Getting Data In

Discussions

Thread Info

How to make a dashboard from txt health sheets file

Hi, Im really new to the splunk, having problem where i need to make a dashboard from txt health sheets file, could a...

by New Member in

Why my _audit index search are not returning any results?

Hi everyone, I have a Splunk Enterprise standalone instance. It is running on Ubuntu server 14.04.6 LTS. I recent...

by Loves-to-Learn in

Excluding some event log data from being forwarded to the indexers

We have an outside scanning agency that is constantly doing nmap like scans of our perimeter. It is generating a lo...

by Engager in

Why can't Splunk_TA_windows redirect to a custom index?

I have added the latest version of Splunk_TA_windows to my environment using a deployment server.The app has been pus...

by Path Finder in

How do I add addition entry eg. 2000 to the show source dropdown menu?

Hi, How do I add an addition numeric value to the show source dropdown list in version 8.1.6. I would like to add ...

by Path Finder in

How to implement rlog.sh/ausearch utility for an audit.log of different format

Hi all, Please help with the below. I am using rlog.sh (inbuilt script) provided by Splunk in TA-unix package , t...

by Path Finder in

HEC on Heavy forwarder not forwarding to Splunk Cloud

Hi, I have setup a HEC input on a Heavy Forwarder and have a base app for all data outputs to forward to Splunk Clo...

by Communicator in

How do I override field extraction from json?

Hi, I send email data to http event collector in JSON format like this : { "sender-domain":"domain.com", "s...

by Observer in

Can we delete the data from lookup file created ??

Hi.. I have written a shceduled search which will save my data to a csv file..Is ther any query to delete the data...

by Motivator in

Do TRANSFORMS in a source stanza and a sourcetype stanza both apply?

I am thinking of merging a variety of sources being monitored by a Universal Forwarder into a single sourcetype for i...

by Contributor in

How to deal with curly brackets in field names creating a data model?

Hi, I was working with JSON data.(Example here: http://www.splunk.com/web_assets/hunk/Hunkdata.json.gz) The dat...

by Splunk Employee in

Why are we getting a connection issue error for the ta-cisco-webex-meetings-add-on-for-splunk?

We have installed the CISCO WEBEX MEETING ADD ON FOR SPLUNK in the heavy forwarder to on board the logs, but we are g...

by Path Finder in

How do I resolve this jamf data capture error?

Hello. I am using the following Jamf Pro Add-on for Splunk (Version 2.10.4) to import Jamf data.https://splunkbase...

by New Member in

How to narrow Scope of WinNetMon Input to Domain Users?

Hello, Thank you for taking the time to consider my question, I'm currently configuring an custom app to deploy to...

by Path Finder in

How can I exclude data from being ingested by the universal forwarder?

Hello all, I have recently set up Splunk to monitor /var/log/messages. There is one event in this log that I woul...

by Engager in

Why is Splunk UF not able to send log from Solaris sparc OS?

Dears I have installed splunk UF V8.1.3 on Solaris sparc server V11.5.we are not getting any log from those serve...

by Explorer in

Splunk removes data from Index: How to set size limit only for index?

I work at a utility and we have an index that contains SCADA events from the electric system. We have data that g...

by Path Finder in

How do I gather logs from my Solaris instances without a forwarder?

Hi Forum I am looking for advice / suggestions / guidance in relation to gathering logs from my Solaris instances ...

by New Member in

Compare list of used credentials in events with list of total credentials in lookup

I have a lookup of all active credentials from tenable called tio_credentials.csv. I have a search that lists unique ...

by Explorer in

What are SE linux recommendations for splunk forwarder?

Can anyone advise the SE linux configurations for the Splunk universal forwarders ?

by Path Finder in

How to do LDAP audit/access logs integration with Splunk?

Hi team, I am new to Splunk please help me here We have integrated one Algosec application with SPlunk Via Sysl...

by Explorer in

Having trouble with my SC4S configurations for Fortigate

I have setup a SC4S and it has been connected to splunk enterprise. Also I have forwarded the logs from fortigate fir...

by New Member in

Metadata and tstats give different sources: How do I get the list of sources based on the tstats result?

I have two search queries: | metadata index=* type=sources that results in something like the following (under ...

by Path Finder in

How to extract wordcount from Array?

I'm trying to extract the total word count from field1 but am unable to find the correct solution. The format is: ...

by Loves-to-Learn Lots in

How to add 4 hours to each field in this Date time format?

I have this date/time format, I need to add 4 hours to each field, can it be possible? if yes please help me

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to make a dashboard from txt health sheets file

Why my _audit index search are not returning any results?

Excluding some event log data from being forwarded to the indexers

Why can't Splunk_TA_windows redirect to a custom index?

How do I add addition entry eg. 2000 to the show source dropdown menu?

How to implement rlog.sh/ausearch utility for an audit.log of different format

HEC on Heavy forwarder not forwarding to Splunk Cloud

How do I override field extraction from json?

Can we delete the data from lookup file created ??

Do TRANSFORMS in a source stanza and a sourcetype stanza both apply?

How to deal with curly brackets in field names creating a data model?

Why are we getting a connection issue error for the ta-cisco-webex-meetings-add-on-for-splunk?

How do I resolve this jamf data capture error?

How to narrow Scope of WinNetMon Input to Domain Users?

How can I exclude data from being ingested by the universal forwarder?

Why is Splunk UF not able to send log from Solaris sparc OS?

Splunk removes data from Index: How to set size limit only for index?

How do I gather logs from my Solaris instances without a forwarder?

Compare list of used credentials in events with list of total credentials in lookup

What are SE linux recommendations for splunk forwarder?

How to do LDAP audit/access logs integration with Splunk?

Having trouble with my SC4S configurations for Fortigate

Metadata and tstats give different sources: How do I get the list of sources based on the tstats result?

How to extract wordcount from Array?

How to add 4 hours to each field in this Date time format?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions