Getting Data In

Community Activity

What is the best approach to use Data Inputs in a distributed environment (SHC)? Dear Splunkers, We are using Splunk in a distributed environment with an SHC; now, what is the best approach to us... by Omar Explorer in Getting Data In 08-09-2022 0 3	0	3
Why am I having this issue with HEC guid? I have ack enabled for a HEC input. I can successfully send data into splunk with guid #1. With the same curl but a d... by klim Path Finder in Getting Data In 08-09-2022 0 0	0	0
Controlling the hot bucket size in Splunk - indexes.conf 1. Controlling the size of a hot bucket : maxDataSize = auto \| auto_high_volume auto = 750 mbauto_high_volume = 10 ... by splunker12er Motivator in Getting Data In 08-09-2022 2 2	2	2
How to ping Federate cloud logs on splunk? Hi, We have onboarded ping federate logs in splunk but we are getting multiple logs getting clubbed in one. Can som... by vikashjha New Member in Getting Data In 08-09-2022 0 1	0	1
Why is .swp file getting monitored along with the actual file? I have added directory path in inputs.conf to monitor all the files of that directory. A .swp file got created once a... by ankitarath2011 Path Finder in Getting Data In 08-09-2022 0 1	0	1
How to send rest API data to Splunk? (New splunk user)I want to use the Cyberark Rest Api login event for Splunk. So is there a way to access Rest API dat... by rockzers Path Finder in Getting Data In 08-08-2022 0 3	0	3
Why doesn't my SplunkCloud tenant's HEC work? i tried with : https://prd-p-xxxxxx.splunkcloud.com:8088/services/collector/event and also with : https://http-inputs... by isharoni Observer in Getting Data In 08-08-2022 0 1	0	1
How to get Splunk UF versions in Intermediate forwarder set up? Hi can anyone think of a way to get Splunk versions reported from universal forwarders when in a Intermediate forward... by dmcintosh1972 Explorer in Getting Data In 08-08-2022 0 4	0	4
How to anonymize credit card numbers using props.conf and transforms .conf? hi im trying to replace credit card number (16 digits) in a csv file with xxxx when i input below text, full event wi... by gotenzw Observer in Getting Data In 08-07-2022 0 7	0	7
How to create new column with percentage? Hi, My search is giving below output, Month FieldA FieldBJan 285 1410Feb 247 1934Mar ... by SS1 Path Finder in Getting Data In 08-05-2022 0 1	0	1
How to write simple search of key words or numbers? Say I'm just trying to find if anything in Splunk is showing number "12345678". Isn't there a way to query a simple s... by kruane Explorer in Getting Data In 08-05-2022 0 1	0	1
Why is Event Log time and Indexed time different? hi, Please check with below screenshot The indexed time and event log time both are different. Kindly let me know th... by Atchyuth_P Path Finder in Getting Data In 08-05-2022 0 8	0	8
Session timeout not only for user inactivity- Is there a way to set a "global" session timeout? Hi guys,is there any way to set a "global" session timeout?Not only for user inactivity but for all users even if the... by clotti_splunk Splunk Employee in Getting Data In 08-05-2022 1 2	1	2
How to troubleshoot not receiving data in a specific index from a specific host? Hi folks, I have a host that is sending different logs to Splunk, this host sends various logs successfully except fo... by splunk_luis12 Path Finder in Getting Data In 08-04-2022 0 2	0	2
Trying to override host metadata w/ regex on source, but events are arriving at indexers w/ forwarding servers hostname? I'm trying to override the host metadata with a regex on source but it's not working as expected. The events are arr... by stepheneardley Path Finder in Getting Data In 08-04-2022 0 2	0	2
Is it possible to route data on the cloud HF like this? As we work on the migration to the cloud, we have the following case - We are sending the syslog data to a heavy forw... by danielbb Motivator in Getting Data In 08-04-2022 0 5	0	5
How to parse event logs with JSON (Syntax highlighted)? Good Morning, I am pulling zeek (Bro) logs into my Splunk to view events. However some of these events will display p... by SecDesh Path Finder in Getting Data In 08-04-2022 0 7	0	7
JSON line breaking- How do I get rid of the ]? Hi Team I have a JSON file as below :- [{"entityId":null,"entityType":"Account.AccountRequest","accessedByUser":"jing... by chandvit Engager in Getting Data In 08-04-2022 0 1	0	1
Why is our universal forwarder is truncating/adding extra line breaks to events output over TCP? We have a universal forwarder set up to forward incoming messages to logstash, TCP -> forwarder -> TCP: outputs.conf:... by petehmrc Path Finder in Getting Data In 08-04-2022 0 10	0	10
How to get data into the splunk OT add on security posture dashboard? hello, I had the splunk enterprise with the ES and OT add-ons. I accelerated the data model of the OT_Asset DM and cr... by munna Explorer in Getting Data In 08-04-2022 0 1	0	1
Why doesn't Splunk index old events in same log file? Hi, So i am trying to index the log file data.log, log file is 2 days old and splunk is indexing only the latest even... by SS1 Path Finder in Getting Data In 08-04-2022 0 2	0	2
How to extract this data from the log? Hello,I am fairly new to using splunk. I am having some trouble understanding how to extract the fields. My sample da... by as2050 New Member in Getting Data In 08-03-2022 0 1	0	1
Splunk Add on for McAfee DAM (Database Activity Monitor) Can someone help me with an ADDON for extracting fields out of the syslog data of McAfee DAM (Database Activity Monit... by aruncp333 Explorer in Getting Data In 08-03-2022 0 1	0	1
How to setup to whitelist and blacklist in inputs.conf to pull data from WinEventLog? Hi, we are trying to pull a specific data from [WinEventLog://Microsoft-Windows-TaskScheduler/Operational] but the p... by vin_ven27 Explorer in Getting Data In 08-03-2022 0 1	0	1
How to avoid influence of equal sign in text string when Splunk HEC parses JSON? I was tring to ingest data into Splunk via HEC. One field of my data is: myKey1 = " This is my Application message lo... by cdp_fap Observer in Getting Data In 08-02-2022 0 1	0	1

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

What is the best approach to use Data Inputs in a distributed environment (SHC)?

Why am I having this issue with HEC guid?

Controlling the hot bucket size in Splunk - indexes.conf

How to ping Federate cloud logs on splunk?

Why is .swp file getting monitored along with the actual file?

How to send rest API data to Splunk?

Why doesn't my SplunkCloud tenant's HEC work?

How to get Splunk UF versions in Intermediate forwarder set up?

How to anonymize credit card numbers using props.conf and transforms .conf?

How to create new column with percentage?

How to write simple search of key words or numbers?

Why is Event Log time and Indexed time different?

Session timeout not only for user inactivity- Is there a way to set a "global" session timeout?

How to troubleshoot not receiving data in a specific index from a specific host?

Trying to override host metadata w/ regex on source, but events are arriving at indexers w/ forwarding servers hostname?

Is it possible to route data on the cloud HF like this?

How to parse event logs with JSON (Syntax highlighted)?

JSON line breaking- How do I get rid of the ]?

Why is our universal forwarder is truncating/adding extra line breaks to events output over TCP?

How to get data into the splunk OT add on security posture dashboard?

Why doesn't Splunk index old events in same log file?

How to extract this data from the log?

Splunk Add on for McAfee DAM (Database Activity Monitor)

How to setup to whitelist and blacklist in inputs.conf to pull data from WinEventLog?

How to avoid influence of equal sign in text string when Splunk HEC parses JSON?

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

What's the difference between ingesting TCP as TCP...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation