Getting Data In

Discussions

Thread Info

How to distribute big data(logs) in different times of the day.

Hi folks, I have an issue with a HF, I'm getting some spikes reaching the 100% when sending data to Splunk Cloud. T...

by Path Finder in

How to create multiple Sourcetype for one source?

I have 4 different kind of logs that is coming from one source (sample logs are below). I would like to configure thi...

by Engager in

Splunk file and directory monitoring- Am I configuring correctly?

Hello having some confusing problems with Splunk permissions that I am trying to understand. Little background we upg...

by Communicator in

Heavy forwarder setup - looking at clustering or other HA options

Hi all, I'm new to this forum and found quite a few ideas and solutions to issues admins hit. The organisation I ...

by Observer in

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

I am setting up a number of Kubernetes clusters in my organisation. We are using SPLUNK for monitoring. I have been t...

by New Member in

Free trial- What is the correct HEC-url?

Hi, I have recently created a splunk-cloud free trial. I then wanted to create a HEC-collector. I went to : http...

by New Member in

Why does CURL script fails to output when called by Splunk?

Hi Guys, I'm pulling m hair out trying to get my CURL script to run. I've set up a scripted input in my app, it...

by New Member in

UDP and the 1472 bytes limit

We are receiving syslog data via UDP and we noticed that some data is missing. When running - tcpdump -i eth...

by Motivator in

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

Hello Team, We are trying to integrate one of the SQL data base using the splunk db connect add-on and we are getti...

by Path Finder in

Why is Windows Event Log Whitelist not working?

Running a Windows 2012 R2 DHCP Server with UF 9.0.1 and Splunk Enterprise 8.0.5. My inputs at the UF look like this: ...

by Contributor in

SC4S and Palo Alto log sources- Where can I find logs?

New install and new to splunk. SC4S issue. Professional Service left earlier in the week. Firewall and panorama lo...

by Engager in

How do you monitor IBM VIOS ?

Hello, We have IBM VIOS servers running AIX and we need to monitor them, mainly in term of Security. Is there any...

by Builder in

What is the best way to reload Windows event log data?

I want to reload Windows event log data from the beginning of time for all hosts and remove all event log data that i...

by Communicator in

Debugging perfmon input?

Hello there. I tried to set up perfmon inputs to capture state of my windows 10 test box. Aaaaand. It's not wor...

by SplunkTrust in

DROP and GET events by pattern filters?

Hi.I'm trying to apply a rule for dropping and, meanwhile, get only some events in Indexers. Here we are, props...

by Builder in

How to blacklist using props.conf and transforms.conf?

I need to reject or not index the logs that have the word "notice" inside the log I understand that it is done usi...

by Builder in

Why is UDP/TCP data inputting data incorrectly?

I've integrations made with UDP/TCP data inputs that index data correctly but after a while they stopped working.In S...

by Engager in

What is the cause and solution to Http Client Connection Error?

what is the cause and solution for the following error? ERROR HttpClientRequest - HTTP client error=Connection clo...

by Explorer in

Restarting Splunk with Scripted Input?

Hi all, Here is the use case I'm dealing with. We have a large virtual environment in which a lot of teams like...

by Communicator in

IIS logs: why the error WARN FilesystemChangeWatcher - error getting attributes of path "E:\inetpub\logs\LogFiles":?

We have a rather huge solution with 2000+ servere. Our company needs that we monitor the IIS logs. Problem i...

by Builder in

Can I use the Microsoft Cert Store for Universal Forwarder SSL Communication?

I am working on getting Splunk secured with certificates. We have a requirement to ensure the integrity of our audit ...

by Explorer in

Is there something that can be done about GitHub Cloud Log streaming to network limited environment?

Hi, I'm trying to get the audit logs from github cloud into splunk instance which has limited network access. the ...

by Engager in

リアルタイムアラート作成時の複数フィールドの突合について

異なるソースタイプ[sourcteype=A1]の中に[user]、[sourcetype=B1]の中に[ap_user]というフィールドがあります。この２つの[user],[ap_user]のユーザ名が同じであるかどうか判定す...

by Engager in

How to format json event data so that it can be written to a json log and then successfully indexed by Splunk?

Hi Team, I am new here and would like to find a way to tackle this problem. I have structured json events that I am...

by Explorer in

Anonymization not working for extracted field with space in name

We have requirement to mask data in index time. While below works to mask data in raw, it does not work for extracted...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to distribute big data(logs) in different times of the day.

How to create multiple Sourcetype for one source?

Splunk file and directory monitoring- Am I configuring correctly?

Heavy forwarder setup - looking at clustering or other HA options

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

Free trial- What is the correct HEC-url?

Why does CURL script fails to output when called by Splunk?

UDP and the 1472 bytes limit

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

Why is Windows Event Log Whitelist not working?

SC4S and Palo Alto log sources- Where can I find logs?

How do you monitor IBM VIOS ?

What is the best way to reload Windows event log data?

Debugging perfmon input?

DROP and GET events by pattern filters?

How to blacklist using props.conf and transforms.conf?

Why is UDP/TCP data inputting data incorrectly?

What is the cause and solution to Http Client Connection Error?

Restarting Splunk with Scripted Input?

IIS logs: why the error WARN FilesystemChangeWatcher - error getting attributes of path "E:\inetpub\logs\LogFiles":?

Can I use the Microsoft Cert Store for Universal Forwarder SSL Communication?

Is there something that can be done about GitHub Cloud Log streaming to network limited environment?

リアルタイムアラート作成時の複数フィールドの突合について

How to format json event data so that it can be written to a json log and then successfully indexed by Splunk?

Anonymization not working for extracted field with space in name

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions