Getting Data In

Community Activity

Running rsyslog and Splunk Enterprise on the same machine Hi, I have a small lab (air gapped) with about 2 Linux servers not including the Splunk server and 25 Windows machin... by jkamdar Communicator in Getting Data In 04-25-2025 0 3	0	3
How to run a scripted input on only one of several heavy forwarders? We have a Splunk app that includes multiple scripted inputs.The app is deployed to 15 heavy forwarders, but we want o... by danielbb Motivator in Getting Data In 04-25-2025 0 4	0	4
_time is being set to mtime instead of parsed event time I have the following source log files:[root@lts-reporting ~]# head /nfs/LTS/splunk/lts12_summary.log2014-07-01T00:00:... by punkle64 Engager in Getting Data In 04-25-2025 0 11	0	11
Please help me out to understand the below configs We have one index os_linux which has 2 source type and i see props and transform is written .can you help me to under... by hemant_lnu Engager in Getting Data In 04-24-2025 0 1	0	1
How to Splunk the SAP Security Audit Log The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the conten... by afx Contributor in Getting Data In 04-24-2025 3 28	3	28
Unable to get logs in splunk from mulesoft Hi, I have created a new token and index in splunk for my mulesoft project.These are the configurations I have done i... by fhatrick Loves-to-Learn in Getting Data In 04-24-2025 0 6	0	6
Akamai add-on logs are not populating. We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ... by Karthikeya Communicator in Getting Data In 04-24-2025 0 2	0	2
Unable to send events through log4j in Spark to Splunk We want to use splunk-library-javalogging to send logs via Log4j to Splunk ServiceEnvironment: Spark with log4j2 in ... by davidco Loves-to-Learn in Getting Data In 04-23-2025 0 5	0	5
Problem with DC windows Secure logs sending Hello team!We have a problem with sending data from several Domain Controllers to our splunk instance. We are collect... by ProPoPop Loves-to-Learn Lots in Getting Data In 04-23-2025 0 2	0	2
How to determine if data sent to HEC came in on Event or Raw endpoint Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really... by gn694 Communicator in Getting Data In 04-23-2025 0 4	0	4
add customerID to incoming data (event & metric) Hello,We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID.I've been ... by Andre_ Path Finder in Getting Data In 04-23-2025 0 2	0	2
CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel. Hi All,Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share your... by becksyboy Contributor in Getting Data In 04-23-2025 0 3	0	3
Palo alto Strata logging service logs Hi, I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON ... by Splunkers2 Observer in Getting Data In 04-23-2025 0 1	0	1
Why is linecount 2 when it's clearly 1? For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case? by danielbb Motivator in Getting Data In 04-22-2025 0 8	0	8
Filter/modify data prior to ingestion? Not sure this is even possible, but I'll ask anyway...I have application(s) that are sending JSON data into Splunk, f... by BogeyMan Loves-to-Learn Lots in Getting Data In 04-22-2025 0 1	0	1
Unable to view value from events Hi,Unsure what is the root cause as i was trying to do some minor adjustment to ignore the [ ] at the transforms.conf... by ws Path Finder in Getting Data In 04-22-2025 0 3	0	3
How to avoid indexing events twice Hi,I'm facing an issue where the same data gets indexed multiple times every time the JSON file is pulled from the FT... by ws Path Finder in Getting Data In 04-22-2025 0 10	0	10
User Disable In earlier versions of splunk i remember there use to be an option to disable active user and it will then show as st... by Mridu27 Engager in Getting Data In 04-22-2025 0 3	0	3
Typo3 logs to Splunk Hi,I need recommendations on typo3 logs source type.Be default, I set source type as "typo3" in inputs.conf but logs ... by tech_g706 Path Finder in Getting Data In 04-21-2025 0 3	0	3
How to split a json array into multiple events? I'm looking for a way to split a JSON array into multiple events, but it keeps getting indexed as a single event.I've... by ws Path Finder in Getting Data In 04-21-2025 0 15	0	15
Inconsistency between search results between Splunk UI and Rest API & REST API itself Hi Community, I'm trying to extract search results using REST API and I'm facing the following problem. 1. I'm using... by siddharth1479 Path Finder in Getting Data In 04-18-2025 1 11	1	11
Edge Processor Destination not showing up in Pipeline I've been writing new pipelines to my Edge Processors when I discovered that no destination values are showing up for... by Bobert Observer in Getting Data In 04-18-2025 0 0	0	0
How can we determine the overall percentage of memory utilization on a Windows server? I've read through some of the Splunk documentation and previously one of my colleagues already configured the "Window... by tangtangtang12 Loves-to-Learn Lots in Getting Data In 04-17-2025 0 2	0	2
HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ? We have 40 dc server sending logs to onprem indexers but i see on Deployment server i can see only on App which has o... by Hemant_h Engager in Getting Data In 04-17-2025 0 2	0	2
Why are we missing Windows "WinEventLog:Security" event logs? I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se... by dionrivera Communicator in Getting Data In 04-17-2025 0 15	0	15