Getting Data In

Community Activity

Delay in Access Logs from S3 I've enabled Access Logging on an S3 bucket so I can have a record of when files are POSTed to the bucket. In additio... by patterc Path Finder in Getting Data In 08-12-2022 0 0	0	0
How to get Windows syslog and send it to Splunk? new splunk i want to get syslog in splunk, should i install 3rd party app to get syslog? or any other way to get sysl... by rockzers Path Finder in Getting Data In 08-12-2022 0 7	0	7
How to forward to Splunk cloud from AWS and on prem? Hi, Our setup is as follows: Managed Splunk Cloud instanceHeavy Forwader (on-prem)Syslog server (on-prem) Our on prem... by FraserC1 Path Finder in Getting Data In 08-11-2022 0 5	0	5
Are there any negative ramifications when adding a field to existing database input? I have an existing database input that is reading from an Oracle database. Existing Dashboard A uses that database i... by dirtebird Explorer in Getting Data In 08-11-2022 0 1	0	1
Why is Splunk Add-on for Google Workspace inputs getting 401 response? I have configured the Splunk Add-on for Google Workspace on a Heavy Forwarder that is performing data collection and ... by splunk_w_ro Explorer in Getting Data In 08-11-2022 0 4	0	4
Is it possible to rename an index along with moving data from the old index to new index name? We are trying to standardize our nomenclature on indexes. Is it possible to rename an index along with moving data fr... by HathMH Path Finder in Getting Data In 08-10-2022 0 1	0	1
What is the best way to get last login value from DC (we have ~60 DCs )? What is the best way to get last login value from DC (we have ~60 DCs ) by rayar Contributor in Getting Data In 08-10-2022 0 3	0	3
How to fix date format to extracted eval field? index="indnewwrapper" \| search rfq_id: \| join [ search index="indnewwrapper" \| search rfq_id: \| eval validateEmailMes... by pp3295 Explorer in Getting Data In 08-10-2022 0 9	0	9
Why can't I see FortiAP logs? Hello team, I have a Fortigate v7.2.0 connected to a FortiAP (FP221E-v7.2) . After i configured Splunk as a syslog se... by rteodorescu New Member in Getting Data In 08-10-2022 0 0	0	0
What is the best approach to use Data Inputs in a distributed environment (SHC)? Dear Splunkers, We are using Splunk in a distributed environment with an SHC; now, what is the best approach to us... by Omar Explorer in Getting Data In 08-09-2022 0 3	0	3
Why am I having this issue with HEC guid? I have ack enabled for a HEC input. I can successfully send data into splunk with guid #1. With the same curl but a d... by klim Path Finder in Getting Data In 08-09-2022 0 0	0	0
Controlling the hot bucket size in Splunk - indexes.conf 1. Controlling the size of a hot bucket : maxDataSize = auto \| auto_high_volume auto = 750 mbauto_high_volume = 10 ... by splunker12er Motivator in Getting Data In 08-09-2022 2 2	2	2
How to ping Federate cloud logs on splunk? Hi, We have onboarded ping federate logs in splunk but we are getting multiple logs getting clubbed in one. Can som... by vikashjha New Member in Getting Data In 08-09-2022 0 1	0	1
Why is .swp file getting monitored along with the actual file? I have added directory path in inputs.conf to monitor all the files of that directory. A .swp file got created once a... by ankitarath2011 Path Finder in Getting Data In 08-09-2022 0 1	0	1
How to send rest API data to Splunk? (New splunk user)I want to use the Cyberark Rest Api login event for Splunk. So is there a way to access Rest API dat... by rockzers Path Finder in Getting Data In 08-08-2022 0 3	0	3
Why doesn't my SplunkCloud tenant's HEC work? i tried with : https://prd-p-xxxxxx.splunkcloud.com:8088/services/collector/event and also with : https://http-inputs... by isharoni Observer in Getting Data In 08-08-2022 0 1	0	1
How to get Splunk UF versions in Intermediate forwarder set up? Hi can anyone think of a way to get Splunk versions reported from universal forwarders when in a Intermediate forward... by dmcintosh1972 Explorer in Getting Data In 08-08-2022 0 4	0	4
How to anonymize credit card numbers using props.conf and transforms .conf? hi im trying to replace credit card number (16 digits) in a csv file with xxxx when i input below text, full event wi... by gotenzw Observer in Getting Data In 08-07-2022 0 7	0	7
How to create new column with percentage? Hi, My search is giving below output, Month FieldA FieldBJan 285 1410Feb 247 1934Mar ... by SS1 Path Finder in Getting Data In 08-05-2022 0 1	0	1
How to write simple search of key words or numbers? Say I'm just trying to find if anything in Splunk is showing number "12345678". Isn't there a way to query a simple s... by kruane Explorer in Getting Data In 08-05-2022 0 1	0	1
Why is Event Log time and Indexed time different? hi, Please check with below screenshot The indexed time and event log time both are different. Kindly let me know th... by Atchyuth_P Path Finder in Getting Data In 08-05-2022 0 8	0	8
Session timeout not only for user inactivity- Is there a way to set a "global" session timeout? Hi guys,is there any way to set a "global" session timeout?Not only for user inactivity but for all users even if the... by clotti_splunk Splunk Employee in Getting Data In 08-05-2022 1 2	1	2
How to troubleshoot not receiving data in a specific index from a specific host? Hi folks, I have a host that is sending different logs to Splunk, this host sends various logs successfully except fo... by splunk_luis12 Path Finder in Getting Data In 08-04-2022 0 2	0	2
Trying to override host metadata w/ regex on source, but events are arriving at indexers w/ forwarding servers hostname? I'm trying to override the host metadata with a regex on source but it's not working as expected. The events are arr... by stepheneardley Path Finder in Getting Data In 08-04-2022 0 2	0	2
Is it possible to route data on the cloud HF like this? As we work on the migration to the cloud, we have the following case - We are sending the syslog data to a heavy forw... by danielbb Motivator in Getting Data In 08-04-2022 0 5	0	5