Getting Data In

Thread Info

Modular input issue

We are installing modular input (akamai add-on) to get akamai logs to Splunk. In our environment, we have kept modu...

by Communicator in

Do I need to use INDEXED_EXTRACTIONS when using FIELD_DELIMITER & FIELD_NAMES on UF?

I've noticed an issue with one of my syslog indexes. I have a syslog server centralizing and forwarding syslogs for 6...

by Path Finder in

How to parse this kind of log

I have this kind of log: Mar 18 02:32:19 MachineName python3[948]: DEBUG:root:... Dispatching: {'id': '<id>', '...

by Path Finder in

Why can't I download from OpenCTI Stream Feed into Splunk?

Hi,I just want to input OpenCTI feed from OpenCTI to Splunk.I followed installation instruction.https://splunkbase.sp...

by Path Finder in

SSL/TLS Configuration on Splunk Forwarder (Windows)

Hello, I’ve been reviewing the documentation for configuring SSL/TLS on a Splunk forwarder, but I couldn’t find the...

by Communicator in

import vendor security advisories for comparison with inventory

Hello, Can Security Essentials import security advisories from vendors like Broadcom or Microsoft?I would like to c...

by Path Finder in

CyberArk Audit for Splunk

Is there any documentation on creating an input for this app? (https://splunkbase.splunk.com/app/6608) I installed ...

by Explorer in

How to combine multiple data input into one with different polling interval

Hi Team,How to combine multiple data input into one, basically I am having 5 different data inputs where I am taking ...

by Loves-to-Learn in

Issue with file csv monitoring

Dear Splunkers!!I am facing an issue with Splunk file monitoring configuration. When I define the complete absolute p...

by Motivator in

LINE_BREAKER is being ignored

Hi Community, I have a JSON data source that I am trying to get into Splunk via a heavy Forwarder using a custom bu...

by Explorer in

Index searchable retentions questions

Hi team,i have a index with 4 sourcetype. index has searchable retention of 4 months.is there any way we can keep sa...

by Path Finder in

Splunk Add on for MS Azure - not reciving the appliedConditionalAccessPolicies from Azure AD Signin Logs?

We had a problem with our Microsoft Azure plugin since July. The field appliedConditionalAccessPolicies: [ [ - ] ] ...

by New Member in

transforms.conf not working as expected

I have below configurations in transforms and props config files to change the source name of my events from upd:9514...

by Explorer in

How to resolve "SSL23_GET_CLIENT_HELLO:unknown protocol" error on our indexer?

I'm setting up a Splunk Indexer (Splunk Enterprise 6.4.1) on CentOS 6.8 64-bit. I do have the Splunk Add-on for Micro...

by Explorer in

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux Can someone...

by Path Finder in

splunk alert triggering multiple incidents instead of single incident

Hi All,I have a splunk alert that is having this search query:index="dcn_b2b_use_case_analytics" sourcetype=lime_proc...

by Explorer in

Configuring Logstash to send files to Splunk

Hello all, So I'm very new to Splunk, like I've been playing around with it for less than 3 months. I have been ta...

by Engager in

Sending Appdyanmics CPU, Memory and Disk metrics to Splunk

Hi All, We have requirement to onboard the Infrastructure metrics (CPU, Memory and Disk ) monitored using Appdyanic...

by Loves-to-Learn Everything in

splunk alert raising multiple SNOW tickets that are not stopping until I disable the alert

when I run this search query in splunk search and reporting apps my output looks like this as mentioned be...

by Explorer in

How to configure the load balancer to handle HEC data?

We are in a transition from sending the data through HFs to sending the data directly to the indexers and we wonder h...

by Motivator in

Do we need to run an indexer rolling restart when getting new HEC data stream?

We are transitioning from getting the HEC data through HFs to getting it directly to the indexers and we are wonderin...

by Motivator in

New source type with regex not working correctly

I've created a new source type with a regex. It was working but I found an edge case where it was broken. I rewrote t...

by Explorer in

Creating a new sourcetype and performing transforms on it in the same TA

If I have a transforms.conf like the below: [ORIGIN2]REGEX = (?:"id":"32605")FORMAT = sourcetype::test-2DEST_KEY = ...

by Explorer in

AIX UF extract checksum error

When I try to install the UF for AIX, it fails to extract to with a checksum error AIXSERVER:/nim/media/SOFTWARE/sp...

by New Member in

Line breaking source types

I am trying to fix the issue of my zeek logs not being broken into separate events. These logs are in json format and...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Modular input issue

Do I need to use INDEXED_EXTRACTIONS when using FIELD_DELIMITER & FIELD_NAMES on UF?

How to parse this kind of log

Why can't I download from OpenCTI Stream Feed into Splunk?

SSL/TLS Configuration on Splunk Forwarder (Windows)

import vendor security advisories for comparison with inventory

CyberArk Audit for Splunk

How to combine multiple data input into one with different polling interval

Issue with file csv monitoring

LINE_BREAKER is being ignored

Index searchable retentions questions

Splunk Add on for MS Azure - not reciving the appliedConditionalAccessPolicies from Azure AD Signin Logs?

transforms.conf not working as expected

How to resolve "SSL23_GET_CLIENT_HELLO:unknown protocol" error on our indexer?

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux

splunk alert triggering multiple incidents instead of single incident

Configuring Logstash to send files to Splunk

Sending Appdyanmics CPU, Memory and Disk metrics to Splunk

splunk alert raising multiple SNOW tickets that are not stopping until I disable the alert

How to configure the load balancer to handle HEC data?

Do we need to run an indexer rolling restart when getting new HEC data stream?

New source type with regex not working correctly

Creating a new sourcetype and performing transforms on it in the same TA

AIX UF extract checksum error

Line breaking source types

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions