Getting Data In

Discussions

Thread Info

Syslog UFs unable to connect to Indexers?

We are currently experiencing an issue in our 9.0.2 environment where our syslog UFs are unable to connect to our ind...

by Loves-to-Learn Lots in

Constant HIGH CPU/MEMORY USAGE- How can I bring this down?

We have a stand alone Splunk v8.2.0 deployment. 16vcpu/32GB memory. From other posts here I started looking throug...

by New Member in

Truncate only certain events from a source?

Good day experts, to manage the ingestion volume, I need apply truncation to a source that sends pretty high volume o...

by Engager in

How to remove all words in an event except for certain ones and put them in a table?

I have a event like this 02.09.2022; seller david address 434 xyz house price 20000 [color:green] {noffloors: 5] ...

by Observer in

How do I get Splunk Universal Forwarder for AIX 5.3?

Can someone help to get the Splunk universal forwarder for AIX 5.3 thanks!

by Explorer in

How to solve setnull issue while filtering required events?

Hi , We are getting lot of events into our Splunk which is filling up the our computer disk storage rapidly. ...

by Path Finder in

How to verify the repFactor behavior set up in indexes.conf

Hello Splunkers,For a specific index I configured repFactor = auto and I suppose that the logs are exactly the same o...

by Contributor in

Indexer fails to join back cluster due to standalone buckets?

Indexer in the cluster was abruptly shutdown and subsequently fail to join back to the cluster. Please help to provid...

by Splunk Employee in

HEC event formatting: How to configure Splunk to show only message field and not all fields?

Good evening,With a Java Spring Boot application, I use the library provided by Splunk to send to Splunk the logs usi...

by Loves-to-Learn in

Why License Usage has empty fields?

Hi guys.I was asking why my reports, using license_usage.log from LicenseMaster, for "LicenseUsage" sometimes do not ...

by Builder in

Why are there completely different formats in same logfile?

Hi all, We have an application which produces logfiles where other logfiles are inserted (they are pulled from std...

by Explorer in

Why did curl failed with error code 56?

I am trying to list existing HEC tokens with curl command as below: curl -k -u admin:<admin_password...

by Explorer in

Why the error while ingesting a JSON file "Jsonlinebreaker parsing error unexpected character /"?

I'm trying to ingest a json file and got the following error: splunkd.log:01-07-2023 00:42:51.375 +0100 ERROR Json...

by New Member in

How to split event to two indexes?

I would like to know if it is possible to be able to inject an event to a heavy forwarder via the hec and then have i...

by Path Finder in

How to define timestamp in props.conf for JSON events?

I will be ingesting a JSON file daily that has a K/V field for the date as follows: "Date": "2023-01-04" ...

by Influencer in

.Net application: How to add custom Span/Trace using Splunk Open Telemetry SignalFx

I have an ASP .Net application that is currently setup to be monitored using Splunk Open Telemetry (Signal Fx) using ...

by New Member in

UF: Why is too much permissions given to Splunk when configured as a systemd service?

Hello Splunkers, I have followed this documentation in order to configure my Splunk on my UF as a systemd managed ...

by Contributor in

How to blacklist files with a wildcard in monitoring stanza?

Hi, I need to index windows server logs and blacklist all the previous year logs.Inputs.conf. [monitor://E:\ap...

by Builder in

Spot permissions denied errors- How could I spot this issue in the first place ?

Hello Splunkers,I faced the following issue : I deployed an app on a UF, this app should monitor a specific file i...

by Contributor in

Solution : event splitted even with SHOULD_LINEMERGE in props.conf

Hello,some events are not parsed correctly and not splitted only when there is timestamp especially with "slow" event...

by Motivator in

How to ingest some sample data into Splunk cloud?

I have splunk cloud url : https://prd-p-9alo5.splunkcloud.comusername : sc_admin

by Observer in

How to create regex for below data?

Need help with regex for below data. Please assist me on the same.field name -------- fieldvalue Devicename------G...

by Explorer in

What is the Splunk universal forwarder 6.5.3 compatibility with Splunk Enterprise 8.1.9?

Hi I am trying to upgrade my SPLUNK environment from 7.x to 8.1.9 I want to make sure if my universal fowarder...

by Explorer in

How to resolve error: Log to Splunk with Log4j2- 401 Unauthorized ?

Hi I am trying to integrate log4j with splunk as shown below and I am getting error - Log4j2-TF-1-AsyncLoggerConf...

by Observer in

How to convert bulk evtx files in a folder to CSV files for ingestion?

Hi all. I have a folder with about 200 evtx files. The following command works for 1 file. How can I process/convert ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Syslog UFs unable to connect to Indexers?

Constant HIGH CPU/MEMORY USAGE- How can I bring this down?

Truncate only certain events from a source?

How to remove all words in an event except for certain ones and put them in a table?

How do I get Splunk Universal Forwarder for AIX 5.3?

How to solve setnull issue while filtering required events?

How to verify the repFactor behavior set up in indexes.conf

Indexer fails to join back cluster due to standalone buckets?

HEC event formatting: How to configure Splunk to show only message field and not all fields?

Why License Usage has empty fields?

Why are there completely different formats in same logfile?

Why did curl failed with error code 56?

Why the error while ingesting a JSON file "Jsonlinebreaker parsing error unexpected character /"?

How to split event to two indexes?

How to define timestamp in props.conf for JSON events?

.Net application: How to add custom Span/Trace using Splunk Open Telemetry SignalFx

UF: Why is too much permissions given to Splunk when configured as a systemd service?

How to blacklist files with a wildcard in monitoring stanza?

Spot permissions denied errors- How could I spot this issue in the first place ?

Solution : event splitted even with SHOULD_LINEMERGE in props.conf

How to ingest some sample data into Splunk cloud?

How to create regex for below data?

What is the Splunk universal forwarder 6.5.3 compatibility with Splunk Enterprise 8.1.9?

How to resolve error: Log to Splunk with Log4j2- 401 Unauthorized ?

How to convert bulk evtx files in a folder to CSV files for ingestion?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

multivalue field extraction using props and transf...

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions