Getting Data In

Community Activity

Getting wrong time for event? I have an add on for unix and linux downloaded on my monitored servers and the data is sent to my indexers. In the Un... by olivera Explorer in Getting Data In 01-02-2023 0 19	0	19
Where can I get the updated sample data for practicing searches using SPL? please where can i get the updated sample data for practicing searches using SPL? thanks in advance by Lorenzo1 Path Finder in Getting Data In 12-31-2022 0 12	0	12
custom fields overriding Hi at all,a question before starting a new configuration.I configured custom fields on some Universal Forwarders usin... by gcusello SplunkTrust in Getting Data In 12-30-2022 0 0	0	0
"Failed to find newline while reading transport header" when querying API Hello,I have a problem with a custom app in Splunk. I've written a simple app that uses the Python requests-library t... by dedupper Explorer in Getting Data In 12-29-2022 0 1	0	1
High memory usage due to splunk universal forwarder hai all,how to resolve high memore usage on splunk universal forwarder how to check due to which files causing the is... by sekhar463 Path Finder in Getting Data In 12-29-2022 0 0	0	0
exchange Hello. how to collects microsoft exchange 2019 audit logs to splunk by ates77 Explorer in Getting Data In 12-29-2022 0 1	0	1
federated search in splunk What is the difference between standard and transparent federated search type in splunk with examples or usecase? by vk1109 New Member in Getting Data In 12-28-2022 0 1	0	1
UF inputs.conf stanza I'm working on an input.conf from a universal forwarder when I noticed the first stanza is missing a ]ex:[WinEventLog... by ITSplunk117 Path Finder in Getting Data In 12-28-2022 0 1	0	1
How to increase indexer speed or size to write disk? Recently I upgraded splunk enterprise to 9.0.2 version.After few days, Index queue fill ratio is 100% and indexing ra... by HS Loves-to-Learn in Getting Data In 12-28-2022 0 1	0	1
Trying to extract field and trim log after? Hello everyone! I am trying to extract hostname from syslog-heading, and after trim it? Is it technically possible? M... by bosseres Contributor in Getting Data In 12-27-2022 0 4	0	4
How can I black list event code and user type? I'm trying to blacklist the event code 4634 when user_type = computer. I'm using the below blacklist in my inputs.co... by billf New Member in Getting Data In 12-27-2022 0 0	0	0
How to get linux logs to blacklist in input.conf? Hi Team, getting huges audit logs and wanted to blacklist in input.conf . index=linux source="/var/log/audit/audit... by shashilendra Explorer in Getting Data In 12-27-2022 0 5	0	5
How to write a Splunk search to get to a field value that belongs to particular field? Good day, i am using search query to correlate one field belongs and related jobs for that field i am using below que... by sekhar463 Path Finder in Getting Data In 12-26-2022 0 1	0	1
What are the best practices for defining source types? I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the... by sloshburch Ultra Champion in Getting Data In 12-25-2022 0 17	0	17
Getting in the commands from cisco devices Hi, I collected the cisco deviceslog with "Cisco Networks Add-on for Splunk Enterprise". And install "Cisco Networks... by m_zandinia Path Finder in Getting Data In 12-24-2022 0 0	0	0
TIME_PREFIX configuration is not working Hi All,We are working in Splunk Cloud environment, I want to deploy custom the TIME_PREFIX configuration for one of t... by bhsakarchourasi Path Finder in Getting Data In 12-23-2022 0 2	0	2
Why does the indexer peer node takes hours to join cluster? I have a case where some indexers take 4 to 5 hours to join the cluster. The system shows no/little system usage (CP... by mdtoro Explorer in Getting Data In 12-23-2022 0 3	0	3
Servicenow Integration I have setup servicenow to splunk integration and coming to the inputs, I have turned on the Splunk sys user group a... by Roy_9 Motivator in Getting Data In 12-23-2022 0 0	0	0
Splunk rejects syslog messages Hello, everyoneI've "all-in-one" splunk installation, configured syslog input, but input messages are rejected.Below ... by bosseres Contributor in Getting Data In 12-23-2022 1 1	1	1
How to pass conditional field names for a field in props.conf stanza? There is a threat log with 2 sub_types (url and vulnerability) and sample data are as below.panwlogs-,2022-12-15T08:4... by divya_gn1 Loves-to-Learn in Getting Data In 12-23-2022 0 0	0	0
Are any default apps in universal forwarder unnecessary? I just installed universal forwarder, And was deploying my first app using DS, I came accros few apps in place prior ... by hectorvp Communicator in Getting Data In 12-22-2022 0 5	0	5
Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot? Hello i have two windows event collectors. 3 domain controllers send their events to one event collector (WEC01), and... by davidwaugh Path Finder in Getting Data In 12-22-2022 2 25	2	25
When monitoring CSV file on Windows, it only ingests top line and inconsistent events? We have a distributed splunk (8.x) environment on-prem, with CM and 3 peers, 2 SH, 1 deployment server, and many clie... by calvinmcelroy Path Finder in Getting Data In 12-22-2022 0 3	0	3
Where and how do I configure a sourcetype for generic xml? Hey there! I'm trying to monitor(batch)) a folder congaing xml files, the XML files don't necessarily have the same... by dorbi Explorer in Getting Data In 12-22-2022 0 5	0	5
What is the recommended method to ingest exported sysmon logs? Context: I have an external client that uses Arctic Wolf for sysmon logs on their endpoints and need to ingest those ... by russell120k Engager in Getting Data In 12-22-2022 0 2	0	2