Getting Data In

Community Activity

How do I set up a KV Store lookup? I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku... by danielbb Motivator in Getting Data In 04-11-2025 0 4	0	4
Splunk and Cisco Firepower Audit Logs Hello folks,My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've been ... by b17gunnr Path Finder in Getting Data In 04-11-2025 0 3	0	3
Splunkforwarder Startup Error in Docker containers Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUNK_START_ARGS=--acce... by samuel-devops Explorer in Getting Data In 04-10-2025 1 15	1	15
Turning off chunked encoding in Universal Forwarder Hi,We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is sit... by jni Explorer in Getting Data In 04-10-2025 0 7	0	7
Creating service account in splunk to re-assign the orphaned knowledge object Hi,I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I ne... by man03359 Communicator in Getting Data In 04-10-2025 0 1	0	1
AWS logging to our Splunk AWS logs to SplunkWe need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk instan... by splunklearner Communicator in Getting Data In 04-09-2025 0 10	0	10
Regex for multiline events where skipping lines is required. I have multiline events where it is required to capture the error messages.The events are separated by "FAILED".I nee... by TheJagoff Communicator in Getting Data In 04-09-2025 0 5	0	5
Splunk Data Retention we got a requirement to on-board new platform logs to Splunk. They will have 1.8 TB/day data to be ingested. As of no... by Karthikeya Communicator in Getting Data In 04-08-2025 0 18	0	18
Splunk data retention I was newly aligned into a project and didn't have proper KT from the left ones. I have queries regarding my current ... by Karthikeya Communicator in Getting Data In 04-07-2025 0 5	0	5
Integration document for Cisco Cyber Vision with Splunk I am looking for a document to integrate Cisco cyber vision integration with Splunk. by doli Splunk Employee in Getting Data In 04-07-2025 0 4	0	4
Change index based on source and index from different environments Hello,we have Windows servers from two environments, we want WinEventLog source (Windows Events logs) to go in "windo... by splunkreal Motivator in Getting Data In 04-07-2025 0 5	0	5
Can I bring the logs to see if a user on Azure has MFA enabled? HI everyone,I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azure ... by toporagno Explorer in Getting Data In 04-06-2025 0 1	0	1
Splunk UF version 9.4.1 install issue OS Version: Server 2019I'm trying to install Splunk UF in my test lab. Using the GUI install, I put all the necessary... by christal654 Observer in Getting Data In 04-05-2025 0 5	0	5
Syslog-ng error Hi,I setup the syslog-ng to receive syslog from devices and splunk HF on the same server will read those logs files.H... by tech_g706 Path Finder in Getting Data In 04-05-2025 0 3	0	3
Having multiple Forwarders sharing the same Instance GUID As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of... by Na_Kang_Lim Path Finder in Getting Data In 04-04-2025 0 9	0	9
Change initial date then stop ingestion I have disabled input (generic S3) of aws add-on for a year. After I enable it, it ingests old data so I disable it a... by karn Path Finder in Getting Data In 04-03-2025 0 2	0	2
Ingesting application logs from Docker container into Splunk Cloud Hi everyone,I'm seeking advice on the best way to send application logs from our client's Docker containers into a Sp... by tawm_12 Engager in Getting Data In 04-02-2025 0 2	0	2
How to solve duplicate GUIDs of Forwarders? As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of... by Na_Kang_Lim Path Finder in Getting Data In 04-02-2025 0 1	0	1
How to convert "data" Field to "event" in Splunk HTTP Event Collector (HEC)? I'm ingesting data into Splunk via the HTTP Event Collector (HEC), but the data is wrapped inside a "data" key instea... by bhavesh0124 Explorer in Getting Data In 04-02-2025 0 5	0	5
Akamai WAF integration with Splunk I have installed akamai add on for splunk in our HF. https://splunkbase.splunk.com/app/4310 I followed the documentat... by jitbahan New Member in Getting Data In 04-02-2025 0 7	0	7
Windows splunk_wmi.exe Hi,Windows UF stopped sending events. I saw this event in _internal index'message from ""C:\Program Files\SplunkUnive... by zafar Engager in Getting Data In 04-02-2025 0 3	0	3
Very long log events coming over syslog 514/udp are cut HelloHas anyone encountered the situation of incomplete log transmission using UDP 514? Would changing to TCP be usef... by Zoe_ Observer in Getting Data In 04-01-2025 0 2	0	2
Universal Forwarders stopped sending data to Heavy Forwarders over HTTP after upgrading Heavy Forwarders to 9.3.x Hi,We recently upgraded the Heavy Forwarders (HF) of our Splunk Enterprise. After the upgrade the Universal Forwarder... by ArtieZ Loves-to-Learn Everything in Getting Data In 03-31-2025 0 8	0	8
DB Connect SQL Procedures I've been using dbxquery connection=my_connection procedure=my_procedure to build reports and a few that my DBAs have... by Kyles Observer in Getting Data In 03-31-2025 0 1	0	1
Issue with props.conf and transforms.conf – Port-Based Filtering Not Working Dear Splunk Support,I am encountering an issue while configuring Splunk to filter logs based on specific ports (21, 2... by Namchin_Bar New Member in Getting Data In 03-31-2025 0 2	0	2