Getting Data In

Community Activity

There are multiple json messages in _raw into a HEC and splitting them doesn't quite get what I need? Greetings. We recently turned on a HEC and have JSON data coming in and I have noticed that multiple JSON blobs are e... by loganseth Path Finder in Getting Data In 11-30-2022 0 3	0	3
Which UNIX permissions are best for monitoring files? Since it's a best practice to install Splunk and run it as a non-root UNIX user, how can I make sure Splunk has the n... by sloshburch Ultra Champion in Getting Data In 11-30-2022 2 10	2	10
Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow Hello,we are trying to configure the receiving of AppFlow data from Citrix Netscaler, using the Splunk Add-on for Cit... by davidemagni Explorer in Getting Data In 11-30-2022 1 0	1	0
Db-Sources-Why am I getting CSV Duplicated Records? Hi! I'm starting with Splunk, so i really appreciate some help cause i've been stucked several weeks. I have a CSV fi... by paoli28 Observer in Getting Data In 11-30-2022 0 3	0	3
How can I merge two splunk queries together? I have two Splunk queries 1 and 2 below, and both have one common email , i want the searched emails generated from t... by Taibat02230232 Loves-to-Learn in Getting Data In 11-29-2022 0 1	0	1
Error when connecting to local Kubernetes cluster from Splunk App for Data Science and Deep Learning Hi,I am having a local minikube Kubernetes cluster set up. Furthermore, I want to setup the Splunk App for Data Scien... by sschimper Splunk Employee in Getting Data In 11-29-2022 0 1	0	1
Increased CPU on Universal Forwarder since v9 We upgraded the Splunk Universal Forwarders on our web servers from 8.0.5 to 9.0.1 back in late October and since the... by tradevine Engager in Getting Data In 11-29-2022 0 0	0	0
Logs with disorganized data- How to view logs for complete processes and not for fractions of these? Hii, good day everyoneI need your help please. I need to join a log that gives me the events by date, but I require i... by Kleydert Loves-to-Learn Lots in Getting Data In 11-29-2022 0 11	0	11
How to not reindexing data after overwriting a file? Hi everybody, let's say I'm monitoring the file test.log that has these informations:2022-22-25 14:00 - row 12022-22-... by Marco-IT Path Finder in Getting Data In 11-29-2022 0 5	0	5
Is there a step by step setup link for Splunk configuration with UberAgent? Hi All, We are tring to collect the Desktop experience data in Splunk using the Uber Agent. We have installed the Sp... by jasreets New Member in Getting Data In 11-29-2022 0 1	0	1
Is it possible to forward logs from UF to Syslog-ng using either BSD/IETF syslog format? Hi, I was posed a query from my customer. Is it possible to forward syslog from UF to Syslog-ng using the BSD/IETF sy... by mohdmikhael Explorer in Getting Data In 11-29-2022 0 2	0	2
Why is data not ingesting using DB connect? I'm Trying to get oracle DB data using DB Connect app and I have successfully scheduled my job and set up my connec... by sekhar463 Path Finder in Getting Data In 11-28-2022 0 1	0	1
Why are there duplicate MV fields with JSON data? Hello there! I'm trying to ingest JSON data via the Splunk Add-on for Microsoft Cloud Services app. I created a sour... by pcontreras Explorer in Getting Data In 11-28-2022 0 1	0	1
How can I disable a windows event id from indexing? I have an event id 4674 that I would like to block from being indexed. I have the following in my in inputs.conf in ... by troywjonescc Explorer in Getting Data In 11-28-2022 0 3	0	3
Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"? Our admin created me a regular domain user to test low P and assigned it these privileges: • Permission to log on as... by lycollicott Motivator in Getting Data In 11-28-2022 0 20	0	20
Why do our Heavy Forwarders randomly shut down one of its parallel pipelines? Hi, We've recently tested out a new path for data to flow into our Splunk environment from Universal Forwarders.We ha... by mortenklow Explorer in Getting Data In 11-28-2022 1 21	1	21
How can I extrac fields depending on the type of event? Hi,if I had logs as such wirn different type data in the same sourcetype:"<134>Nov 23 21:23:17 NSX-edge-7-0 loadbalan... by evinasco08 Explorer in Getting Data In 11-27-2022 0 7	0	7
What special capabilities (permissions) are required to run the REST API? Hi, What special capabilities (permissions) are required to run the REST API? A colleague and I are both running one ... by rmorschel Explorer in Getting Data In 11-26-2022 0 8	0	8
Receiving an error while using the mvexpand command (does not exist in the data) Hi everyone,currently, i am trying to expand one of the multiple field values but i am getting the result with the be... by super_saiyan Communicator in Getting Data In 11-25-2022 0 6	0	6
How to route the logs from certain host to index=abc_secure? Hi Team, [host::1.(xx\|xx).xx.xx(x\|y)]TRANSFORMS-change_index_abc_secure = change_index_abc_secure [change_index_abc... by VijaySrrie Builder in Getting Data In 11-25-2022 0 7	0	7
Splunk TA For MSCS - Event Hubs input issues We are using the Event Hubs modular input from the SPlunk TA for Microsoft Cloud Services.In our system, we have conf... by rbaudish Loves-to-Learn Everything in Getting Data In 11-24-2022 0 0	0	0
How to distribute big data(logs) in different times of the day. Hi folks,I have an issue with a HF, I'm getting some spikes reaching the 100% when sending data to Splunk Cloud. This... by splunk_luis12 Path Finder in Getting Data In 11-24-2022 0 1	0	1
How to create multiple Sourcetype for one source? I have 4 different kind of logs that is coming from one source (sample logs are below). I would like to configure thi... by davemarianne Engager in Getting Data In 11-24-2022 0 3	0	3
Splunk file and directory monitoring- Am I configuring correctly? Hello having some confusing problems with Splunk permissions that I am trying to understand. Little background we upg... by splunktrainingu Communicator in Getting Data In 11-24-2022 0 7	0	7
Heavy forwarder setup - looking at clustering or other HA options Hi all,I'm new to this forum and found quite a few ideas and solutions to issues admins hit.The organisation I work f... by Aiders1 Observer in Getting Data In 11-24-2022 0 7	0	7