Getting Data In

Discussions

Thread Info

Which UNIX permissions are best for monitoring files?

Since it's a best practice to install Splunk and run it as a non-root UNIX user, how can I make sure Splunk has the n...

by Ultra Champion in

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

Hello, we are trying to configure the receiving of AppFlow data from Citrix Netscaler, using the Splunk Add-on for ...

by Explorer in

Db-Sources-Why am I getting CSV Duplicated Records?

Hi! I'm starting with Splunk, so i really appreciate some help cause i've been stucked several weeks. I have a CSV...

by Observer in

How can I merge two splunk queries together?

I have two Splunk queries 1 and 2 below, and both have one common email , i want the searched emails generated from t...

by Loves-to-Learn in

Error when connecting to local Kubernetes cluster from Splunk App for Data Science and Deep Learning

Hi, I am having a local minikube Kubernetes cluster set up. Furthermore, I want to setup the Splunk App for Data Sc...

by Splunk Employee in

Increased CPU on Universal Forwarder since v9

We upgraded the Splunk Universal Forwarders on our web servers from 8.0.5 to 9.0.1 back in late October and since the...

by Engager in

Logs with disorganized data- How to view logs for complete processes and not for fractions of these?

Hii, good day everyone I need your help please. I need to join a log that gives me the events by date, but I requir...

by Loves-to-Learn Lots in

How to not reindexing data after overwriting a file?

Hi everybody, let's say I'm monitoring the file test.log that has these informations: 2022-22-25 14:00 - row 1 ...

by Path Finder in

Is there a step by step setup link for Splunk configuration with UberAgent?

Hi All, We are tring to collect the Desktop experience data in Splunk using the Uber Agent. We have installed ...

by New Member in

Is it possible to forward logs from UF to Syslog-ng using either BSD/IETF syslog format?

Hi, I was posed a query from my customer. Is it possible to forward syslog from UF to Syslog-ng using the BSD/IETF...

by Explorer in

Why is data not ingesting using DB connect?

I'm Trying to get oracle DB data using DB Connect app and I have successfully scheduled my job and set up my connec...

by Path Finder in

Why are there duplicate MV fields with JSON data?

Hello there! I'm trying to ingest JSON data via the Splunk Add-on for Microsoft Cloud Services app. I created a s...

by Explorer in

How can I disable a windows event id from indexing?

I have an event id 4674 that I would like to block from being indexed. I have the following in my in inputs.conf in ...

by Explorer in

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Our admin created me a regular domain user to test low P and assigned it these privileges: • Permission to log on ...

by Motivator in

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

Hi, We've recently tested out a new path for data to flow into our Splunk environment from Universal Forwarders.We...

by Explorer in

How can I extrac fields depending on the type of event?

Hi, if I had logs as such wirn different type data in the same sourcetype: " < 134 > Nov...

by Explorer in

What special capabilities (permissions) are required to run the REST API?

Hi, What special capabilities (permissions) are required to run the REST API? A colleague and I are both running o...

by Explorer in

Receiving an error while using the mvexpand command (does not exist in the data)

Hi everyone,currently, i am trying to expand one of the multiple field values but i am getting the result with the be...

by Communicator in

How to route the logs from certain host to index=abc_secure?

Hi Team, [host::1.(xx|xx).xx.xx(x|y)]TRANSFORMS-change_index_abc_secure = change_index_abc_secure [change_...

by Builder in

Splunk TA For MSCS - Event Hubs input issues

We are using the Event Hubs modular input from the SPlunk TA for Microsoft Cloud Services. In our system, we have c...

by Loves-to-Learn Everything in

How to distribute big data(logs) in different times of the day.

Hi folks, I have an issue with a HF, I'm getting some spikes reaching the 100% when sending data to Splunk Cloud. T...

by Path Finder in

How to create multiple Sourcetype for one source?

I have 4 different kind of logs that is coming from one source (sample logs are below). I would like to configure thi...

by Engager in

Splunk file and directory monitoring- Am I configuring correctly?

Hello having some confusing problems with Splunk permissions that I am trying to understand. Little background we upg...

by Communicator in

Heavy forwarder setup - looking at clustering or other HA options

Hi all, I'm new to this forum and found quite a few ideas and solutions to issues admins hit. The organisation I ...

by Observer in

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

I am setting up a number of Kubernetes clusters in my organisation. We are using SPLUNK for monitoring. I have been t...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Which UNIX permissions are best for monitoring files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

Db-Sources-Why am I getting CSV Duplicated Records?

How can I merge two splunk queries together?

Error when connecting to local Kubernetes cluster from Splunk App for Data Science and Deep Learning

Increased CPU on Universal Forwarder since v9

Logs with disorganized data- How to view logs for complete processes and not for fractions of these?

How to not reindexing data after overwriting a file?

Is there a step by step setup link for Splunk configuration with UberAgent?

Is it possible to forward logs from UF to Syslog-ng using either BSD/IETF syslog format?

Why is data not ingesting using DB connect?

Why are there duplicate MV fields with JSON data?

How can I disable a windows event id from indexing?

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

How can I extrac fields depending on the type of event?

What special capabilities (permissions) are required to run the REST API?

Receiving an error while using the mvexpand command (does not exist in the data)

How to route the logs from certain host to index=abc_secure?

Splunk TA For MSCS - Event Hubs input issues

How to distribute big data(logs) in different times of the day.

How to create multiple Sourcetype for one source?

Splunk file and directory monitoring- Am I configuring correctly?

Heavy forwarder setup - looking at clustering or other HA options

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions