Getting Data In

Discussions

Thread Info

Can someone please explain what is seekaddress and seekcrc in CRC?

Hi All, Can someone please explain what is seekaddress and seekcrc in CRC in simple terms. I tried to check doc...

by Path Finder in

How do I clear 0s from the Ip?

But the log says 017.002.100.103. I am receiving data from universal forwarder and I would like to remove 0 in front ...

by Path Finder in

How can I get rid of this strange field delimiter and get fields "data" and "UID" correctly separated?

Hi! Hope all are fine, and thanks in advance for any help I'm having problems ingesting Linux Audit Log. For some ...

by Explorer in

How to create a new Sourcetype from Event Data not the raw data?

Hi I am getting in the below data (green box in image). In green is the raw data and in purple is the event dat...

by Influencer in

opentelemetry LOG Data over HEC - What are the best options?

Hi I am new to OT, and I am struggling with a use case that I could really use some advice on, pl...

by Influencer in

Creating Sourcetype form event data not data

Hi I am sending open telemetry Log data to Splunk. I am sending 3 different types of logs to one index and to one...

by Influencer in

Why am I losing data during transmission to Splunk

Hello. Community help please. I can't figure out the problem with the data transfer to splunk. I have an index and da...

by Loves-to-Learn Everything in

Monitoring Exchange logs over CIFS

Hello there. I'm having a performance problem. I have a "central UF" which is supposed to ingest MessageTracking lo...

by SplunkTrust in

How to write a monitoring stanza to monitor the windows Event Viewer logs?

Hi All, We have request from a Cybersecurity team to monitor the Windows Event Viewer logs in Splunk, my question...

by Motivator in

Why is Splunk is not parsing json output from scripted inputs?

I'm fetching some data from API via a python script and passing it to Splunk. it's is not paring the JSON format. I'v...

by Explorer in

How to configure checking interval for Nagios command in agent_config.yaml?

smartagent/nagios:type: nagioscommand: xxx collection_interval/interval/ scrape_interval????

by Path Finder in

Splunk Forwarder Unable to Connect to Target Folder

Hi, I am currently facing an issue where my Splunk Universal Forwarder is able to establish connection with the Spl...

by Observer in

How to cofnigure multiple Nagios command in agent_config.yaml?

Nagios — Splunk Observability Cloud documentation e.g:- smartagent/nagios:type: nagioscommand: first commandservi...

by Path Finder in

Db connect time problem- how to make event time and spunk time equal

Hello, everyone! I configured source from my database via splunk db connect app. Events contain field "time" an...

by Contributor in

How to index .ini file?

I have a Windows .ini file that I am wanting to index on every update of the file. Right now when the file is updated...

by Builder in

Why events are not breaking/extracted properly?

Hello, I completed a few UF based data ingestions and SPLUNK is getting events from those ingestions but have some...

by Motivator in

Why is LINE_BREAKER not working?

I'm having some issues getting my LINE_BREAKER configuration to work for a custom log file. I've tested the RegEx and...

by Engager in

How to route and filter data from HEC?

Hi Community, I have the need to filter data based on a specific field value and route to a different group of ind...

by Path Finder in

How to do time extraction for HTTP Event Collector JSON logs?

I have an HTTP Event Collector input collecting JSON data via syslog forwarder. The syslog-ng message looks like: ...

by Path Finder in

How to get Windows data into Splunk Cloud?

Good Morning, I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the d...

by Path Finder in

Help with configuration: How to use Regex to Normalize data?

Dear All, I have a requirement to parse the data correctly. I am getting merged events and wants separate events f...

by Explorer in

How to write a query that will fetch logs that will identify files that were deleted?

Hi All, Some files has been deleted by someone from one of the server, I need to investigate on that. We only kno...

by Explorer in

Syslog TCP port 514 or 6514- Having trouble connecting Endpoint Cloud to Splunk HF

Hi everyone, Thanks for taking time in reading this and providing your knowledge , since i've been struggling a b...

by Engager in

How to manipulate JSON before index?

(Single/standalone instance of splunk) I have been in a fight with these events for over a week now. I was hoping ...

by Path Finder in

How to write these Props & transforms configuration?

We have to filter the data which has Result=pass, status=200 and send the other logs to Splunk. we have received the ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can someone please explain what is seekaddress and seekcrc in CRC?

How do I clear 0s from the Ip?

How can I get rid of this strange field delimiter and get fields "data" and "UID" correctly separated?

How to create a new Sourcetype from Event Data not the raw data?

opentelemetry LOG Data over HEC - What are the best options?

Creating Sourcetype form event data not data

Why am I losing data during transmission to Splunk

Monitoring Exchange logs over CIFS

How to write a monitoring stanza to monitor the windows Event Viewer logs?

Why is Splunk is not parsing json output from scripted inputs?

How to configure checking interval for Nagios command in agent_config.yaml?

Splunk Forwarder Unable to Connect to Target Folder

How to cofnigure multiple Nagios command in agent_config.yaml?

Db connect time problem- how to make event time and spunk time equal

How to index .ini file?

Why events are not breaking/extracted properly?

Why is LINE_BREAKER not working?

How to route and filter data from HEC?

How to do time extraction for HTTP Event Collector JSON logs?

How to get Windows data into Splunk Cloud?

Help with configuration: How to use Regex to Normalize data?

How to write a query that will fetch logs that will identify files that were deleted?

Syslog TCP port 514 or 6514- Having trouble connecting Endpoint Cloud to Splunk HF

How to manipulate JSON before index?

How to write these Props & transforms configuration?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions