Getting Data In

Community Activity

fully reindexing a file every time the datestamp changes I've a few different automated pulls of data into directories of files I want splunk to index. These files get compl... by mjones414 Contributor in Getting Data In 05-12-2025 1 16	1	16
Fortinet logs collected through syslog TCP with SC4S are not splitted correctly Hi all,I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP protocol... by Numb78 Explorer in Getting Data In 05-12-2025 0 3	0	3
WIndows 7 support I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. ... by twh1 Communicator in Getting Data In 05-12-2025 0 9	0	9
Streamfwd pcap filter compilation error I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa... by Mit Observer in Getting Data In 05-11-2025 0 1	0	1
Request for Best Practices on Collecting Essential Data from Endpoints to Splunk Dear Splunk Community,I am currently working on a project focused on identifying the essential data that should be co... by kn450 Explorer in Getting Data In 05-10-2025 0 6	0	6
Split JSON array into individual events on HF We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ... by nmohammed Builder in Getting Data In 05-09-2025 0 12	0	12
sc4s index re-route Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve... by capjacksparo Engager in Getting Data In 05-08-2025 0 5	0	5
call not properly authenticated Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ... by NatanS Explorer in Getting Data In 05-07-2025 1 8	1	8
UF keep looking for removed input stanza I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a .... by Na_Kang_Lim Path Finder in Getting Data In 05-06-2025 0 1	0	1
Defining Timestamp for HEC Input I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ... by Kieffer87 Communicator in Getting Data In 05-06-2025 1 10	1	10
Splunk Answers Content Calendar May 2025 Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll be spotlig... by Anam Community Manager in Getting Data In 05-06-2025 2 0	2	0
i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods 2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ... by tawfiq15 New Member in Getting Data In 05-06-2025 0 1	0	1
Redirecting specific logs using a regex Hi splunk community, I have a question on logs cloning/redirectionPurpose :Extract logs containing "network-guest", a... by Nicolas2203 Path Finder in Getting Data In 05-06-2025 0 19	0	19
Remove the index distributed setup Hi,After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distribut... by ws Path Finder in Getting Data In 05-05-2025 0 3	0	3
Onboarding MOVEit Server Database logs to Splunk How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method? by msatish Path Finder in Getting Data In 05-05-2025 0 1	0	1
DB connection errors- no Http Event Collectors available Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below... by juhiacc Explorer in Getting Data In 05-03-2025 0 3	0	3
How to upload a csv from a host that has a universal forwarder? We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo... by danielbb Motivator in Getting Data In 05-02-2025 0 2	0	2
How to Drop Events Larger Than 10,000 Bytes Before Indexing? Hi everyone,I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they get i... by yashb Engager in Getting Data In 05-01-2025 0 3	0	3
Do not run Powershell script when Splunk starts Hi,I want to run a Powershell script on a Windows universal forwarder according to a cron schedule. My input looks si... by splunk310805 Observer in Getting Data In 04-30-2025 0 1	0	1
When using the Field Extractor can you use the same name for a field? will it append or add to the original field create When using the Field Extractor can you use the same name for a field? will it append or add to the original field cre... by Cheng2Ready Communicator in Getting Data In 04-29-2025 0 1	0	1
Capability to upload image in Splunk Dashboard Studio Hi All,Which Capability do i assign to Splunk user to upload image in Dashboard Studio by krutika_ag Path Finder in Getting Data In 04-29-2025 0 1	0	1
1 hour from indexing to Splunk-Web Hello,Some of the forwarder installations are behaving strangely.They take an hour for the data to be indexed and dis... by chrisitanmoleck Path Finder in Getting Data In 04-29-2025 0 8	0	8
KV Store initialization has been not completed yet in SHC Dears,,,The KV Store initialization on our search head cluster was previously working fine. However, unexpectedly, we... by Mfmahdi Path Finder in Getting Data In 04-28-2025 0 2	0	2
Unable to remove prefix by SEDCMD in sourcetype but able to run in search I am trying to remove everything before the {<!-- --> character to preserve the JSON format. I am using SEDCMD-keepjson = s/^... by Alan_Chan Explorer in Getting Data In 04-27-2025 0 3	0	3
Why does linebreaking regex have no capturing groups? Hi Need help to fix the below error My Props : Sample events: by jackin Path Finder in Getting Data In 04-27-2025 0 10	0	10