Getting Data In

Community Activity

Microsoft-AzureADPasswordProtection-DCAgent I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ... by Dilsheer_P Loves-to-Learn Lots in Getting Data In 05-13-2025 0 2	0	2
ingest_eval lookup not working I have the following transforms.conf file:[pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapping... by Niro Explorer in Getting Data In 05-13-2025 0 10	0	10
Ingest time lookup to add fields does not work I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1.I came across... by patelmc Explorer in Getting Data In 05-13-2025 0 2	0	2
ingest_eval works on AIO instance but different results when applied at the HF tier I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and... by Skins Path Finder in Getting Data In 05-13-2025 0 3	0	3
Moving cribl events to their own index Brand new to splunk, inherited a slightly configured system.I want to move certain cribl events to an index called vm... by dtamburin Engager in Getting Data In 05-13-2025 0 3	0	3
forward logs from HF to third-party using syslog i have used this approach to forward logs from specific index to third-party system in my case Qradar so i need to do... by KhalidAlharthi Explorer in Getting Data In 05-12-2025 0 10	0	10
Fortinet logs collected through syslog TCP with SC4S are not splitted correctly Hi all,I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP protocol... by Numb78 Explorer in Getting Data In 05-12-2025 0 3	0	3
WIndows 7 support I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. ... by twh1 Communicator in Getting Data In 05-12-2025 0 9	0	9
Streamfwd pcap filter compilation error I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa... by Mit Observer in Getting Data In 05-11-2025 0 1	0	1
Request for Best Practices on Collecting Essential Data from Endpoints to Splunk Dear Splunk Community,I am currently working on a project focused on identifying the essential data that should be co... by kn450 Explorer in Getting Data In 05-10-2025 0 6	0	6
Split JSON array into individual events on HF We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ... by nmohammed Builder in Getting Data In 05-09-2025 0 12	0	12
sc4s index re-route Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve... by capjacksparo Engager in Getting Data In 05-08-2025 0 5	0	5
call not properly authenticated Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ... by NatanS Explorer in Getting Data In 05-07-2025 1 8	1	8
UF keep looking for removed input stanza I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a .... by Na_Kang_Lim Path Finder in Getting Data In 05-06-2025 0 1	0	1
Defining Timestamp for HEC Input I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ... by Kieffer87 Communicator in Getting Data In 05-06-2025 1 10	1	10
Splunk Answers Content Calendar May 2025 Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll be spotlig... by Anam Community Manager in Getting Data In 05-06-2025 2 0	2	0
i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods 2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ... by tawfiq15 New Member in Getting Data In 05-06-2025 0 1	0	1
Redirecting specific logs using a regex Hi splunk community, I have a question on logs cloning/redirectionPurpose :Extract logs containing "network-guest", a... by Nicolas2203 Path Finder in Getting Data In 05-06-2025 0 19	0	19
Remove the index distributed setup Hi,After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distribut... by ws Path Finder in Getting Data In 05-05-2025 0 3	0	3
Onboarding MOVEit Server Database logs to Splunk How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method? by msatish Path Finder in Getting Data In 05-05-2025 0 1	0	1
DB connection errors- no Http Event Collectors available Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below... by juhiacc Explorer in Getting Data In 05-03-2025 0 3	0	3
How to upload a csv from a host that has a universal forwarder? We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo... by danielbb Motivator in Getting Data In 05-02-2025 0 2	0	2
How to Drop Events Larger Than 10,000 Bytes Before Indexing? Hi everyone,I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they get i... by yashb Engager in Getting Data In 05-01-2025 0 3	0	3
Do not run Powershell script when Splunk starts Hi,I want to run a Powershell script on a Windows universal forwarder according to a cron schedule. My input looks si... by splunk310805 Observer in Getting Data In 04-30-2025 0 1	0	1
When using the Field Extractor can you use the same name for a field? will it append or add to the original field create When using the Field Extractor can you use the same name for a field? will it append or add to the original field cre... by Cheng2Ready Communicator in Getting Data In 04-29-2025 0 1	0	1