is populating a LOOKUP csv file?

How to ingest archived event logs?

Help with monitor input blacklist

Why is Splunk Triggering Windows Event 6417?

What are the Best Practices regarding managing queues size?

Filtering Windows 4662 logs in Windows - Not working?

Why is the Duo Splunk Connector indexing very few events and throwing some python errors?

How to check for artifacts found during playbook execution?

Mac OS X Sierra - How to get all logs from the Unified Log database?

Is there an API to add new server to a serverclass without specifying a whitelist number?

Fix timezone Issue - logs showing up in UTC time but generated in a different time

Why is there Timing (parsing) Issue on Splunk Cloud?

Why are IIS logs not reliably getting in?

How to write rex to extract multiple Ips?

How to parse array to get only required attribute?

Is it possible to use Paessler PRTG Modular input with indexer cluster?

How to pull in logs from User's Appdata

Splunk Enterprise logs monitoring: How do you create those alerts and assigned them to someone to be follow up on?

Is it possible to remove unnecessary JSON wrapping before it's ingested to save license?

How to edit Splunk Cloud DATETIME_CONFIG=CURRENT?

Log4j2-TF-7-AsyncLoggerConfig-4 ERROR Unable to send HTTP in appender [Splunk] Connection timed out: connect

Community Content Calendar, August edition

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Power Platform audit logs

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions