Getting Data In

Discussions

Thread Info

How to enrich GeoIP at index time?

I am sure this is a pretty common use case, mainly because IP addresses move, the data is not static so for security ...

by New Member in

Ingesting Palo Alto logs from an external organization into our on-prem Splunk instance- best practices?

Hello, We are in the process of ingesting Palo Alto logs from a separate organization’s network into our instance ...

by Communicator in

Why is one transform overriding the other with my current configuration?

Hey there, I have the following in my props.conf file: [tomcat-appl] TRANSFORMS-set = createsource, instance T...

by Communicator in

How do I change the sourcetype after the data has been indexed?

I just installed Splunk for the first time. After some trial and error I uploaded a file but later I found that I nee...

by Splunk Employee in

How to copy indexed data from one index to another index in smartstore enabled cluster

I have a requirement to move indexed data from index-A to another index-B in a smart-store enabled cluster. Both inde...

by Path Finder in

How to pull in Windows Event logs from the Windows PowerShell path

Hi, I'm trying to pull in Windows Event logs from the Windows PowerShell path. This path includes 800s, which I've...

by Path Finder in

Why is the Palo Alto Cortex XDR Pro incident events missing some fields?

Good afternoon, I have a Cortex XDR input configured in my Palo Alto Networks add-on. I want to deploy some use...

by New Member in

Why does splunkd.exe has failed connections and high latency towards our Splunk servers?

Hi, Let me start by saying that that i have a very limit knowledge about Splunk, its normally not my area of exper...

by New Member in

Why is splunkd log not pulling the Windows event logs for application and security?

I pulled this from the splunkd log. I finally have my Windows 2016 box checking into Splunk. I can see it in Forwarde...

by Explorer in

How to configure DB logs in heavy forwarder to forward events to indexers?

Hello, everyone! I need help. I configured DB connect app on heavy forwarder and connected database input. I...

by Contributor in

Where to put .PEM file after data accepted?

Right now I have a Syslog Server Sending me security events. The Syslog server is sending the data with TLS encryptio...

by Path Finder in

How to send Windows Event Logs in Snare over Syslog format?

I'm researching a solution for sending Windows Event logs to a third party service that requires them to be in "Snare...

by Path Finder in

Why am I getting this error "HttpInputDataHandler - Failed processing http input"in splunkd.log on heavy forwarder?

Hello, I am solving following problem: HEC on HF is used for data receiving. In splunkd.log on Heavy Forwarder ...

by Path Finder in

Why is my universal forwarder reporting "INFO WatchedFile - Resetting fd to re-extract header"?

One of my servers running a universal forwarder is spitting out this message quite frequently: 02-04-2016 16:48:49...

by Champion in

How to send browsing history to Splunk?

hello I have a windows client and a Splunk Enterprise in other windows and connect them with mikrotik in Gns3. ...

by New Member in

Splunk to tableau integration- receiving dashboard error

Hi Team, Im looking to Integrate Splunk to tableau and able to do it successfully till Tableau Desktop but when ...

by Engager in

unable to pass URL using curl command

Hi all, I am passing some data in JSON format to Splunk using curl. When i try to pass the URL it gives an error " ...

by Communicator in

How to create index using REST API in a clustered environment?

Can you please tell us, How to create index using REST API in a clustered environment?

by Builder in

how to reset the password using REST API

kindly suggest how to reset the password of splunk user using REST API

by New Member in

Powershell Script on UF - high CPU Usage

Hi, I have 4 powershell scripts I wrote for MSSQL servers, simple Invoke-Query PS command to query the database hea...

by Loves-to-Learn Lots in

Windows log in XML format - how to convert numbers to text description

Hello, I would like to ask about win log in XML format: Using Splunk, we collect Windows logs in XML format, beca...

by Path Finder in

Splunk forwarder input.conf interval issue

I have an issue with my splunk forwarder. Inside the inputs.conf, the interval is set to run at 5 9 * * * . So 09:...

by Observer in

Clearpass App in Splunk not showing data in dashboard

Hi Community, Splunk newbie here.... I am trying to set-up a demo of Aruba/HPE Clearpass to Splunk integration. ...

by Observer in

How to Ingest Splunk Lines starting with

Hello, how can I ingest logs starting with a specific word:Sample Log Entry:SPLUNKD-123456: Hello WorldHello World123...

by Path Finder in

Microsoft Azure Add-on for Splunk - Almost a 30 day delay

The Azure Add on seems to be working well with the exception of how behind it is. Specifically for the signins (sourc...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to enrich GeoIP at index time?

Ingesting Palo Alto logs from an external organization into our on-prem Splunk instance- best practices?

Why is one transform overriding the other with my current configuration?

How do I change the sourcetype after the data has been indexed?

How to copy indexed data from one index to another index in smartstore enabled cluster

How to pull in Windows Event logs from the Windows PowerShell path

Why is the Palo Alto Cortex XDR Pro incident events missing some fields?

Why does splunkd.exe has failed connections and high latency towards our Splunk servers?

Why is splunkd log not pulling the Windows event logs for application and security?

How to configure DB logs in heavy forwarder to forward events to indexers?

Where to put .PEM file after data accepted?

How to send Windows Event Logs in Snare over Syslog format?

Why am I getting this error "HttpInputDataHandler - Failed processing http input"in splunkd.log on heavy forwarder?

Why is my universal forwarder reporting "INFO WatchedFile - Resetting fd to re-extract header"?

How to send browsing history to Splunk?

Splunk to tableau integration- receiving dashboard error

unable to pass URL using curl command

How to create index using REST API in a clustered environment?

how to reset the password using REST API

Powershell Script on UF - high CPU Usage

Windows log in XML format - how to convert numbers to text description

Splunk forwarder input.conf interval issue

Clearpass App in Splunk not showing data in dashboard

How to Ingest Splunk Lines starting with

Microsoft Azure Add-on for Splunk - Almost a 30 day delay

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions