Getting Data In

Community Activity

How do you get a universal forwarder to send missing data? We had a weird incident happen and we stopped receiving log files for a very specific time window. Is there a way to... by michael_leo Explorer in Getting Data In 06-08-2022 0 4	0	4
Clustered indexes not showing up in the index list. Hello. Splunk 6.2.1. Built a single-site index cluster. Two search heads. I can create test indexes across the cluste... by some_guy Path Finder in Getting Data In 06-08-2022 1 6	1	6
SC4S Debug mode directories / Why is function missing in version 2? we have added below line in the env_file, so that events will be catpured and ease to identifier the sourcetype.SC4S_... by jomon_ng Observer in Getting Data In 06-08-2022 0 0	0	0
Is Google Workspace Add-on equivalent update for G suite for Splunk add-on? Can you please help me understand if Google Workspace Add-on equivalent update for G suite for Splunk add-on? Becau... by bsanjeeva Explorer in Getting Data In 06-07-2022 1 0	1	0
Ingesting Incidents from MS Sentinel Anyone has any experience in ingesting Incidents from Microsoft Sentinel (formerly Azure Sentinel)?I found info about... by PickleRick SplunkTrust in Getting Data In 06-07-2022 0 2	0	2
How to blacklist inputs.conf with multiple files or folders? Hello,Below is the existing stanza in the inputs.conf[monitor:///var/log]whitelist=(\.log\|log$\|messages\|secure\|auth\|m... by cxnsalvi Engager in Getting Data In 06-07-2022 0 0	0	0
Splunk Cloud not getting info from indexes on HFs I'm trying to centralize our app information on our HFs. Each HF has the following scheduled search set up:\| rest /se... by xtinas Engager in Getting Data In 06-07-2022 0 0	0	0
How to use transactiontype.conf usage? Currently we are looking ingesting events that have multiple eventIDs that log in new lines. We want to have those ap... by bobby_d Engager in Getting Data In 06-07-2022 0 3	0	3
How to fix configuration for Cooked data Splunk (UF >> UF >> Indexers)? Hi folks, I have a deployment of UF >> UF >> Indexers sending default data as sendCookedData = true to splunktcp://99... by splunk_luis12 Path Finder in Getting Data In 06-07-2022 0 3	0	3
How to parse all json fields in mixed unstructured+structured event? Hi there, I have this type of event coming into splunk: ```[redacted:54407 24943076666] Processing MessageDispatcher.... by zachsisinst Explorer in Getting Data In 06-06-2022 0 1	0	1
Splunk Add-On for AWS Small Hot Buckets- Why are we receiving warning? We are getting the small hot buckets warning for this index, but the timestamps look fine just with a few hours offse... by andrew_burnett Path Finder in Getting Data In 06-06-2022 0 16	0	16
Splunk Connect For Syslog - Since Upgrade From 1.x to 2.29.0, why are Fortigate Events not forwarding correctly? I have the following line in my splunk_metadata.csv to forward forcepoint proxy logs to the index called proxy_forcep... by beano501 Explorer in Getting Data In 06-06-2022 0 2	0	2
How to set up a heavy forwarder to forward data to Splunk Cloud? I didn't find the cloud documentation very clear...Do I need to install splunk enterprise separately to have heavy fo... by Dayane_tr Path Finder in Getting Data In 06-05-2022 0 25	0	25
Why am I getting logs from unexcepted hosts? Hello All, I have integrated UF with splunk v8.2 but getting unnecessary host from where I'm getting logs. Not sure h... by __Sebastian Loves-to-Learn in Getting Data In 06-05-2022 0 6	0	6
How to block few logs from some specific hosts? Hi All, I have around 30 Hosts forwarding logs to splunk. I have the below same paths in all the servers /data/ab... by blbr123 Path Finder in Getting Data In 06-03-2022 0 9	0	9
What parameters should I pass to this Splunk REST API endpoint to archive the same thing that 'splunk offline --enforce-counts' does? Does anybody know what parameters I should pass to the REST API endpoint /services/cluster/slave/control/control/deco... by rongshengfang Explorer in Getting Data In 06-02-2022 2 4	2	4
Is it possible to Login to Splunk via Python SDK using cookies? Hi there! I have access to the following cookies from the browser while in a Splunk session: 'csrftoken=...; splunkwe... by delewis13 Explorer in Getting Data In 06-02-2022 1 1	1	1
Help splitting out a JSON file into multiple events Hi All,There are lots of forum topics here on this but I'm really struggling to get my head around it. I have the fol... by dumdees Explorer in Getting Data In 06-02-2022 0 4	0	4
Is it possible to have ms _time accuracy into _time extracted from wineventlog at index time? Y'all, I have events from a windows eventlog and the application writes time with ms precision into the Message field... by Random_Walk Path Finder in Getting Data In 06-01-2022 0 0	0	0
SC4S and indexes Hello,I have a SC4S server setup receiving info from our Network UPS. I have created a new index for any date to do ... by njusticesnb Engager in Getting Data In 06-01-2022 0 1	0	1
How to extract and display the details tab from windows event logs? I have an issue that honestly may not be possible using splunk but I wanted to reach out for some advice because you ... by cbwillh Path Finder in Getting Data In 06-01-2022 0 3	0	3
How do I fix this error: One or more sourcetypes has been found to present events in the future Hello everyone, In Splunk GUI when i run health check its showing one error like One or more source types has been fo... by Mohanveera1 Explorer in Getting Data In 06-01-2022 0 2	0	2
Why is Splunk rest api result not returning aggregated field? search index=abc dp_"response"\| stats perc95(api_time_taken) as abc by api This is the search query I am using whil... by santoshbwn New Member in Getting Data In 05-31-2022 0 2	0	2
Splunk.exe writes "OK" to stderr when everything is ok When I run the following command on Windows (Splunk version 7.1.2, Windows version Server 2012 R2): splunk apply clu... by jacobappleton Explorer in Getting Data In 05-31-2022 1 2	1	2
Is there a supported or working CIM Mapping add on for "Cisco Cloud Security Umbrella Add on"? Hi all, I am using "Cisco Cloud Security Umbrella Addon for Splunk" to ingest the Data via API. https://splunkbase.sp... by ojay Path Finder in Getting Data In 05-31-2022 0 1	0	1