Getting Data In

Thread Info

Why can I not see logs in splunk

Hi All, I got a request to monitor a log files in splunk. below are the log file name pattern: abc_uat_cpe_2...

by Path Finder in

How to Monitor latest folder only?

Hi All, I have a set of folders which are created by the job which runs in the backend and the names of the folder...

by Path Finder in

Sourcetype confusion over IIS logs- Help to find a cogent Spec and Select

I have been doing testing and planning out my Splunk deployment. I have set up a Universal Forwarder on one of our pr...

by Communicator in

How to monitor privileged commands in Windows?

Meow~!How to monitor privileged commands in Windows?For example, in Linux I can by AuditD but what about Windows?

by Builder in

Azure AD Add-on for MS Office 365 questions

I am in the process of trying to configure a Tenant in this add-on. Some of the required values are available in the...

by Path Finder in

How to compare json file and find the difference in log file?

How to compare difference in the json file. If there is no difference we are good. But in my case i need to find comp...

by Builder in

How to add Python modules into Splunk environment for network path monitoring?

Hi All, I am trying to monitor files and folders in network path using a basic (only the outline) Python script sh...

by Loves-to-Learn in

Correlation-Indexed Fields, Indexed Time Field Extraction, HF/UF, Deployment Server, and Performance

Hello, I was trying to find out the correlation among Indexed Fields, Indexed Time Field Extraction, HF/UF, Deploym...

by Motivator in

How to achieve multiple timestamps in single log file?

I am onboarding data from trend micro portable security via HEC. As per the documentation of trend micro it needs 5 i...

by Engager in

How are Splunk passwords encrypted in inputs.conf and outputs.conf?

Could someone please document how the Splunk passwords are encrypted (in inputs and outputs.conf) so that we can setu...

by Explorer in

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication

Splunkers, I just updated my app db_connect. Now all my connections are broken. I think they are forcing ssl now an...

by Explorer in

Does anyone knows how to map the field values from Splunk to Siemplify?

We use Siemplify add-on to ingest alerts from Splunk to Siemplify however, the fields in Siemplify come really horrib...

by Path Finder in

Can not extract value with whitespace at index time

Hello, I have a not ideal log, looking like this, for example: "field1=value1" "field2=val ue 2" "field3=val...

by Engager in

What is the time stamp the syslog daemon writes to the syslog file?

When the syslog daemon writes to the syslog file, what is the time stamp it writes? is it the host date/time or the e...

by Motivator in

Why when applying Props.conf, HF suddenly stops?

Hello all, We are using an RSyslog to write logs to file in a Heavy Forwarder but we found that it was escaping ta...

by Explorer in

How do we forward Tripwire logs to Splunk?

we have question once we need to forward the Tripwire logs to Splunk and I already enable the syslogs on the trip...

by New Member in

Splunk to activeMQ - does anyone have a feedback to share on that ?

Hello, I'm trying to experiment sending data indexed in splunk to activeMQ. I'll probably need to use JMS Messa...

by Communicator in

CVE-2022-32158 - Can I just upgrade the deployment server to version 9.0 in a Splunk Cluster environment?

Can I just upgrade the Splunk Enterprise deployment to version 9.0 in a Splunk Cluster environment?

by New Member in

How to find unencrypted passwords in my logs by using one anchor pattern?

Hi All, I was trying to find the unencrypted passwords in my logs by using one anchor pattern. After getting the pass...

by Path Finder in

Route data to specific indexer based on an external mapping table

Hello everyone I'm fairly familiar with routing data based on the logs themselves, however, I was wondering if ther...

by Engager in

vulnerability CVE-2022-32158 16_06_2022 versions before 9.0 Splunk

Hello, I see that there is a new vulnerability that affects Splunk and I have a couple of doubts https://www.splu...

by Builder in

What is the number of indexers allowed in a single site cluster?

Hello Splunkers I have a query regarding number of indexers or indexer clusters that can reside in a single site c...

by Builder in

Splunk Data Manager support for Microsoft GCCH cloud

We are trying to ingest data from our Microsoft GCCH Azure cloud with the "Microsoft Azure Add-on for Splunk" with mi...

by New Member in

Getting Data in from SYSLOG / File Monitor- Am I missing something?

Hello We are running Enterprise 8.2.6 (Windows Server). We use a product called Fastvue Syslog Server on another ...

by Explorer in

Fschange directory \•••\ not working

Current one that is working is:[fschange:F:\bau\box\quest]Need to specify it to:[fschange:F:\bau\box\quest\...\arch]W...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why can I not see logs in splunk

How to Monitor latest folder only?

Sourcetype confusion over IIS logs- Help to find a cogent Spec and Select

How to monitor privileged commands in Windows?

Azure AD Add-on for MS Office 365 questions

How to compare json file and find the difference in log file?

How to add Python modules into Splunk environment for network path monitoring?

Correlation-Indexed Fields, Indexed Time Field Extraction, HF/UF, Deployment Server, and Performance

How to achieve multiple timestamps in single log file?

How are Splunk passwords encrypted in inputs.conf and outputs.conf?

Updated DB Connect, now my connections don't work; MS-SQL Server Using MS Generic Driver With Kerberos Authentication

Does anyone knows how to map the field values from Splunk to Siemplify?

Can not extract value with whitespace at index time

What is the time stamp the syslog daemon writes to the syslog file?

Why when applying Props.conf, HF suddenly stops?

How do we forward Tripwire logs to Splunk?

Splunk to activeMQ - does anyone have a feedback to share on that ?

CVE-2022-32158 - Can I just upgrade the deployment server to version 9.0 in a Splunk Cluster environment?

How to find unencrypted passwords in my logs by using one anchor pattern?

Route data to specific indexer based on an external mapping table

vulnerability CVE-2022-32158 16_06_2022 versions before 9.0 Splunk

What is the number of indexers allowed in a single site cluster?

Splunk Data Manager support for Microsoft GCCH cloud

Getting Data in from SYSLOG / File Monitor- Am I missing something?

Fschange directory \•••\ not working

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions