Getting Data In

Discussions

Thread Info

How to blacklist EventCode 5145 with Wineventlog?

I am trying to blacklist EventCode 5145 with specific message and it is not working.Example Event: LogName=Securit...

by Path Finder in

Why are cluster of indexers not getting data into custom index?

I have cluster of indexers i1, i2 and i3 and not seeing any data coming from universal forwarder f1 to custom index n...

by Explorer in

Data collection not working- What should I check for collection of csv file data?

Intermittent text file data collection is not possible. Initially, it is a collection of csv file data. After t...

by Explorer in

Usecases, content ES and Source types- Could someone explain how this works with content that comes with ES?

Hello everyone, I'd appreciate if anyone could step in to help me with an unclarity that I have. For use cases ...

by Path Finder in

Optel Java Agent getting 404 on using ingest endpoints- How do I fix?

I am using Java agent to push logs to Splunk Observability but getting 404 on valid credentials. https://github.com/s...

by New Member in

How to collect Windows metrics and logs with the data collection script in ITSI?

Hi Splunkers,I'm trying to use ITSI to monitor my Windows intrastructure.I used the data collection script (generated...

by Path Finder in

Help with small CSV file indexing

I am trying to index a small CSV file with 2 columns and Size -5.32 KB (5,453 bytes) , Size on Disk - 8.00 KB (8,192...

by Contributor in

How can I spit event into multiple events

I'm trying to spit event into multiple events，my raw event like below <14>1 2022-09-14T12:49:12.620+08:00 TestS...

by Explorer in

Compare values from same field in different events to all other events?

So I'm trying to get all events where val1+val2 are also in another event from the table. In the example below, I wou...

by Engager in

How do I prevent Splunkd crashing with memory allocation error?

Hello Splunk ES experts , My Splunkd is crashing frequently with below error in crash logs C++ exception:except...

by Builder in

How do correlation searches work with other source types if the source types weren't specified in search?

Hello everyone, I have the following question: For use cases (anything in the Enterprise Security > content), l...

by Path Finder in

Data model tags whitelist- Should I add tags used inside constraints on my own?

Hi all, I installed the Splunk CIM on my Splunk instance and I've a doubt regarding tags whitelisting. The docs...

by Loves-to-Learn in

Multiple inputs files, with 1 app?

Hey all, So I found a question here about using multiple inputs.conf files.. how it's possible with multiple apps but...

by Explorer in

[udp://:portnumber] Event Blacklist- How do I prevent unwanted data from being indexed?

Hello, I am currently receiving firewall data on my heavy forwarder on a specific port number. On the HF there is ...

by Explorer in

What is the difference in these stanzas?

What is the difference between these stanzas... [WinEventLog://Application] disabled = 0 index=tablets sourcetype=...

by Communicator in

Is there a way I can change source name on HEC?

I am using HEC to push the data to Splunk, and in the HEC we have a field Source, And the log which I am forwarding t...

by Loves-to-Learn Lots in

Forwarding mirror copies of logs to multiple indexer groups [Splunk UF]- Why are the logs not being received properly?

Hi There, I have a universal forwarder that is installed on a Syslog Server and is reading all the logs received o...

by Explorer in

How do I clone all data received from one indexer to another indexer?

Hello, I have one indexer cluster that receives data over inputs.conf [splunktcp://9997]. I want to clone all d...

by Path Finder in

Which inbound/outbound ports should be opened to send data to HTTP Event Collector?

Hello, I understand that the HTTP Event Collector receives data over HTTPS on TCP port 8088 by default. What i ...

by Explorer in

[Solution] Splunk HEC and iOS/HomeKit Shortcuts

Splunk HEC and iOS/HomeKit Shortcuts A number of years ago the PM for HEC happen to sit behind me at a conf keynot...

by Influencer in

Why are there strange characters in sourcetype?

Our Splunk environment is producing many Windows eventlog entries with broken sourcetypes. When looking at the sou...

by Explorer in

Why can't I get Salesforce ListViewEvent data?

Hi , I have been trying to get data from ListViewEvent form salesforce through "Inputs" in "Splunk Add on for Sale...

by New Member in

How to compare events "without" common fields?

Hello All, I'm trying since 3 days now to find a solution for my problem but without success.I look around for solu...

by Explorer in

Log Pipeline Management - how to convert comma decimal to dot?

Hi, May i know how to convert raw data (cookedvalue) from comma to dot using regex? Raw Data in Log Observer ...

by Path Finder in

Why did splunk fail to install uf on windows2012 r2?

my os is windows2012 R2, I try to install splunk uf 9.0.0.1.first, I uninstall old splunk UF 7.0.2 from "uninstall pr...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to blacklist EventCode 5145 with Wineventlog?

Why are cluster of indexers not getting data into custom index?

Data collection not working- What should I check for collection of csv file data?

Usecases, content ES and Source types- Could someone explain how this works with content that comes with ES?

Optel Java Agent getting 404 on using ingest endpoints- How do I fix?

How to collect Windows metrics and logs with the data collection script in ITSI?

Help with small CSV file indexing

How can I spit event into multiple events

Compare values from same field in different events to all other events?

How do I prevent Splunkd crashing with memory allocation error?

How do correlation searches work with other source types if the source types weren't specified in search?

Data model tags whitelist- Should I add tags used inside constraints on my own?

Multiple inputs files, with 1 app?

[udp://:portnumber] Event Blacklist- How do I prevent unwanted data from being indexed?

What is the difference in these stanzas?

Is there a way I can change source name on HEC?

Forwarding mirror copies of logs to multiple indexer groups [Splunk UF]- Why are the logs not being received properly?

How do I clone all data received from one indexer to another indexer?

Which inbound/outbound ports should be opened to send data to HTTP Event Collector?

[Solution] Splunk HEC and iOS/HomeKit Shortcuts

Why are there strange characters in sourcetype?

Why can't I get Salesforce ListViewEvent data?

How to compare events "without" common fields?

Log Pipeline Management - how to convert comma decimal to dot?

Why did splunk fail to install uf on windows2012 r2?

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions