Getting Data In

Community Activity

Why does universal forwarder stops sending data and just sends data once restart is done? Hello community, I have an issue with one forwarder, was working and suddenly stopped sending data to the Indexers. T... by glpadilla_sol Path Finder in Getting Data In 03-29-2023 0 1	0	1
What is the procedure in 2023 to get license expiry info via search? Hello!My objective is to put the license expiry on a dashboard. I read some older posts that state I can call a REST... by andrewtrobec Motivator in Getting Data In 03-29-2023 0 8	0	8
Splunk blacklist regex using inputs.conf of universal forwarder? Needs to blacklist certain syslogs messages from the forwarder level. We have raw syslogs as below:2023-03-27T00:00:0... by bapun18 Communicator in Getting Data In 03-28-2023 0 3	0	3
How often do scripted inputs execute? How often do scripted inputs execute? I want to implement some of these for exchange, but concerned that they will c... by mburgess97 Path Finder in Getting Data In 03-28-2023 0 1	0	1
How to create a field from values with the source field? I've created fields from regex expressions before but never from the source field. This is an example of the value wi... by vishalduttauk Communicator in Getting Data In 03-28-2023 0 2	0	2
Need help with regex for inputs.conf Need help with regex for inputs.conf to change the host as hostname and incase host has FQDN it should pick up till h... by AK_Splunk Explorer in Getting Data In 03-28-2023 0 6	0	6
Forwarder to Indexer secure communication using self signed certs? Hi, I am trying to get secure comms between a Forwarder and Indexer up and running using self signed certs but depite... by newportknight Loves-to-Learn in Getting Data In 03-28-2023 0 1	0	1
Why am I having trouble with TLS? Hi everyone. I have followed the documentation for setting up TLS for inter-Splunk communication with self-signed cer... by NJ Path Finder in Getting Data In 03-28-2023 0 26	0	26
Splunk Add-On for Salesforce delayed 1-2 hours? My org has had a problem for awhile now where our Splunk logs pulled from SF are delayed between 1-2 hours. We are us... by adelamora Observer in Getting Data In 03-28-2023 0 1	0	1
Is it possible to preserve sourcetype, host, and source when using the collect command? We have an index with access logs from multiple hosts and systems with different sourcetypes. When I trying to add in... by gots Path Finder in Getting Data In 03-28-2023 1 5	1	5
How to resolve Splunk CIM errors and issues? I am in a environment and I am able to get data in from a general perspective. We have a index clustered and search h... by domino30 Path Finder in Getting Data In 03-27-2023 0 4	0	4
Where are Search head deployment and deployer located? We have a Search Head clustered and Indexer Clustered env. we have a deployers which is not a SH or and Indexer just ... by domino30 Path Finder in Getting Data In 03-27-2023 0 1	0	1
Having difficulties with a date/time conversion? I have been trying to create this sourcetype and am not sure I'm capturing it correctly. Sample date: [2023-... by NanSplk01 Communicator in Getting Data In 03-27-2023 0 1	0	1
Why are AWX and HEC not working? Hello, Newish to splunk here. We have an AWX instance (free Tower) and we are trying to send the logs to splunk using... by aaron_francis New Member in Getting Data In 03-27-2023 0 0	0	0
Is there a way to Rename ES Correlation search? Hi Team. I'm looking for a way to rename a correlation search that has been created with the wrong format. The CS is ... by VK18 Explorer in Getting Data In 03-27-2023 0 4	0	4
Why are source/host/sourcetype fields dropping through HEC? I'm posting a json struct such as { "index": "test_metrics", "time": 1679920906.0, "event": "metric", ... by Mels Engager in Getting Data In 03-27-2023 1 0	1	0
Execute script on forwarder with privileges Hello, teamI've made script, which uses the sudo command. I've deployed it on my forwarders, and I get the error:mess... by JohnDuatres Explorer in Getting Data In 03-27-2023 0 5	0	5
Help with creating a regex that splits API data into better format than 1 big event? Hi all, I am getting data in via an API (using the add on builder) but having creating a regex which splits it into ... by vishalduttauk Communicator in Getting Data In 03-27-2023 0 2	0	2
How to extract required data from the HEC _raw event and truncate the remaining information before indexing Hi,My single event length is too long so I want to extract and ingest the specific part from it. The part is in the m... by Charlize Engager in Getting Data In 03-27-2023 0 1	0	1
Splunk Standalone Search Head Default TZ Settings We want to set default TZ as SGT for a particular Search Head and that SH is in EDT TZ. We have already applied TZ se... by JGP Explorer in Getting Data In 03-27-2023 0 13	0	13
How do I get Windows server cipher data into Splunk? I am looking for a Splunk query that will pull the enabled and disabled ciphers from windows servers in my environmen... by andrewwhitlock New Member in Getting Data In 03-24-2023 0 0	0	0
Is it possible for a field alias for all sourcetypes to exclude a specific one? Hi folks, I have a field alias for my all sourcetypes [default] FIELDALIAS-cliente = index AS client b... by aasabatini Motivator in Getting Data In 03-24-2023 0 9	0	9
Analyzing Splunk Internal Logs- What is Tailing Processor and Watch file? Hi Everyone, I recently observed the splunk internal logs and found that there is a field component and found two v... by umesh Path Finder in Getting Data In 03-24-2023 0 1	0	1
Can't uninstall Splunk 9.x on Windows 2022 Hi, I took over a Splunk Cluster with Splunk on c:\program files\splunk which produces plenty of problems due to long... by bitnapper Path Finder in Getting Data In 03-24-2023 0 3	0	3
What PCRE regex can we use in our transforms.conf? Hi We need to ingest only those events which starts with any of the below strings ; (please note its starts with n... by roopeshetty Path Finder in Getting Data In 03-24-2023 0 1	0	1