Getting Data In

Discussions

Thread Info

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

Hello i have two windows event collectors. 3 domain controllers send their events to one event collector (WEC01), and...

by Path Finder in

When monitoring CSV file on Windows, it only ingests top line and inconsistent events?

We have a distributed splunk (8.x) environment on-prem, with CM and 3 peers, 2 SH, 1 deployment server, and many clie...

by Path Finder in

Where and how do I configure a sourcetype for generic xml?

Hey there! I'm trying to monitor(batch)) a folder congaing xml files, the XML files don't necessarily have th...

by Explorer in

What is the recommended method to ingest exported sysmon logs?

Context: I have an external client that uses Arctic Wolf for sysmon logs on their endpoints and need to ingest those ...

by Engager in

How to resolve ERROR PersistentScript?

Disponemos de Splunk Cloud Victoria 9.0.2208.4 y hemos instalado y configurado: - Seguridad en la nube de Cisco ...

by Loves-to-Learn Lots in

Need help in integrating Amazon Eventbridge with Splunk through api

Hi guys, We need to get events generated from aws eventbridge to get into splunk. So we tried integrating the eve...

by Loves-to-Learn in

AWS S3 Input- Ingest .csv files that are not actually csv formatted- Is there a way to turn off CSV parsing ability?

We have a new Splunk Cloud environment We are using AWS TA Add On to ingest files from S3 The files have extens...

by Contributor in

How to create after hour report?

I am trying to create an after hour query with specific time frames 1. Mon 0000-0700 and 1900-2400, 2. Tue 0000-0700 ...

by Explorer in

Splunk HF - Typing Queue full but CPU of the machine is low

Hello Splunkers, I am currently having parsing problems with my Splunk Heavy Forwarder.I know I have heavy regex t...

by Contributor in

How to convert the data from JSON format to raw logs?

Hi , After onboarding trendmicro XDR we are facing few issue. 1. Getting logs in JSON format 2. Data is no...

by Path Finder in

JSON timestamp parsing- When events are being fed from UF, the timestamp can't be extracted?

Hi all, I use following simple props.conf to some json type events: [my:sourcetype]category = StructuredDATETIM...

by Communicator in

How to make changes so that all logs should be indexed in a proper format?

I am getting logs in Splunk. But the logs are in improper format. So I want to make changes so that all my logs shoul...

by Loves-to-Learn Lots in

Why am I unable to see springboot application logs in splunk?

Hi All, I have integrated Splunk HEC with springboot .when i hit application and checked in splunk am unable ...

by Loves-to-Learn Lots in

Can someone provide a work example for Splunk HEC using Java Spring Boot?

Can someone assist with providing a working example on how to use and send data to Splunk HTTP Event Collect (HEC) fr...

by Communicator in

What is the reason for an incomplete data HTTP event collector?

Hello dear community Could you please tell me how to find the reason. I am using HTTP Event Collector for Kuber...

by Loves-to-Learn Everything in

How to configure statsd to send metric data to Splunk?

What is process of configuring the statsd to pull airflow application metrics to splunk. Followed the below links...

by Loves-to-Learn Lots in

How to add content from lookup table data?

Good day All! i have created a lookup data | inputlookup Autosys.csv and i have fileds KB,REGION AND JOB_NAME. ...

by Path Finder in

Health Check: Intelligence download of "Phishtank" has failed on host "Splunksh01" at :Fri Apr 17 12:46:36 2020 "threat list download failed after multiple retries"

Greetings!!! I need your help on how I can resolve the below issues, I got from message status 1 issue: Hea...

by Communicator in

How to push Bots V3 Dataset in distributed deployment?

Hi Team, I have the env setup like 2 Indexers, 1 Search Head,1 Heavy Forwarder,1 Deployment Server, 1 Cluster...

by Path Finder in

What add-on can I use for integration of HPE iLO logs?

Hi all, is there an existing add-on that I can use for getting HPE iLO data into splunk? I am planning on inges...

by Path Finder in

How to drop a subnet at index?

Hi @gcusell, I have 2 double 1. How can I drop a source IP 10.0.0.0/24 subnet at indexer, I am aware of d...

by Path Finder in

How to create lookup without header?

Hi I am going to create a DC list lookup daily using nslookup how I can I define the lookup without a header o...

by Contributor in

Configure forwarding data to two tcpout groups without blocking on group failure.

Is it possible to configure heavy forwarders to send data to two tcpout groups (A,B) (outputs.conf) and don't block ...

by Path Finder in

How does xmlkv work?

All of our data is in XML format that is being indexed. I've been able to pull out a lot of extractions for single va...

by Explorer in

How to use mpstats results in table view in Splunk dashboard?

Hi Friends, I'm configuring mpstats command to get the each cpu core ideal value. I have configured below in b...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

When monitoring CSV file on Windows, it only ingests top line and inconsistent events?

Where and how do I configure a sourcetype for generic xml?

What is the recommended method to ingest exported sysmon logs?

How to resolve ERROR PersistentScript?

Need help in integrating Amazon Eventbridge with Splunk through api

AWS S3 Input- Ingest .csv files that are not actually csv formatted- Is there a way to turn off CSV parsing ability?

How to create after hour report?

Splunk HF - Typing Queue full but CPU of the machine is low

How to convert the data from JSON format to raw logs?

JSON timestamp parsing- When events are being fed from UF, the timestamp can't be extracted?

How to make changes so that all logs should be indexed in a proper format?

Why am I unable to see springboot application logs in splunk?

Can someone provide a work example for Splunk HEC using Java Spring Boot?

What is the reason for an incomplete data HTTP event collector?

How to configure statsd to send metric data to Splunk?

How to add content from lookup table data?

Health Check: Intelligence download of "Phishtank" has failed on host "Splunksh01" at :Fri Apr 17 12:46:36 2020 "threat list download failed after multiple retries"

How to push Bots V3 Dataset in distributed deployment?

What add-on can I use for integration of HPE iLO logs?

How to drop a subnet at index?

How to create lookup without header?

Configure forwarding data to two tcpout groups without blocking on group failure.

How does xmlkv work?

How to use mpstats results in table view in Splunk dashboard?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions