Getting Data In

Discussions

Thread Info

Best way to connect Splunk and Cloudflare

Hey guys, I am a nebbie with Splunk, but already fell in love with it. Such a great tool! I was tasked with sto...

by Engager in

using SEDCMD to remove repeated lines

hey everyone, Our server here generates a filestamp/header at midnight or on resets that start with a line of dashes(...

by Path Finder in

Failed to replicate Streaming bucket

Hi, I'm getting the below error and the hot buckets are not replicated across the indexers in a cluster. 08-23...

by Explorer in

HEC Configuration Certificate required?

We have a commercial appliance that requires a HEC configuration in Splunk to ingest data. I have configuration the ...

by Engager in

About specification of "initCrcLength" option and "crcSalt" option.

About initCrcLength I know that changing initCrcLength option cause reindex and ignoreOlderThan option is workarou...

by Builder in

Splunk windows logs to Snare central

Hi Am trying to collect the windows logs from DCs and send them to both Splunk indexer and Third party System ...

by Engager in

Organizing Logs

I'm new and a novice to Splunk although i have installed, setup and played with searches in Splunk in a lab.My questi...

by New Member in

Splunk Add-on Builder REST data input pagination

Hi, I've recently started working with the Splunk Add-on Builder to quickly query and index data from a REST API of...

by Engager in

Windows universal forwarder with a static config for Sysmon logs

I was hoping if someone can help me. We are looking into deploying Sysmon and the Universal forwarder remotely in ver...

by Path Finder in

ServiceNow Inputs.conf Filter Data by field value

We use the Splunk ServiceNow TA - both on collecting data from ServiceNow and creating incidents via the Splunk alert...

by Contributor in

Data capture

I need a splunk service for my client buying Bitdefender cyber security but wants a solution to add on to capture HTT...

by New Member in

Parsing multiline does not working as expected

Hello Splunkers, i need help.I have multiline logs looking like: 01/04/22 03:00:00 MONITOR_RAP: b...

by Path Finder in

Can I delete files after they are indexed?

Hi, I'm currently forwarding files from my forwarder to the Indexer. For the purpose of housekeeping, can I safely ...

by Path Finder in

Can we avoid Splunk indexing lines from a file that gets overwritten?

We have a process that writes log lines to a log file. Every 15 min the entire log file is overwritten. If there are ...

by New Member in

Syncing searches from SIEM Rules

Hi, Is anyone syncing detection content (searches) on SIEM Rules (https://www.siemrules.com/) to their Splunk insta...

by New Member in

sslRootCAPath at server.conf

SSL is already complex one, this poor documentation adds the fuel to the fire https://docs.splunk.com/Documentatio...

by SplunkTrust in

"Next year" events on the turn of the year.

I have syslog-pushed events which behave... weirdly around the end of the year. As we all know, there might be some...

by SplunkTrust in

Splunk - openshift DaemonSet deployment error

I was trying to get DaemonSet up and running got below errors while getting pods ready [error]: #0 unexpected err...

by Explorer in

/services or /servicesNS in REST API

Hello ! Can someone tell methe difference between /services and /servicesNS when using the Splunk REST AP...

by Path Finder in

how to exclude in _MetaData:Index

I noticed in our environment, from many uf, the internal logs were indexed under a different index name. After invest...

by Explorer in

schedule csv output for report

Hello Splunkers, I am trying to find a way to e-mail a report I have already setup to e-mail a .csv of the report. Cu...

by Contributor in

universal forwarder for domain machines

Hi all, Is it possible to configure universal forwarder in one machine that collect logs from all other domain mach...

by Explorer in

Monitoring Latest File Only

I am looking to monitor a folder audit that contains list of files which gets generated everyday automatically, below...

by Contributor in

Collect data from WEC to which other machines send logs

Hello. I have windows№1 who sending logs to my windows№2 (WEC) on which i have UF (windows_TA) who collecting data an...

by Builder in

UF in a lab VM

Hi all, I am using Splunk Cloud and would like to configure a universal forwarder in a VM on a non-domain join...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Best way to connect Splunk and Cloudflare

using SEDCMD to remove repeated lines

Failed to replicate Streaming bucket

HEC Configuration Certificate required?

About specification of "initCrcLength" option and "crcSalt" option.

Splunk windows logs to Snare central

Organizing Logs

Splunk Add-on Builder REST data input pagination

Windows universal forwarder with a static config for Sysmon logs

ServiceNow Inputs.conf Filter Data by field value

Data capture

Parsing multiline does not working as expected

Can I delete files after they are indexed?

Can we avoid Splunk indexing lines from a file that gets overwritten?

Syncing searches from SIEM Rules

sslRootCAPath at server.conf

"Next year" events on the turn of the year.

Splunk - openshift DaemonSet deployment error

/services or /servicesNS in REST API

how to exclude in _MetaData:Index

schedule csv output for report

universal forwarder for domain machines

Monitoring Latest File Only

Collect data from WEC to which other machines send logs

UF in a lab VM

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures