Getting Data In

Community Activity

How to split single sourcetype in multiple ones based on json field value? Hi all, recently my customer asked me to integrate different JSON log sources (VPN concentrator, WAF and Load Balance... by marco_massari11 Communicator in Getting Data In 12-08-2022 0 2	0	2
Would a Python Virtual Environment be compatible with Splunkbase and Splunk Cloud? Trying to develop an app that has a the 'cryptography' library as a dependancy. The built in Splunk Python interprete... by harry26 Observer in Getting Data In 12-08-2022 0 3	0	3
Getting Splunk to correctly read custom AWS VPC flow logs Hello All,I recently started ingesting vac flow logs from my AWS environment using the data manager app, and everythi... by olawalePS Path Finder in Getting Data In 12-08-2022 0 0	0	0
What is the query to setup a report to log all activity from a user? What is the query to setup a report to log all activity from a user? Basically anytime they access the VPN and log in... by StarFox Loves-to-Learn Lots in Getting Data In 12-08-2022 0 10	0	10
How to determine the Operating system language? Hi Team, Is there any way to determine the Operating system language before we ingest the logs in Splunk? After inge... by vkmanish Loves-to-Learn in Getting Data In 12-07-2022 0 1	0	1
How to restore logs from frozen bucket? Hi - in frozen\index\colddb, I have the following files (db_ and rb_) [splunk@spkpnxl1 wineventlog]$ cd colddb [splun... by vnguyen46 Contributor in Getting Data In 12-07-2022 0 6	0	6
Why am I getting "Error in JSON response: Unexpected EOF" while attempting to deploy shcluster-bundle? We recently upgraded our test environment from 6.4.2 to 6.5.2 and upon attempting to deploy a new search head cluster... by mdsnmss SplunkTrust in Getting Data In 12-06-2022 0 4	0	4
Dashboard Studio - Screens to CRUD KV store records- What is everyone else using? Does anyone feel like we are going to be able to create modern dashboards which allow us to interact with kvstore dat... by donelliot Path Finder in Getting Data In 12-06-2022 1 1	1	1
Need help with splunk SPL or REST API Need help with splunk SPL or rest api to fetch areport where we can see the count of total servers(splunk universal f... by AK_Splunk Explorer in Getting Data In 12-06-2022 0 1	0	1
Why can't I see the indexes I created in search results? hi pls am having problem viewing the indexes i created in my clustered environment. They were all created on the clus... by Lorenzo1 Path Finder in Getting Data In 12-06-2022 0 20	0	20
How to send specific logs to a sourcetype? Hello All, I have query index=xxxx sourcetype=xxx_* NOT(ASA) which actually filters logs that are not ASA from 4 so... by deepthi5 Path Finder in Getting Data In 12-06-2022 0 1	0	1
How to change value of an attribute using condition before indexing? Hi, I want to index simple xml file. <?xml version="1.0" encoding="utf-8"?><unitData xmlns:xsi="http://www.w3.org/200... by spisiakmi Contributor in Getting Data In 12-06-2022 0 6	0	6
Can I click on dashboard to view events in another panel in same dashboard? I tried to view the events in detail on another panel .so, I tried putting in the token Its not showing the clicked e... by kv Explorer in Getting Data In 12-06-2022 0 6	0	6
Why is SEDCMD in props.conf to remove part of header line not working? I am forwarding F5 logs from a syslog server, but I have an additional timestamp and host IP (log below with strike-t... by mburgess97 Path Finder in Getting Data In 12-05-2022 0 6	0	6
Indexer cluster: "Oldest Data Age" extremely high for some indexes Hello,We have noticed that in Monitoring Console-> Indexing-> Indexes and Volumes -> Indexes and Volumes: Deployment ... by justynap_ldz Path Finder in Getting Data In 12-05-2022 0 1	0	1
How to list all the KV stores /collections via SPL Splunk Search? I want to list all the Kv store collections through SPL. something like below...\| rest /servicesNS/-/- .......unable ... by zacksoft_wf Contributor in Getting Data In 12-04-2022 0 3	0	3
How to configure the SHC members and the deployer? Hello Are you okay?Can you help me, I'm trying to configure the Deployer to send the Apps to the SH's but I'm getting... by Zarack Engager in Getting Data In 12-04-2022 0 4	0	4
Unable to upgrade HF server from 8.2 to 9.01 using rpm command [user]$ sudo rpm -U --prefix=/opt/splunk splunk-9.0.1-82c987350fde-linux-2.6-x86_64.rpmerror: splunk-9.0.1-82c987350f... by phanikumar915 Engager in Getting Data In 12-04-2022 0 7	0	7
What are Wineventlog overload/limiting best practices? We've got Splunk_TA_Windows installed on a number of our servers sending data to our Splunk Cloud instance. However, ... by paulgo Explorer in Getting Data In 12-02-2022 0 1	0	1
Detection of duplicate files in batch mode Dear all,I have the use case that my splunk universal forwarder does not continuously monitor my logs.Because of this... by zapping575 Path Finder in Getting Data In 12-02-2022 0 4	0	4
Has anyone done anything with Azure scale sets? Hi, Has anyone done anything with Azure scale sets, I guess I will need to correlate across a number of logs to deal ... by Rhidian Path Finder in Getting Data In 12-02-2022 0 1	0	1
Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade? Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also... by meghasinghal Engager in Getting Data In 12-02-2022 0 3	0	3
Why is SED command not working on Splunk Cloud? Hi I am sending windows system and security data to splunk cloud. Data is collected using UF and forwarded to cloud t... by rajeshmetso Engager in Getting Data In 12-02-2022 0 2	0	2
When collecting logs through syslog, why does it comes in json format? EPP: {"syslog_type":"AGENT_EVENT", "syslog_data":{"log_string_args":null,"computer_name":"F0-P-N0017","login_id":"POO... by guerrillalds Engager in Getting Data In 12-02-2022 0 4	0	4
Why "match" condition is not working? I want to match one field value with other field values. If Value in btc field is present in NEB_Sales_Oppy_Business_... by punithsj96 Explorer in Getting Data In 12-01-2022 0 6	0	6