Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to parse the Docker json logs?

Hi, This is the log sent from Docker ("log":"[21:52:02] [/home/a143519/.local/share/code-server/extensions/ms-too...

by Path Finder in

What changes we need to get the data into test index?

Hi, While trying to configure the rapid7intsightsvm app the data is not indexing to index which I have configured...

by Communicator in

WinEventLog:Security EventCode 4732 Name instead of SID in Splunk- How can I view the account or username?

Hello, I have all auditing enabled via GPO and I am getting WinEventLog:Security logs in Splunk. I am attempting ...

by Explorer in

Where can I find OS compatibility matrix for Universal Forwarders?

The closest document I could find to an Operating System to Universal Forwarder version compatibility is the download...

by Path Finder in

Why are Splunk some logs missing from kiwi syslog?

Hello everyone I am running into an issue that may be either Splunk or my Kiwi Syslog server, and I am not really sur...

by Engager in

Is there documentation for an Icons list we can include in a Dashboard Panel?

Hello.Is there a documentation to have a full visual list, how many and which icons, Splunk Enterprise includes in it...

by Contributor in

Blacklisting in [WinEventLog://Security]

Im looking to drop EventID 4673 where the action=failure Here is an example log 3/15/2023 02:51:42 PM LogName...

by Explorer in

Why are we missing Windows "WinEventLog:Security" event logs?

I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se...

by Path Finder in

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we s...

by New Member in

Search to get difference of data from current month and previous month?

Hi Legends, I want to know is this type of splunk query possible to create? We want a query which will pull 2 t...

by Explorer in

AWS CloudTrail SQS Based S3 error?

Hi, I tried to configure CloudTrail SQS Based S3 and I got the following message: "Warning: This message does n...

by Loves-to-Learn in

Is there any way in which we can download the apps from splunk base without having to manually download the tar file?

Hi We are planning to automate the Splunk application installation and configuration process for quicker provision...

by Explorer in

Looking for solutions for Linux/Unix Auditing?

Fairly new Splunk user here looking for Linux auditing solutions. I am running a disconnected version of Splunk Ente...

by Explorer in

High CPU utilization with splunk 9.x ( mainly windows UF)

After upgrade to 9.x, higher cpu utilization.

by Splunk Employee in

Timestamp parsing from filename

Hi I want to write the props for below logs. Actually the logs are coming with no timestamp and the file name hav...

by Path Finder in

Way to exclude ingestion of events for a specific IP address from a SourceType?

When I try use : transforms.conf [setnull] REGEX = 192\.168\.1\.50, 172\.16\.1\.50 DEST_KEY = queue FORMAT =...

by Loves-to-Learn Lots in

What version of Splunk is the Splunk UF Daylight Savings Time bug fixed in?

Good day. I have looked in the community posts and know that there is a daylight savings time bug in some Splunk UF'...

by Loves-to-Learn in

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

Hello, I have a scripted input with a CRON set to 50 5-23 * * * so that it "sleeps" between the hours of midnight a...

by Motivator in

DB Connect replacing trailing Zero's?

Hi Has anyone seen this before, I'm using DB connect to pull data in from a MySQL db, and this is the results show...

by Explorer in

Get Blob Data W/O Key or SAS Token (use service account)?

Hi All,One of our team just asked me about pulling logs in from an Azure blob container. I read his doc about using a...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to parse the Docker json logs?

What changes we need to get the data into test index?

WinEventLog:Security EventCode 4732 Name instead of SID in Splunk- How can I view the account or username?

Where can I find OS compatibility matrix for Universal Forwarders?

Why are Splunk some logs missing from kiwi syslog?

Is there documentation for an Icons list we can include in a Dashboard Panel?

Blacklisting in [WinEventLog://Security]

Why are we missing Windows "WinEventLog:Security" event logs?

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

Search to get difference of data from current month and previous month?

AWS CloudTrail SQS Based S3 error?

Is there any way in which we can download the apps from splunk base without having to manually download the tar file?

Looking for solutions for Linux/Unix Auditing?

High CPU utilization with splunk 9.x ( mainly windows UF)

Timestamp parsing from filename

Way to exclude ingestion of events for a specific IP address from a SourceType?

What version of Splunk is the Splunk UF Daylight Savings Time bug fixed in?

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

DB Connect replacing trailing Zero's?

Get Blob Data W/O Key or SAS Token (use service account)?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...

Connection error with Splunk HEC data input?

How do I effectively filter information?

How to determine which events came from HEC?