Getting Data In

Discussions

Thread Info

Splunk server uptime - missing Splunk server details

Hi all, I am running the below query, I get responses from some of my Splunk servers but not all ? | rest /serv...

by Path Finder in

How to limit the use of resources like memory and CPU by Universal Forwarder?

I'm monitoring AD and DNS Server logs on Windows 2019 servers and Universal Forwarder has been the resource utilizati...

by Path Finder in

How to resolve "Problem replicating config (bundle) to search peer 'xxxxx.yyyy.com:8089', got http response code 400 HTTP/1.1 400 Unparsable URI-encoded request data."?

Have 1 indexer and 1 search head. Separate VM's. When trying to view indexed data from search head UI we receive the ...

by Path Finder in

How to monitor HAproxy logs of server in Splunk

Hi @gcusello , Could you please help me to monitor HA proxy logs of server in Splunk. What should be the steps ...

by Path Finder in

HTTP Event collector

Hi @gcusello , I am curious to know why I am able to see HTTP Event collector under the Data Inputs on my Ind...

by Path Finder in

filtering cisco devices with syslog-ng.conf to avoid catchall

Hello- I'm trying to filter cisco logs so that all data shows up in it's own folder in syslog-ng. However only so...

by Path Finder in

Docker - Universal Forwarder service stops - Test basic https endpoint failed

Hi, I am new to Splunk and running both Splunk Enterprise and Universal Forwarder in a Docker container (on the sam...

by Loves-to-Learn Lots in

Splunk Docker - Which is the right folder for props.conf (and other config files)

Hi, I have found several locations with a props.conf in my Docker splunk:8.2 image: ./opt/splunk/etc/apps...

by Loves-to-Learn Lots in

Performance in Virtual versus Hardware Indexers for large and growing Enterprise Splunk instantiations

We have an Enterprise Splunk instantiation that has clustered virtual indexers. We have been advised that we need re...

by Path Finder in

TAXII 2.1 Inputs (Without Splunk Enterprise Security)

Hi all!I know ES ships with a TAXII client to ingest threat intel over TAXII. Does anything exist for users who do ...

by Contributor in

Splunk

Hi, I would like to know to the commands and procedures for failures happen for splunk 1. What if deployment ...

by Path Finder in

avoid some events

Hi Team, We are collecting data from Alibaba cloud through a heavy forwarder (using Alibaba add-ons) and ...

by Path Finder in

Indexes are randomly removed from roles

Hi everyone,Currently we're dealing with an odd one on the Enterprise search head (we're using 8.2.3). We have multip...

by New Member in

Filter splunk data to reduce ingestion size

We are transferring log using log drains and using token created using HTTP event collector. We need to filter data ...

by Observer in

Role of Heavy Forwarder between UF and Indexer

Hi, Indexer can do Parsing and Indexing then why do we use HF between UF and Indexer?

by Builder in

Intermediate Forwarder in Splunk cloud

Hi, Why do we use IF in Splunk cloud. I know HF can work as IF, then why don't we call it as HF itself?? What w...

by Builder in

Props.conf not picking up linemerge

Lines in my sourcetype are not being picked up correctly at all. Each event is being split into dozens of lines. Al...

by Path Finder in

How to reset Splunk UF to re-monitor a single directory, not all directories?

Hi - I have a Splunk UF monitoring many directories on a rsyslog (receiver) server. One of the directories popula...

by Builder in

What happens when an index configuration accidentally gets deleted?

Hi, I didn't find a detailed description of what happens when an index configuration has been deleted. So far, ...

by Communicator in

SQS Based Input from S3: Assign different sourcetype based on filename

Hello, I have a Heavy Forwarder on which I receive logs via Splunk for AWS addon as they appear in my S3 bucket. ...

by Path Finder in

Universal Forwarder - wineventlog

Using the Splunk Universal Forwarder for windows. Does the forwarder identify the data as wineventlog? How is that ...

by Explorer in

Configure Splunk Universal Forwarder with TCP input to send data with HTTP output to HEC filtering internal logs

Hello, Due to a specific requirement we have to install a Splunk Universal Forwarder acting as "intermediate forwar...

by Contributor in

Microsoft 365 Defender add-on for splunk

Hi, This add-on is to ingest MCAS logs into splunk? Or do we need to use syslog collectors to ingest the MCAS log...

by Builder in

timestamp issues with threatconnect TA

Good Afternoon, I am having an issue with the ThreatConnect TA. The API appears to be connecting as expected bu...

by Explorer in

Use a custom source type for specific Windows firewall events

We use Splunk for storing and analyzing Windows security events. We now want to start storing firewall events related...

by Observer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk server uptime - missing Splunk server details

How to limit the use of resources like memory and CPU by Universal Forwarder?

How to resolve "Problem replicating config (bundle) to search peer 'xxxxx.yyyy.com:8089', got http response code 400 HTTP/1.1 400 Unparsable URI-encoded request data."?

How to monitor HAproxy logs of server in Splunk

HTTP Event collector

filtering cisco devices with syslog-ng.conf to avoid catchall

Docker - Universal Forwarder service stops - Test basic https endpoint failed

Splunk Docker - Which is the right folder for props.conf (and other config files)

Performance in Virtual versus Hardware Indexers for large and growing Enterprise Splunk instantiations

TAXII 2.1 Inputs (Without Splunk Enterprise Security)

Splunk

avoid some events

Indexes are randomly removed from roles

Filter splunk data to reduce ingestion size

Role of Heavy Forwarder between UF and Indexer

Intermediate Forwarder in Splunk cloud

Props.conf not picking up linemerge

How to reset Splunk UF to re-monitor a single directory, not all directories?

What happens when an index configuration accidentally gets deleted?

SQS Based Input from S3: Assign different sourcetype based on filename

Universal Forwarder - wineventlog

Configure Splunk Universal Forwarder with TCP input to send data with HTTP output to HEC filtering internal logs

Microsoft 365 Defender add-on for splunk

timestamp issues with threatconnect TA

Use a custom source type for specific Windows firewall events

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Configuring Splunk OTel Collector for Linux/Window...

Props and Transforms doubt

Upload failed with ERROR: Read Timeout

SQL audit log not working when using event_time as...

Splunk DB connect to Splunk