Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
jotne

IIS logs: why the error WARN FilesystemChangeWatcher - error getting attributes of path "E:\inetpub\logs\LogFiles":?

We have a rather huge solution with 2000+ servere.    Our company needs that we monitor the IIS logs. Problem is that...
by jotne Builder in Getting Data In 11-19-2022
0 0
0
0
sniderwj

Can I use the Microsoft Cert Store for Universal Forwarder SSL Communication?

I am working on getting Splunk secured with certificates. We have a requirement to ensure the integrity of our audit ...
by sniderwj Explorer in Getting Data In 11-18-2022
1 7
1
7
Tristan9608

Is there something that can be done about GitHub Cloud Log streaming to network limited environment?

Hi, I'm trying to get the audit logs from github cloud into splunk instance which has limited network access. the pro...
by Tristan9608 Engager in Getting Data In 11-18-2022
0 1
0
1
midcoffessplunk

リアルタイムアラート作成時の複数フィールドの突合について

異なるソースタイプ[sourcteype=A1]の中に[user]、[sourcetype=B1]の中に[ap_user]というフィールドがあります。この2つの[user],[ap_user]のユーザ名が同じであるかどうか判定するリア...
by midcoffessplunk Engager in Getting Data In 11-18-2022
0 1
0
1
gut1kor

How to format json event data so that it can be written to a json log and then successfully indexed by Splunk?

Hi Team,I am new here and would like to find a way to tackle this problem. I have structured json events that I am ab...
by gut1kor Explorer in Getting Data In 11-18-2022
0 8
0
8
payl_chdhry

Anonymization not working for extracted field with space in name

We have requirement to mask data in index time. While below works to mask data in raw, it does not work for extracted...
by payl_chdhry Path Finder in Getting Data In 11-17-2022
0 3
0
3
opoplawski

Are there currently supported methods for ingesting and monitoring Suricata events in Splunk?

Are there currently supported methods for ingesting and monitoring Suricata events in splunk?
by opoplawski Explorer in Getting Data In 11-17-2022
0 3
0
3
opoplawski

Documentation for journald_input

I see that there is a journald_input app in the splunk forwarder install, but I can't seem to find any information on...
by opoplawski Explorer in Getting Data In 11-17-2022
0 2
0
2
opoplawski

Are there any existing parser for samba smbd_audit records?

Are there any existing parser for samba smbd_audit records?  Or other was to collect access to files with samba?
by opoplawski Explorer in Getting Data In 11-17-2022
0 0
0
0
emallinger

How to fix SplunkDB "Unsupported or unrecognized SSL message"?

Hi everyone,   I'm struggling with SplunkDB connect and HEC. I have a monoinstance splunk that has all roles. I have ...
by emallinger Communicator in Getting Data In 11-17-2022
0 1
0
1
ArtistOfXtreme

Why is status superimposed on our logs?

Hello Guys! Is my first post so sorry if the title is not as specific as it should be Look, we have an order tracking...
by ArtistOfXtreme Engager in Getting Data In 11-16-2022
0 3
0
3
cheriemilk

How to compare and list the difference between search result and lookup file?

hi team, 1. I have a query with below 2 columns returned only PQ, ACTpq1, act1PQ1, act2pQ1, act3pq2, act4QP2, act5Pq2...
by cheriemilk Path Finder in Getting Data In 11-16-2022
0 7
0
7
paxtaru

How to extract timezone in json?

We have a log that we've been asked to ingest which is a json format file that's similar to this: {"type":"appReque...
by paxtaru Explorer in Getting Data In 11-16-2022
0 3
0
3
jhilton90

Use regex to pull out a phrase with a specific word?

Right now I'm using regex to pull data with the phrase "MFA challenge succeeded" using the following regex:   | rex "...
by jhilton90 Path Finder in Getting Data In 11-16-2022
0 9
0
9
samwatson45

How can I get the time difference between two events?

Hi, I am looking at logs in an IIS index. These are events performed by someone who is using a product that we make...
by samwatson45 Path Finder in Getting Data In 11-16-2022
0 8
0
8
FlorianScho

Reduce license usage for performance data from Add-On for VMWare

Hi, i already did some research but seems our case is a bit special:We colllect inventory and performance data from o...
by FlorianScho Path Finder in Getting Data In 11-15-2022
0 1
0
1
danielbb

Should we make the EventID field an index field for the wineventlog index?

How difficult is it to make the EventID an index field for the wineventlog index? Can it increase indexing time signi...
by danielbb Motivator in Getting Data In 11-15-2022
0 1
0
1
Sammy13

Time stamp format to round to nearest hour GMT Timezone

I have a start time column in splunk in this format:19:10:54:19I have a start date column in this format: 2022-11-15I...
by Sammy13 Engager in Getting Data In 11-15-2022
0 2
0
2
chimell

Rollback during Installation Splunk Enterprise in Windows 64 bit?

Rollback during Installation Splunk Enterprise in Windows 64 bit Please i need the help.  
by chimell Motivator in Getting Data In 11-15-2022
0 3
0
3
deepthi5

Extract Json with different log patterns?

Hi My json logs comes with two different patterns one with timestamp and host added sometimes and one with out these ...
by deepthi5 Path Finder in Getting Data In 11-15-2022
0 1
0
1
Matthias_BY

Forwarder Output Compression Ratio- what is the expected bandwidth saving of a compressed stream if i activate it?

Hello, i can activate compression on the universal forwarder to the indexer. as i understand from the documentation a...
by Matthias_BY Communicator in Getting Data In 11-15-2022
4 6
4
6
balu1211

Why deployment apps inputs.conf blacklisted event codes, regex are not reflecting on Splunk agent server ?

by balu1211 Path Finder in Getting Data In 11-15-2022
0 3
0
3
sujoykr

How to check for artifacts added during playbook execution?

Hi,I am working on a playbook which will check for any new artifact that has been added during the playbook execution...
by sujoykr Loves-to-Learn in Getting Data In 11-14-2022
0 0
0
0
marka3721

If you need to create a new field alias that would be in two sourcetypes?

I am getting conflicting information, so I just wanted to ask. If you need to create a new field alias that would be ...
by marka3721 Loves-to-Learn in Getting Data In 11-14-2022
0 1
0
1
nplamondon

Calculate event time, given a startup time and an offset per event?

I have a log source with a terrible timestamping scheme. The first line contains the startup date/time, and each even...
by nplamondon Communicator in Getting Data In 11-14-2022
0 5
0
5
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All