Getting Data In

Community Activity

Are there currently supported methods for ingesting and monitoring Suricata events in Splunk? Are there currently supported methods for ingesting and monitoring Suricata events in splunk? by opoplawski Explorer in Getting Data In 11-17-2022 0 3	0	3
Documentation for journald_input I see that there is a journald_input app in the splunk forwarder install, but I can't seem to find any information on... by opoplawski Explorer in Getting Data In 11-17-2022 0 2	0	2
Are there any existing parser for samba smbd_audit records? Are there any existing parser for samba smbd_audit records? Or other was to collect access to files with samba? by opoplawski Explorer in Getting Data In 11-17-2022 0 0	0	0
How to fix SplunkDB "Unsupported or unrecognized SSL message"? Hi everyone, I'm struggling with SplunkDB connect and HEC. I have a monoinstance splunk that has all roles. I have ... by emallinger Communicator in Getting Data In 11-17-2022 0 1	0	1
Why is status superimposed on our logs? Hello Guys! Is my first post so sorry if the title is not as specific as it should be Look, we have an order tracking... by ArtistOfXtreme Engager in Getting Data In 11-16-2022 0 3	0	3
How to compare and list the difference between search result and lookup file? hi team, 1. I have a query with below 2 columns returned only PQ, ACTpq1, act1PQ1, act2pQ1, act3pq2, act4QP2, act5Pq2... by cheriemilk Path Finder in Getting Data In 11-16-2022 0 7	0	7
How to extract timezone in json? We have a log that we've been asked to ingest which is a json format file that's similar to this: {"type":"appReque... by paxtaru Explorer in Getting Data In 11-16-2022 0 3	0	3
Use regex to pull out a phrase with a specific word? Right now I'm using regex to pull data with the phrase "MFA challenge succeeded" using the following regex: \| rex "... by jhilton90 Path Finder in Getting Data In 11-16-2022 0 9	0	9
How can I get the time difference between two events? Hi, I am looking at logs in an IIS index. These are events performed by someone who is using a product that we make... by samwatson45 Path Finder in Getting Data In 11-16-2022 0 8	0	8
Reduce license usage for performance data from Add-On for VMWare Hi, i already did some research but seems our case is a bit special:We colllect inventory and performance data from o... by FlorianScho Path Finder in Getting Data In 11-15-2022 0 1	0	1
Should we make the EventID field an index field for the wineventlog index? How difficult is it to make the EventID an index field for the wineventlog index? Can it increase indexing time signi... by danielbb Motivator in Getting Data In 11-15-2022 0 1	0	1
Time stamp format to round to nearest hour GMT Timezone I have a start time column in splunk in this format:19:10:54:19I have a start date column in this format: 2022-11-15I... by Sammy13 Engager in Getting Data In 11-15-2022 0 2	0	2
Rollback during Installation Splunk Enterprise in Windows 64 bit? Rollback during Installation Splunk Enterprise in Windows 64 bit Please i need the help. by chimell Motivator in Getting Data In 11-15-2022 0 3	0	3
Extract Json with different log patterns? Hi My json logs comes with two different patterns one with timestamp and host added sometimes and one with out these ... by deepthi5 Path Finder in Getting Data In 11-15-2022 0 1	0	1
Forwarder Output Compression Ratio- what is the expected bandwidth saving of a compressed stream if i activate it? Hello, i can activate compression on the universal forwarder to the indexer. as i understand from the documentation a... by Matthias_BY Communicator in Getting Data In 11-15-2022 4 6	4	6
Why deployment apps inputs.conf blacklisted event codes, regex are not reflecting on Splunk agent server ? by balu1211 Path Finder in Getting Data In 11-15-2022 0 3	0	3
How to check for artifacts added during playbook execution? Hi,I am working on a playbook which will check for any new artifact that has been added during the playbook execution... by sujoykr Loves-to-Learn in Getting Data In 11-14-2022 0 0	0	0
If you need to create a new field alias that would be in two sourcetypes? I am getting conflicting information, so I just wanted to ask. If you need to create a new field alias that would be ... by marka3721 Loves-to-Learn in Getting Data In 11-14-2022 0 1	0	1
Calculate event time, given a startup time and an offset per event? I have a log source with a terrible timestamping scheme. The first line contains the startup date/time, and each even... by nplamondon Communicator in Getting Data In 11-14-2022 0 5	0	5
How to validate Splunk forwarder status? Our organization currently hosts a "Splunk Health" dashboard. This dashboard has a panel that shows the heartbeat int... by nbteal Engager in Getting Data In 11-14-2022 0 3	0	3
Why is collecting remote data not working? (This may be Vague because what its on so sorry ) I have lets say 2 servers. The "Splunk" server, and then the "Targe... by judges88 Explorer in Getting Data In 11-14-2022 0 3	0	3
How to extract ECS Fargate Task ID and show it in the extraction field as a task in my Splunk? Earlier we used to run on ec2 instance, and in splunk we had an extracted field called as "host", in which we used to... by rasikmhetre95 Loves-to-Learn in Getting Data In 11-14-2022 0 0	0	0
Is this the proper approach to sending .log using logback.xml to Splunk? Hello. I'm trying to integrate splunk with my local project developed in Java. I have a main project called send-data... by juliennerocafor New Member in Getting Data In 11-14-2022 0 1	0	1
Does anyone have experience with using Data Manager for Azure and Splunk ES? Hi there! I'm wondering if anyone out there has experience with using Data Manager for Azure onboarding. According t... by Junie Loves-to-Learn in Getting Data In 11-12-2022 0 1	0	1
How to filter access to data inside same index to different roles? Summary Index? Search Filter? Other options? Hi everyone, I am in the need to find a way to filter data that specific roles access inside an index.For example: In... by dmbuhler Engager in Getting Data In 11-11-2022 0 3	0	3