Getting Data In

Discussions

Thread Info

Splunk Could Not Get Description for Event

I've seen this on some older posts, but I am currently battling this issue. For some hosts, restarting it makes the l...

by Path Finder in

Can the Universal Forwarder process core-dumps?

Sometimes our application dumps core (duh!), and we'd like the output of gdb -ex "bt full" -ex quit corefile to be fo...

by Path Finder in

How to combine two queries

Hi All,I have 2 different queries and I want to combine their results. These 2 queries return a single value output I...

by Path Finder in

Wrong JSON value extracted by query

I am running following query where in the last I would like to fetch value of "Client" key from json and count all s...

by Path Finder in

Creating a sourcetype keeps failing

I have a sourcetype that I have been trying to break my logs apart, but I keep getting: Failed to parse timestamp: ...

by Engager in

How to route to an Index based on SourceType AND Host combination in inputs.conf?

I have a setup as Universal Forwarder (UF) - Heavy Forwarder (HF) - Indexer - Search Head (SH). Where multiple UF ar...

by Explorer in

How to restrict UF to not to collect logs older than X Days

Hi SMEs, I need to configure UF to restrict not to collect logs older than X Days. Is it feasible than how? A...

by Path Finder in

Why is Input not working?

Hey Guys.I have a input that is refusing to work.The input that doesnt work is this fortigate one: This one on...

by Path Finder in

How to set at the same time in transforms.conf a new index and set a new metadata based on the host name?

Hi, I need to set at the same time in transforms.conf a new index and set a new metadata based on the host name. ...

by Engager in

Handling intermediary forwarders that are deployed as code

Hi all, new to splunk, we are regularly burning down our heavy forwarders and as such the IPs change regularly. I nee...

by Explorer in

How to create a dashboard studio chain search with dropdown token?

Background I would like to create a dashboard with dropdowns that allow underlying queries to create chart to filter ...

by Loves-to-Learn in

Indexing same file: crcSalt = <SOURCE> not working as expected

Hello everybody, I need to ingest into Splunk a CSV file containing an inventory of mobile devices. The HF that mon...

by Path Finder in

Why is windows log going to the wrong sourcetype?

Logs are going to source= WinEventLog:Application and sourcetype="WinEventLog" instead of source="WinEventLog:Securit...

by Explorer in

How do I add a new role via REST API?

Hi, How could I add a new role via REST API ? When I try to send the following HTTP POST via Postman: URL: ...

by Explorer in

Why are JSON Wrapped Windows Logs not being read as JSON by "Add Data"?

Hey, I'm very experienced using Splunk as an analyst, but not at all experienced on the admin side of things, but am ...

by Engager in

How to get JSON response from Splunk web query?

I need to get the JSON response for a Splunk API call for a data model. Is there a way to retrieve this information v...

by Communicator in

Missing "Message" field

We are moving away from using Windows Event Collection to installing the Universal Forwarder on as many Windows machi...

by Explorer in

How to write in props.conf so that the _time field takes time from the unixTime field?

Hello colleagues, I would like to know I have events where there is a unixTime field. But the _time field does not...

by Communicator in

Need help parsing and extracting MongoDB JSON log in Splunk

Hi, I need some help. We have been using Splunk for MongoDB alert for a while, now the new MongoDB version we are...

by Observer in

Data Onboarding issue- unable to see the data in splunk

Hello All, I have configured the inputs and props but unable to see the data in splunk. I have around 20 monito...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Could Not Get Description for Event

Can the Universal Forwarder process core-dumps?

How to combine two queries

Wrong JSON value extracted by query

Creating a sourcetype keeps failing

How to route to an Index based on SourceType AND Host combination in inputs.conf?

How to restrict UF to not to collect logs older than X Days

Why is Input not working?

How to set at the same time in transforms.conf a new index and set a new metadata based on the host name?

Handling intermediary forwarders that are deployed as code

How to create a dashboard studio chain search with dropdown token?

Indexing same file: crcSalt = <SOURCE> not working as expected

Why is windows log going to the wrong sourcetype?

How do I add a new role via REST API?

Why are JSON Wrapped Windows Logs not being read as JSON by "Add Data"?

How to get JSON response from Splunk web query?

Missing "Message" field

How to write in props.conf so that the _time field takes time from the unixTime field?

Need help parsing and extracting MongoDB JSON log in Splunk

Data Onboarding issue- unable to see the data in splunk

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Wineventlog input stanza blacklist doesn't work

Data Stream Processor in Splunk Cloud

Splunk_TA_nix awk: record `HARD_DRIVES ssd2262 ......

Heavy Forwarders randomly shuts down one of its pa...

How to filter input netflow data?