Getting Data In

Discussions

Thread Info

Why to use syslog or tcp output?

Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c...

by Contributor in

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll...

by Engager in

Microsoft-AzureADPasswordProtection-DCAgent

I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ...

by Loves-to-Learn Lots in

ingest_eval lookup not working

I have the following transforms.conf file: [pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapp...

by Explorer in

Ingest time lookup to add fields does not work

I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1. I came acr...

by Explorer in

ingest_eval works on AIO instance but different results when applied at the HF tier

I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and...

by Path Finder in

Moving cribl events to their own index

Brand new to splunk, inherited a slightly configured system. I want to move certain cribl events to an index called...

by Engager in

forward logs from HF to third-party using syslog

i have used this approach to forward logs from specific index to third-party system in my case Qradar so i need...

by Explorer in

fully reindexing a file every time the datestamp changes

I've a few different automated pulls of data into directories of files I want splunk to index. These files get comple...

by Contributor in

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

Hi all, I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP proto...

by Explorer in

WIndows 7 support

I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. ...

by Communicator in

Streamfwd pcap filter compilation error

I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa...

by Observer in

Request for Best Practices on Collecting Essential Data from Endpoints to Splunk

Dear Splunk Community, I am currently working on a project focused on identifying the essential data that should be...

by Explorer in

Split JSON array into individual events on HF

We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ...

by Builder in

sc4s index re-route

Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve...

by Engager in

call not properly authenticated

Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ...

by Explorer in

UF keep looking for removed input stanza

I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a ....

by Path Finder in

Defining Timestamp for HEC Input

I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ...

by Communicator in

Splunk Answers Content Calendar May 2025

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ...

by New Member in

Redirecting specific logs using a regex

Hi splunk community, I have a question on logs cloning/redirection Purpose : Extract logs containing "network-gue...

by Path Finder in

Remove the index distributed setup

Hi, After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distri...

by Path Finder in

Onboarding MOVEit Server Database logs to Splunk

How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method?

by Path Finder in

DB connection errors- no Http Event Collectors available

Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below...

by Explorer in

How to upload a csv from a host that has a universal forwarder?

We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why to use syslog or tcp output?

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Microsoft-AzureADPasswordProtection-DCAgent

ingest_eval lookup not working

Ingest time lookup to add fields does not work

ingest_eval works on AIO instance but different results when applied at the HF tier

Moving cribl events to their own index

forward logs from HF to third-party using syslog

fully reindexing a file every time the datestamp changes

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

WIndows 7 support

Streamfwd pcap filter compilation error

Request for Best Practices on Collecting Essential Data from Endpoints to Splunk

Split JSON array into individual events on HF

sc4s index re-route

call not properly authenticated

UF keep looking for removed input stanza

Defining Timestamp for HEC Input

Splunk Answers Content Calendar May 2025

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

Redirecting specific logs using a regex

Remove the index distributed setup

Onboarding MOVEit Server Database logs to Splunk

DB connection errors- no Http Event Collectors available

How to upload a csv from a host that has a universal forwarder?

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions