Getting Data In

Ask a Question

Discussions

Thread Info

Netskope onboarding

Hi, I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Spl...

by Path Finder in

cloudwatch logs tagging

Expert advice needed. I was able to ingest cloudwatch logs for ecs and lambda with data manager Now i need to add...

by Loves-to-Learn Lots in

pull Azure event hub logs to Splunk

How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh...

by Communicator in

Why doesn't my Ingest Action work?

I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi...

by Explorer in

How do I set up a KV Store lookup?

I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku...

by Motivator in

Splunk and Cisco Firepower Audit Logs

Hello folks, My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've be...

by Path Finder in

Splunkforwarder Startup Error in Docker containers

Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUN...

by Explorer in

Turning off chunked encoding in Universal Forwarder

Hi, We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is ...

by Explorer in

Creating service account in splunk to re-assign the orphaned knowledge object

Hi, I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I...

by Communicator in

AWS logging to our Splunk

AWS logs to Splunk We need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk ins...

by Communicator in

Regex for multiline events where skipping lines is required.

I have multiline events where it is required to capture the error messages. The events are separated by "FAILED". ...

by Communicator in

Splunk Data Retention

we got a requirement to on-board new platform logs to Splunk. They will have 1.8 TB/day data to be ingested. As of no...

by Communicator in

Splunk data retention

I was newly aligned into a project and didn't have proper KT from the left ones. I have queries regarding my current ...

by Communicator in

Integration document for Cisco Cyber Vision with Splunk

I am looking for a document to integrate Cisco cyber vision integration with Splunk.

by Splunk Employee in

Change index based on source and index from different environments

Hello, we have Windows servers from two environments, we want WinEventLog source (Windows Events logs) to go in "wi...

by Motivator in

Can I bring the logs to see if a user on Azure has MFA enabled?

HI everyone, I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azu...

by Explorer in

Splunk UF version 9.4.1 install issue

OS Version: Server 2019 I'm trying to install Splunk UF in my test lab. Using the GUI install, I put all the necess...

by Observer in

Syslog-ng error

Hi, I setup the syslog-ng to receive syslog from devices and splunk HF on the same server will read those logs file...

by Path Finder in

Having multiple Forwarders sharing the same Instance GUID

As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of...

by Path Finder in

Change initial date then stop ingestion

I have disabled input (generic S3) of aws add-on for a year. After I enable it, it ingests old data so I disable it a...

by Path Finder in

Ingesting application logs from Docker container into Splunk Cloud

Hi everyone, I'm seeking advice on the best way to send application logs from our client's Docker containers into a...

by Engager in

How to solve duplicate GUIDs of Forwarders?

As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of...

by Path Finder in

How to convert "data" Field to "event" in Splunk HTTP Event Collector (HEC)?

I'm ingesting data into Splunk via the HTTP Event Collector (HEC), but the data is wrapped inside a "data" key instea...

by Explorer in

Akamai WAF integration with Splunk

I have installed akamai add on for splunk in our HF. https://splunkbase.splunk.com/app/4310 I followed th...

by New Member in

Windows splunk_wmi.exe

Hi,Windows UF stopped sending events. I saw this event in _internal index'message from ""C:\Program Files\SplunkUnive...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Netskope onboarding

cloudwatch logs tagging

pull Azure event hub logs to Splunk

Why doesn't my Ingest Action work?

How do I set up a KV Store lookup?

Splunk and Cisco Firepower Audit Logs

Splunkforwarder Startup Error in Docker containers

Turning off chunked encoding in Universal Forwarder

Creating service account in splunk to re-assign the orphaned knowledge object

AWS logging to our Splunk

Regex for multiline events where skipping lines is required.

Splunk Data Retention

Splunk data retention

Integration document for Cisco Cyber Vision with Splunk

Change index based on source and index from different environments

Can I bring the logs to see if a user on Azure has MFA enabled?

Splunk UF version 9.4.1 install issue

Syslog-ng error

Having multiple Forwarders sharing the same Instance GUID

Change initial date then stop ingestion

Ingesting application logs from Docker container into Splunk Cloud

How to solve duplicate GUIDs of Forwarders?

How to convert "data" Field to "event" in Splunk HTTP Event Collector (HEC)?

Akamai WAF integration with Splunk

Windows splunk_wmi.exe

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Missing data in ingested log

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Getting Data In

Are you a member of the Splunk Community?

Discussions