Getting Data In

Discussions

Thread Info

May I have sample code to query Splunk data using Splunk React, please?

we are using Splunk React. may I have a sample Splunk React code that queries Splunk data, please?

by Explorer in

Why won't data parsing while sending data through UF?

Hi All,Need help on sending data through UF.BackgroundWe have single PROD Splunk instance acting as all in one server...

by SplunkTrust in

How do I resolve this error: [SPLUNKD] Not Found?

Hi, I am using the Splunk version 8.2.8 when I am trying to open the setup page of Splunk Add-on : ServiceNow Sec...

by Observer in

How to add metadata to UF config files?

Hello. I'm trying to identify a pool of windows hosts by adding an additional field to the events they forward. I can...

by Communicator in

There are multiple json messages in _raw into a HEC and splitting them doesn't quite get what I need?

Greetings. We recently turned on a HEC and have JSON data coming in and I have noticed that multiple JSON blobs ar...

by Path Finder in

Which UNIX permissions are best for monitoring files?

Since it's a best practice to install Splunk and run it as a non-root UNIX user, how can I make sure Splunk has the n...

by Splunk Employee in

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

Hello, we are trying to configure the receiving of AppFlow data from Citrix Netscaler, using the Splunk Add-on for ...

by Explorer in

Db-Sources-Why am I getting CSV Duplicated Records?

Hi! I'm starting with Splunk, so i really appreciate some help cause i've been stucked several weeks. I have a CSV...

by Observer in

How can I merge two splunk queries together?

I have two Splunk queries 1 and 2 below, and both have one common email , i want the searched emails generated from t...

by Loves-to-Learn in

Error when connecting to local Kubernetes cluster from Splunk App for Data Science and Deep Learning

Hi, I am having a local minikube Kubernetes cluster set up. Furthermore, I want to setup the Splunk App for Data Sc...

by Splunk Employee in

Increased CPU on Universal Forwarder since v9

We upgraded the Splunk Universal Forwarders on our web servers from 8.0.5 to 9.0.1 back in late October and since the...

by Engager in

Logs with disorganized data- How to view logs for complete processes and not for fractions of these?

Hii, good day everyone I need your help please. I need to join a log that gives me the events by date, but I requir...

by Loves-to-Learn Lots in

How to not reindexing data after overwriting a file?

Hi everybody, let's say I'm monitoring the file test.log that has these informations: 2022-22-25 14:00 - row 1 ...

by Path Finder in

Is there a step by step setup link for Splunk configuration with UberAgent?

Hi All, We are tring to collect the Desktop experience data in Splunk using the Uber Agent. We have installed ...

by New Member in

Is it possible to forward logs from UF to Syslog-ng using either BSD/IETF syslog format?

Hi, I was posed a query from my customer. Is it possible to forward syslog from UF to Syslog-ng using the BSD/IETF...

by Explorer in

Why is data not ingesting using DB connect?

I'm Trying to get oracle DB data using DB Connect app and I have successfully scheduled my job and set up my connec...

by Path Finder in

Why are there duplicate MV fields with JSON data?

Hello there! I'm trying to ingest JSON data via the Splunk Add-on for Microsoft Cloud Services app. I created a s...

by Explorer in

How can I disable a windows event id from indexing?

I have an event id 4674 that I would like to block from being indexed. I have the following in my in inputs.conf in ...

by Explorer in

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Our admin created me a regular domain user to test low P and assigned it these privileges: • Permission to log on ...

by Motivator in

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

Hi, We've recently tested out a new path for data to flow into our Splunk environment from Universal Forwarders.We...

by Explorer in

How can I extrac fields depending on the type of event?

Hi, if I had logs as such wirn different type data in the same sourcetype: " < 134 > Nov...

by Explorer in

What special capabilities (permissions) are required to run the REST API?

Hi, What special capabilities (permissions) are required to run the REST API? A colleague and I are both running o...

by Explorer in

Receiving an error while using the mvexpand command (does not exist in the data)

Hi everyone,currently, i am trying to expand one of the multiple field values but i am getting the result with the be...

by Communicator in

How to route the logs from certain host to index=abc_secure?

Hi Team, [host::1.(xx|xx).xx.xx(x|y)]TRANSFORMS-change_index_abc_secure = change_index_abc_secure [change_...

by Builder in

Splunk TA For MSCS - Event Hubs input issues

We are using the Event Hubs modular input from the SPlunk TA for Microsoft Cloud Services. In our system, we have c...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Getting Data In

Discussions

May I have sample code to query Splunk data using Splunk React, please?

Why won't data parsing while sending data through UF?

How do I resolve this error: [SPLUNKD] Not Found?

How to add metadata to UF config files?

There are multiple json messages in _raw into a HEC and splitting them doesn't quite get what I need?

Which UNIX permissions are best for monitoring files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

Db-Sources-Why am I getting CSV Duplicated Records?

How can I merge two splunk queries together?

Error when connecting to local Kubernetes cluster from Splunk App for Data Science and Deep Learning

Increased CPU on Universal Forwarder since v9

Logs with disorganized data- How to view logs for complete processes and not for fractions of these?

How to not reindexing data after overwriting a file?

Is there a step by step setup link for Splunk configuration with UberAgent?

Is it possible to forward logs from UF to Syslog-ng using either BSD/IETF syslog format?

Why is data not ingesting using DB connect?

Why are there duplicate MV fields with JSON data?

How can I disable a windows event id from indexing?

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

How can I extrac fields depending on the type of event?

What special capabilities (permissions) are required to run the REST API?

Receiving an error while using the mvexpand command (does not exist in the data)

How to route the logs from certain host to index=abc_secure?

Splunk TA For MSCS - Event Hubs input issues

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions