Getting Data In

Community Activity

Splunk Server logs to 3rd party using an Indexer We have installed Splunk in windows and we want to send windows logs from Search Head, LM and CM to 3rd party using a... by malisushil119 Loves-to-Learn Everything in Getting Data In 05-21-2025 0 15	0	15
Splunk Slowness What are the reasons for the slowness observed in the Splunk Mission Control incident review dashboard? by msatish Path Finder in Getting Data In 05-21-2025 0 2	0	2
Unique universal forwarder to multiple destinations Hello,Is it possible to have only 1 Universal Forwarder installed on a Windows server and this UF sends data to 2 dif... by Flobzh Explorer in Getting Data In 05-20-2025 0 4	0	4
Loosing logs for a specific host in several hours. Hi All.Using Splunk for collecting logs from different devices. But logs from on devices on the network , is not pr... by dendel Observer in Getting Data In 05-19-2025 0 8	0	8
Why is my log file sometimes ignored? Self-answered question follows. Perhaps it will help someone else in the same boat. I have a file called portal-serv... by twinspop Influencer in Getting Data In 05-19-2025 0 2	0	2
Extract key=value into field [cmd_data=list cm device recusive]splunk auto extracts just [cmd_data=list]End result - be able to filter on cmd data... by splunkville Observer in Getting Data In 05-16-2025 0 1	0	1
ESXi and vSphere logs Hello all,I am reviewing the Splunk add-on for vCenter Log and the Splunk add-on for VMware ESXi logs guides and have... by token2 Path Finder in Getting Data In 05-16-2025 0 2	0	2
UF not in CMC Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwa... by msatish Path Finder in Getting Data In 05-16-2025 0 4	0	4
Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth) Hi Splunkers!!,We have recently configured SSO in Splunk using Keycloak, and it's working fine — users are able to lo... by uagraw01 Motivator in Getting Data In 05-16-2025 0 2	0	2
Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally Hi,we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk (https://splunk... by ahennewig_sva Observer in Getting Data In 05-16-2025 0 2	0	2
SourceTypes being changed by GUI Hi All,Help please.Can I get people to agree with me that the following is a bug/design flaw - as my splunk case is g... by KeithH Communicator in Getting Data In 05-16-2025 0 6	0	6
Ingest-time lookup Hello, has anyone worked with ingest-time lookup and familiar with it?https://docs.splunk.com/Documentation/Splunk/8.... by tah7004 Path Finder in Getting Data In 05-16-2025 0 8	0	8
Does props.conf support wildcards? All, I found myself writing this props.conf today. Say I have this: [tomcat:src:server] EXTRACT-springapp_name =... by daniel333 Builder in Getting Data In 05-16-2025 0 5	0	5
Can I send windows security logs using UF over HTTP to Logstash ? Hello Experts , I am trying to send windows security logs to logstash(http) receiver . Below is what I have based on ... by vikas_gopal Builder in Getting Data In 05-15-2025 0 14	0	14
Splunk with CUCM Hi Team,Greetings !!This is Srinivasa, Could you please provide Splunk with Unified Applications (CUCM) On-prem , how... by sreddem Observer in Getting Data In 05-15-2025 0 1	0	1
Delay during log ingestion from Azure Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on... by antnovo New Member in Getting Data In 05-15-2025 0 6	0	6
OpenText NetIQ Logs onboarding via syslog Hi All,Anyone who has worked with OpenText NetIQ Logs before?We are receiving the NetIQ logs via syslog, but the sour... by tech_g706 Path Finder in Getting Data In 05-14-2025 0 4	0	4
Target data from specific Active Directory OU's Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything else? ... by Mobyd New Member in Getting Data In 05-14-2025 0 2	0	2
Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup? I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f... by buzzard192 Explorer in Getting Data In 05-14-2025 0 4	0	4
Why to use syslog or tcp output? Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c... by GaetanVP Contributor in Getting Data In 05-13-2025 0 8	0	8
Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll... by sgutierrez Engager in Getting Data In 05-13-2025 1 4	1	4
Microsoft-AzureADPasswordProtection-DCAgent I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ... by Dilsheer_P Loves-to-Learn Lots in Getting Data In 05-13-2025 0 2	0	2
ingest_eval lookup not working I have the following transforms.conf file:[pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapping... by Niro Explorer in Getting Data In 05-13-2025 0 10	0	10
Ingest time lookup to add fields does not work I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1.I came across... by patelmc Explorer in Getting Data In 05-13-2025 0 2	0	2
ingest_eval works on AIO instance but different results when applied at the HF tier I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and... by Skins Path Finder in Getting Data In 05-13-2025 0 3	0	3