Getting Data In

Discussions

Thread Info

Split JSON array into individual events on HF

We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ...

by Builder in

sc4s index re-route

Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve...

by Engager in

call not properly authenticated

Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ...

by Explorer in

UF keep looking for removed input stanza

I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a ....

by Path Finder in

Defining Timestamp for HEC Input

I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ...

by Communicator in

Splunk Answers Content Calendar May 2025

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ...

by New Member in

Redirecting specific logs using a regex

Hi splunk community, I have a question on logs cloning/redirection Purpose : Extract logs containing "network-gue...

by Path Finder in

Remove the index distributed setup

Hi, After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distri...

by Path Finder in

Onboarding MOVEit Server Database logs to Splunk

How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method?

by Path Finder in

DB connection errors- no Http Event Collectors available

Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below...

by Explorer in

How to upload a csv from a host that has a universal forwarder?

We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo...

by Motivator in

How to Drop Events Larger Than 10,000 Bytes Before Indexing?

Hi everyone, I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they ge...

by Engager in

Do not run Powershell script when Splunk starts

Hi, I want to run a Powershell script on a Windows universal forwarder according to a cron schedule. My input looks...

by New Member in

When using the Field Extractor can you use the same name for a field? will it append or add to the original field create

When using the Field Extractor can you use the same name for a field? will it append or add to the original field cre...

by Communicator in

Capability to upload image in Splunk Dashboard Studio

Hi All, Which Capability do i assign to Splunk user to upload image in Dashboard Studio

by Path Finder in

1 hour from indexing to Splunk-Web

Hello, Some of the forwarder installations are behaving strangely.They take an hour for the data to be indexed and ...

by Path Finder in

KV Store initialization has been not completed yet in SHC

Dears,,, The KV Store initialization on our search head cluster was previously working fine. However, unexpectedly,...

by Path Finder in

Unable to remove prefix by SEDCMD in sourcetype but able to run in search

I am trying to remove everything before the { character to preserve the JSON format. I am using SEDCMD-keepjs...

by Explorer in

Why does linebreaking regex have no capturing groups?

Hi Need help to fix the below error My Props : Sample events:

by Path Finder in

Extracting a value from MQTT string before parsing to JSON

I have an requirement to extract a value from an mqtt string before i parse it to json.Initially i was using MQTT Mod...

by Engager in

Can Windows UF send some EventCodes as XML and all othesr as Classic?

Short question: can I configure my window UF inputs.conf to collect Security Event logs as renderXML=false , unless i...

by Engager in

How do I set timezone properly in props.conf?

Our data source is generating syslog data using UTC. Time in the syslog header is formatted as Oct 22 15:51:14. We ma...

by New Member in

Running rsyslog and Splunk Enterprise on the same machine

Hi, I have a small lab (air gapped) with about 2 Linux servers not including the Splunk server and 25 Windows machin...

by Communicator in

How to run a scripted input on only one of several heavy forwarders?

We have a Splunk app that includes multiple scripted inputs.The app is deployed to 15 heavy forwarders, but we want o...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Split JSON array into individual events on HF

sc4s index re-route

call not properly authenticated

UF keep looking for removed input stanza

Defining Timestamp for HEC Input

Splunk Answers Content Calendar May 2025

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

Redirecting specific logs using a regex

Remove the index distributed setup

Onboarding MOVEit Server Database logs to Splunk

DB connection errors- no Http Event Collectors available

How to upload a csv from a host that has a universal forwarder?

How to Drop Events Larger Than 10,000 Bytes Before Indexing?

Do not run Powershell script when Splunk starts

When using the Field Extractor can you use the same name for a field? will it append or add to the original field create

Capability to upload image in Splunk Dashboard Studio

1 hour from indexing to Splunk-Web

KV Store initialization has been not completed yet in SHC

Unable to remove prefix by SEDCMD in sourcetype but able to run in search

Why does linebreaking regex have no capturing groups?

Extracting a value from MQTT string before parsing to JSON

Can Windows UF send some EventCodes as XML and all othesr as Classic?

How do I set timezone properly in props.conf?

Running rsyslog and Splunk Enterprise on the same machine

How to run a scripted input on only one of several heavy forwarders?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions