Getting Data In

Community Activity

Splunk Indexing is Paused Internal Grace Period? Hi All We are Using the Splunk Enterprise version with the Perpetual License Model with Index Capacity of 5 GB . W... by velayudhan New Member in Getting Data In 02-14-2023 0 5	0	5
Getting data into Splunk from Nagios-LS Howdy,I was wondering if anyone has any guidance on how to ingest data from Nagios Log Server?Prior to my arrival, we... by jdhenry Loves-to-Learn in Getting Data In 02-14-2023 0 0	0	0
How to configure the forwarding of Microsoft Windows Print Server logs? Hi Guys, I have installed universal forwarder on Print server, Windows Server 2012 R2 and configured the receiver IP ... by navdeepsingh83 New Member in Getting Data In 02-14-2023 0 3	0	3
Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline? Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline? For ... by nixhydra Explorer in Getting Data In 02-14-2023 0 0	0	0
Why are events with equal timestamps merged into one event? I have a few files in which the log events happen to not be in chronological order. Specifically, an event with say, ... by zapping575 Path Finder in Getting Data In 02-14-2023 0 5	0	5
How to remove logs from specific sourcetype being indexed? Hi Everyone, Im trying to stop the following index from being indexed into Splunk using the props/transforms confs o... by newsplunker1 Path Finder in Getting Data In 02-14-2023 0 8	0	8
Can a Heavy-Forwarder just raw forward and not parsing? Hi all. Like the subject, can i tell an HF not to PARSE the events, just do a banal tcp forwarding of the raw data? I... by verbal_666 Builder in Getting Data In 02-14-2023 0 6	0	6
How to send aws eventbridge events to a specific index on splunk cloud We have been trying to ingest aws eventbridge events to splunk cloud using API destination partners provided by aws b... by Pavan0411 New Member in Getting Data In 02-14-2023 0 3	0	3
Does the data flow through those same queues at the indexer? If an HF is used for a intermediate / aggregation tier and the data is parsed, what does the ingestion pipeline look... by dokaas_2 Communicator in Getting Data In 02-14-2023 0 2	0	2
Why does UF still require clientCert when requireClientCert is already disable in indexer? Hello Splunkers, I would like to understand why a cert is need for the UF, when indexer already has requireClientCert... by splunker686 Explorer in Getting Data In 02-13-2023 1 1	1	1
How to forward an index to another Splunk instance (n00b)? I found this Index and Forward data into another splunk instance and then found the current version of the reference... by gsfc_linux_dan Explorer in Getting Data In 02-13-2023 0 6	0	6
How to add multiple _meta from one field? Hi all, I want to have on a HF (8.1.4) multiple _meta of one field values in one stanza.Any sugestion how?Example:acc... by janroc Explorer in Getting Data In 02-13-2023 0 4	0	4
Upgraded Indexer shuts down pipeline and has to be restarted? We have recently upgraded an indexer from 8.2.6 to 9.0.2 (running on Windows) and since then we have been plagued by ... by jeremyhagand61 Communicator in Getting Data In 02-12-2023 0 0	0	0
How to blacklist server from heavy forwarder? Currently my Heavy Forwarder is receiving unwanted logs from a lot of different devices, and it is taking up a lot of... by YungLee Engager in Getting Data In 02-12-2023 0 2	0	2
inputs.conf blacklist format- Is there a format that needs to be adhered to when using a blacklist with regex? is there a format that needs to be adhered to when using a blacklist with regex? I am trying to format "New Process ... by dolj Explorer in Getting Data In 02-12-2023 0 2	0	2
Telegraf - How to solve this HEC SSL Issue? Hi, I am trying to use Telegraf to send data to Splunk HEC. However not sure how to get past the certificate issue. T... by pmnathan75 New Member in Getting Data In 02-12-2023 0 1	0	1
Can a Heavy Forwarder send cooked but unparsed data? Is it possible to have a heavy forwarder send unparsed (not raw) cooked data? I have a server which needs to forward ... by lbur Explorer in Getting Data In 02-11-2023 0 9	0	9
Recommended settings for HEC batch? When sending batch data to HEC server, with multiple events per request, is it better to send large (10k-100k), mediu... by spammenot66 Contributor in Getting Data In 02-11-2023 0 0	0	0
How can I reorganize ColdBucket lost+found folder data? One of my coldbucket indexer lost connection to the SAN and now I have a lot of data and files in my ColdBucket lost+... by afolabia Path Finder in Getting Data In 02-10-2023 0 0	0	0
Which is best practice, enable the metrics inputs in UF local or windows/nix add on local? We want to use ITSI with universal forwarders (windows and nix). Which is best practice, enable the metrics inputs i... by DeputyDawg Engager in Getting Data In 02-10-2023 0 2	0	2
How to compare lookup with index and number of hosts to see whats missing? I have a lookup which in column A is the index and column B is the number of hosts, I have this as a lookup. I would... by Orangebottle76 Engager in Getting Data In 02-10-2023 0 5	0	5
Why am I not seeing the events for a file? Hi All,i have added an input to ingest one file into splunk from deployment serveri have created new app and created ... by sekhar463 Path Finder in Getting Data In 02-10-2023 0 14	0	14
Using Splunk HEC and validating Certificates Hi I have seen that when I am doing a post request to "https://splunk_host:8088/services/collector/event" with valida... by Kamaal_Mohammed New Member in Getting Data In 02-09-2023 0 5	0	5
How to Load Balanced HEC entrypoint with indexer ack Hi ! I wonder how to correct the following behaviour. Here's my architecture : 1 dns entry point load balancing betwe... by emallinger Communicator in Getting Data In 02-09-2023 0 8	0	8
How can I overcome TCP cooked connection timeout? Getting Tcpoutputproc cooked connection to ip is timed out, Can any one help me here how can I overcome this by Srikanth1131 Explorer in Getting Data In 02-09-2023 0 4	0	4