Getting Data In

Community Activity

	Why for f5 data we use [UDP://9514] instead of using syslog? I came across in our repo a monitoring stanza for f5, which is [UDP://9514]. I wonder if there is any reason not to u... by danielbb Motivator in Getting Data In 06-26-2025 0 3	0	3
	Splunk HEC/kafka raw logs parsing / addons Hello, is it possible in Splunk HEC from Kafka to receive raw events on HF in order to parse fields with addons?It se... by splunkreal Motivator in Getting Data In 06-26-2025 0 4	0	4
	Index time based retention - based on indexed time or event time? This information is probably located in one of the docs but didn't find it in anything I've read just now. Under norm... by Runals Motivator in Getting Data In 06-25-2025 0 6	0	6
	Filter events on UF I have a data source of significant size and I want to filter a large percentage of the data on the UF so it isnt sen... by chrisyounger SplunkTrust in Getting Data In 06-24-2025 0 1	0	1
	Perfmon counters not coming in after Universal Forwarder update to 9.2.6.0 from 9.2.0.1 Thought I would post here in the community as well since I have this opened with support. A couple weeks ago, another... by DarthHerm Explorer in Getting Data In 06-24-2025 0 4	0	4
	using mcollect to collect metric data Hi,I am using mcollect to collect data from certain metrics into another metric index. I have created the new metric ... by _pravin Contributor in Getting Data In 06-24-2025 0 4	0	4
	Struggling to correctly parse JSON data Hello,We have multiple fortigate devices forwarding to a logstash server that is storing all the device's logs in 1 f... by LOP22456 Explorer in Getting Data In 06-24-2025 0 5	0	5
	Warnings Hey mates, I'm new to Splunk and while ingesting the data from my local machine to Splunk this message shows up."The ... by yash_eng New Member in Getting Data In 06-23-2025 0 3	0	3
	Windows UF stop after batch mode is finished Hello, I have a Windows machine with an UF installed that logs various logs such as wineventlog. These logs work corr... by Anders333 Explorer in Getting Data In 06-23-2025 0 8	0	8
	Finding forwarders that have not sent data Hello , Can anyone please provide me a query which lists out all forwarders that have not send data over the last 30... by sverdhan Loves-to-Learn Lots in Getting Data In 06-20-2025 0 5	0	5
	Rest apis for metric data/ values I am trying to fetch metric values of the infra i am monitoring using rest apis, so far all the apis i have tried are... by kalyan New Member in Getting Data In 06-20-2025 0 1	0	1
	exclude winevent older than 7 days from ingest Hello,I am about to onboard 1000+ Windows UF. Those have windows event logs going back many years. Is there a way to ... by Andre_ Path Finder in Getting Data In 06-20-2025 0 23	0	23
	What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring? Hi Splunk Community,We’re currently onboarding SUSE Linux (SLES/OpenSUSE) logs into Splunk Enterprise Security (ES) a... by sumanssa Observer in Getting Data In 06-19-2025 0 3	0	3
	Lost AWS events after ingestion I am in the middle of a Splunk migration. One of the tasks is to moved data from some sourcetypes onto the new server... by vishalduttauk Communicator in Getting Data In 06-19-2025 0 3	0	3
	splunk enterprise \| services start error why this issues I was trying to upgrade the splunk enterprise Checking prerequisites... Checking http port [80... by Mirza_Jaffar1 Explorer in Getting Data In 06-19-2025 0 6	0	6
	update to Splunk Add-on for Infoblox? I'm struggling to get data in from Infoblox using Splunk Add-on for Infoblox. I looked at the documentation and real... by ilhwan Path Finder in Getting Data In 06-19-2025 0 1	0	1
	Splunk Nutanix TA and Splunk Enterprise 9.3.4 Hello all Is the Nutanix TA (version 2.5.0) compatible with Splunk 9.3.4+? It is listed as such on the splunk base (h... by _joe Contributor in Getting Data In 06-19-2025 0 1	0	1
	Syslog Configuration required for custom sourcetypes I think Splunk doesn't have a built-in/defined sourcetype for ExtremeCloud XIQ logs. Can we define a custom sourcetyp... by msatish Path Finder in Getting Data In 06-18-2025 0 7	0	7
	s4cs Fallback error Hey FolkesIngesting ZPA logs in Splunk using the Zscaler LSS service, I believe the configuration is correct based on... by Bedrohungsjäger Observer in Getting Data In 06-18-2025 0 2	0	2
	SPlunk query Hello team , Please help me modify this query such that it is able to loop through all the values of the csv file : ... by sverdhan Loves-to-Learn Lots in Getting Data In 06-18-2025 0 6	0	6
	Extract fields from RFC5424 syslog with nested json field Hello, I put this regex on SHC inline extraction : "<(?<pri>\d+)>1\s(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(... by splunkreal Motivator in Getting Data In 06-18-2025 0 2	0	2
	JSON Data extraction issues with Comma Hi Team,We are trying to extract JSON data with custom sourcetype and With the current configuration, all JSON object... by kumva01 Loves-to-Learn Lots in Getting Data In 06-18-2025 0 1	0	1
	_TCP_ROUTING with clustered indexers system logs Hello,we have 2 Splunk platforms and we are using _TCP_ROUTING to forward logs.System logs from 1st platform indexers... by splunkreal Motivator in Getting Data In 06-17-2025 0 1	0	1
	Utilize on-prem Splunk Heavy Forwarder with Cisco Security Cloud for FMC logs into Splunk Cloud instance Hello,I have been trying to configure this application on one of our on-prem Heavy forwarder to be able to ingest our... by parthbhawsar Loves-to-Learn in Getting Data In 06-17-2025 0 5	0	5
	SPL challenge ! Fusionning a multi \|eval expression into one line ? Hi,I'm onboarding some new data and I'm working on the fields extraction.Data is some proper JSON related to emails.I... by gargantua Path Finder in Getting Data In 06-17-2025 0 2	0	2