Getting Data In

Thread Info

How to avoid wrong timestamp with MAX_TIMESTAMP_LOOKAHEAD

Hello, I have logs from Cisco ESA (emails) and some of them are logged in the futur. For example this log is marke...

by Contributor in

Why am I unable to download a Universal Forwarder for Windows from splunk.com?

I'm going to the page below and selecting Windows OS, I'm then redirected to the download page and it thanks me for d...

by SplunkTrust in

Why is Microsoft Azure Add-on Not Pulling Logs?

We're running Splunk 8.2.2 with the Microsoft Azure Add-on version 3.1.1. We have the add-on installed on a heavy fo...

by Explorer in

Log forwarding from HF to Cloud

Hello, I am collecting logs from various endpoints via UFs into a Splunk HF. One of the data inputs is firewall...

by Communicator in

Is there any way to find all the Splunk instances that has processed the event

Please checkout the idea here (because I don't think currently it's possible with Splunk unless someone has some work...

by SplunkTrust in

Adding additional fields at the Universal Forwarder: Why are apps are fighting over the _meta field?

I have App_1 that is adding metadata in the inputs.conf file: ###### Forwarded WinEventLogs (WEF) ##...

by Path Finder in

How to optimize a heavy forwarder sending HEC data to index cluster?

Hi I am running a heavy forwarder with HEC and it is sending data to 3 indexers. I am starting to read about ways ...

by Influencer in

Why DBconnect inputs not detected after upgrade to 8.1 from 7.x?

Hello All, We recently upgraded from 7.3. to 8.1. We had a few inputs in dbconnect that was upgraded from 3.1 to 3...

by Engager in

Why am I getting an error in the HF logs and not able to see any latest events in the SH?

Hi All, I am getting below error in the HF logs and not able to see any latest events in the SH. ERROR Htt...

by Path Finder in

Continuously updated log files are not being picked up by Splunk

I have a set of long-running processes that are occasionally restarted. They generate a set of "heartbeat" events whe...

by Explorer in

Field extraction for custom waf log

Hello everyone, I am struggling with extracting the fields of a custom WAF log file as there is no sourcetype that ...

by Communicator in

How to dynamically shrink hot/warm index size?

Hello, Presently my hot/warm index occupies 50GB on disk (there are no limits specified in indexes.conf). I'd like...

by Path Finder in

Why am I getting 404 on static files after having define root_endpoint in web.conf?

Hello I've defined root_endpoint = /splunk in web.conf file. But now I'm getting 404 on /splunk/en-US/static/* fil...

by New Member in

How to change Time format in raw data to a readable format?

Hi Team, I am getting date and time format as "Created_time =1649576166225" in raw log we have to convert. Please...

by Explorer in

Add-on GCP to ingest from Pub/Sub error 403- How do I fix?

Dear Splunkers, I'm trying to get data from a Pub/Sub but i receive a 403 error. I configured the add-on in a H...

by Engager in

How to monitor the files under a path but not the details of each file?

Hi All, Hope you all are doing well. Recently i was ingesting data to Splunk from a server and i had to get the...

by Explorer in

How do I monitor Sage Accounting Software?

I am trying to on board logs for Sage accounting software to Splunk, how do I go about it? I could not find any docum...

by Loves-to-Learn Lots in

Why is My automatic lookup not working with Searchhead cluster?

I have an indexing cluster and searchhead cluster. I want to use a csv threat feeds to add IP reputation field using ...

by Path Finder in

Why is Anonymize data not working?

Hello, i am trying to anonymize data in forwarder using the below: The data AABC123456789012 needs to be transf...

by Loves-to-Learn Lots in

Create Windows UF Blacklist Literal Hyphen Character

Hello, Many thanks in advance for taking the time to read/consider my question, it's always appreciated!I'm curre...

by Path Finder in

How to route window system logs to a different index

Hey there, I have a windows forwarder sending the servers's application, system and security logs to the indexers....

by Path Finder in

How to modify host and sourcetype at the same time

When using HF to collect logs on the cloud， Because the add-on used cannot set host， So the host of the data is t...

by Explorer in

HttpPubSubConnection - Unable to parse message from PubSubSvr

Can anyone help why this Warning message is coming in Splunkd log

by New Member in

Not able to get rid of EDT timezone using strftime command 2022-04-07 07:00:11.028-EDT, any suggestions?

Not able to get rid of EDT timezone using strftime command 2022-04-07 07:00:11.028-EDT . Any suggestions

by Explorer in

How to resolve "err=not_connected" error in Deployment Server configurations?

Hi In the Deployment Server (DS): - I copied an app to the /opt/splunk/etc/deployment-apps/ In the Universal Fo...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to avoid wrong timestamp with MAX_TIMESTAMP_LOOKAHEAD

Why am I unable to download a Universal Forwarder for Windows from splunk.com?

Why is Microsoft Azure Add-on Not Pulling Logs?

Log forwarding from HF to Cloud

Is there any way to find all the Splunk instances that has processed the event

Adding additional fields at the Universal Forwarder: Why are apps are fighting over the _meta field?

How to optimize a heavy forwarder sending HEC data to index cluster?

Why DBconnect inputs not detected after upgrade to 8.1 from 7.x?

Why am I getting an error in the HF logs and not able to see any latest events in the SH?

Continuously updated log files are not being picked up by Splunk

Field extraction for custom waf log

How to dynamically shrink hot/warm index size?

Why am I getting 404 on static files after having define root_endpoint in web.conf?

How to change Time format in raw data to a readable format?

Add-on GCP to ingest from Pub/Sub error 403- How do I fix?

How to monitor the files under a path but not the details of each file?

How do I monitor Sage Accounting Software?

Why is My automatic lookup not working with Searchhead cluster?

Why is Anonymize data not working?

Create Windows UF Blacklist Literal Hyphen Character

How to route window system logs to a different index

How to modify host and sourcetype at the same time

HttpPubSubConnection - Unable to parse message from PubSubSvr

Not able to get rid of EDT timezone using strftime command 2022-04-07 07:00:11.028-EDT, any suggestions?

How to resolve "err=not_connected" error in Deployment Server configurations?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions