Getting Data In

Discussions

Thread Info

Create alert for delayed files every hour?

hi , I have the below query. Index=Config source =“Java/path/ log.csv” inbound Csv files are supposed to be deliv...

by Loves-to-Learn Lots in

Question About SPL for SplunkD Shutdown

Hi all, I am new to Splunk and am trying to look for logs that indicate that the SplunkD service shutdown. I am tryin...

by Engager in

outputs.conf question about duplicates caused by referencing indexers by IP vs FQDN?

I have suspicious that my outputs.conf configuration files are causing some unwanted data cloning in my forwarders. I...

by Path Finder in

Why does regex extract fields differently in props than same regex used in SPL REX command?

Hi Splunkers. I'm trying to extract fields from Windows DNS debug logs but running into extraction issues for some...

by Path Finder in

How to set Splunk as CSP Policy report collector?

I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Spl...

by Engager in

Eventgen - Splunk adding additional double quotes when I export the data as csv causing issues used as sample file?

Hi , Splunk adding additional double quotes when I export the data as csv . When I use the exported file as...

by Explorer in

How to generate data using JSON format sample file?

Hi , We have an add-on which will JSON format for data input. I can export the data as JSON format. Could ...

by Explorer in

Is it possible to dynamically change sourcetype based upon host?

Hi, I have a logfile that contains lots of hosts (coming in from syslog). I want to dynamically change the sourcet...

by Champion in

Is there any documentation on Splunk app migration from python 2 to 3?

Hi, We upgraded Splunk from 8.2.6 to 9.0.1 recently and have one big internal app ( dashboard, views, field extra...

by Loves-to-Learn Lots in

Receiving error while trying to extracting fields using regex

Hi Splunkers I'm trying to extract some fields using the opting under the log "Extract Fields" using the regix me...

by Path Finder in

Can I delete the DB data files in the search head or are there some steps that I need to follow beforehand?

Hi Community, We have a cluster setup for our Splunk install where all the data are indexed at the data layer...

by Contributor in

Can we get some clarification / consolidation for the add-ons available to ingest O365/Azure security data?

Figuring out the best add-on(s) to ingest security data related to O365/Azure is an exercise in insanity... Can...

by Engager in

Why is Splunk ingest is being doubled?

Hello - I am trying to troubleshoot an issue and have not had much success in determining a root cause. I was wonderi...

by Path Finder in

How to exclude or filter 0% window process from hostmetrics - process?

Hi Guru, How do we exclude 0% process usage from Hostmetrics? We would like to capture those process have >0% usa...

by Path Finder in

Is there a way I can input data into splunk manually for offline events?

I want to input into splunk the "events" of my fire alarms of all the branch offices. Is there a way I can manually...

by Path Finder in

How to search to get list of URLs/domains in my logs in a particular period?

I am new to Splunk and I need help to get a query that lists all the domains that are in my logs (that were accessed ...

by Path Finder in

How to redact the description field from the Service WinHostMon?

I'm trying to redact the description field from the Service WinHostMon to have something like that: Before: ...

by Path Finder in

Why did Imap stop indexing in Splunk?

We are receiving logs from imap before but it suddenly stops indexing data. No recent changes was made on our end. Ou...

by New Member in

How to achieve a field extraction in custom sourcetype?

Hello All, we have a default database:internal sourcetype for a application using DBConnect to send data to Splun...

by Path Finder in

Is there an easy way to create fake data?

I am making a test in python where I want to validate if an ITSI kpi works as expected. Lets say I have an index c...

by Path Finder in

How can I disable all data onboarding in an easy way for running tests?

I want to test if my ITSI kpi's are working as expected, im creating fake events, with collect, that should trigger t...

by Path Finder in

How to search for the websites/urls that people visited today and for a particular user?

i wanted to search for the websites/urls that people visited today and for a particular user. i tried this but I ...

by Engager in

How do we specify multiple output groups on a HEC token, like _TCP_ROUTING for monitor stanzas?

by Communicator in

Why is my metadata search not returning expected results for hosts reporting in within certain time ranges?

Hi all, I have written below metadata search to find the hosts which have reported yesterday, but not reporting in...

by Path Finder in

How to add own WAN IP using a script?

Hi guys, I'm monitoring external Web Server logs and want to run an Alert detecting errors caused by other IP addr...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Create alert for delayed files every hour?

Question About SPL for SplunkD Shutdown

outputs.conf question about duplicates caused by referencing indexers by IP vs FQDN?

Why does regex extract fields differently in props than same regex used in SPL REX command?

How to set Splunk as CSP Policy report collector?

Eventgen - Splunk adding additional double quotes when I export the data as csv causing issues used as sample file?

How to generate data using JSON format sample file?

Is it possible to dynamically change sourcetype based upon host?

Is there any documentation on Splunk app migration from python 2 to 3?

Receiving error while trying to extracting fields using regex

Can I delete the DB data files in the search head or are there some steps that I need to follow beforehand?

Can we get some clarification / consolidation for the add-ons available to ingest O365/Azure security data?

Why is Splunk ingest is being doubled?

How to exclude or filter 0% window process from hostmetrics - process?

Is there a way I can input data into splunk manually for offline events?

How to search to get list of URLs/domains in my logs in a particular period?

How to redact the description field from the Service WinHostMon?

Why did Imap stop indexing in Splunk?

How to achieve a field extraction in custom sourcetype?

Is there an easy way to create fake data?

How can I disable all data onboarding in an easy way for running tests?

How to search for the websites/urls that people visited today and for a particular user?

How do we specify multiple output groups on a HEC token, like _TCP_ROUTING for monitor stanzas?

Why is my metadata search not returning expected results for hosts reporting in within certain time ranges?

How to add own WAN IP using a script?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions