Getting Data In

Discussions

Thread Info

How to ingest Windows process Command Line arguments?

We are about to start ingesting Windows process command line arguments. Within the Microsoft article, it states that ...

by Engager in

Can Heavy Forwarder write syslog data locally ?

I have configured Heavy Forwarder to collect and forward syslog data to our Splunk Indexers. We purposely don't wish ...

by Contributor in

DHCP server log time parsing issue- why is this happening?

Hi All, we have onboarded windows DHCP servers on splunk cloud by installing UFs on each server. DHCP server write...

by Path Finder in

While searching DHCP logs there are huge latency (indextime -time) for few events

Hi SMEs, i have quick query here. While searching DHCP logs i could see huge latency (indextime -time) for few events...

by Path Finder in

Why is SC4S UDP data send not working?

Hello All, I am working on the installing and getting data In for SC4S(Splunk connect for Syslog). For installa...

by Communicator in

Is SQL team (2017) compatible with splunk db connect?

Hello Guys, We have to integrate one of the SQL server with Splunk and the current version is SQL 2012. We are u...

by Path Finder in

Why is JSON Event Data Showing Duplicate Values?

Hi, I'm trying to ingest json data but it showing data twice for each event field. I used below in props.conf and ...

by Path Finder in

How logging from different sources works when there is network outage?

Hi Splunkers, I would like to know what happens to logging in below scenarios when there is an outage. I would like...

by Loves-to-Learn in

How to log Cloudtrail logs from multiple AWS accounts?

Hi Splunkers, I have to create an alert when there is a root user login in AWS. For this, I am ingesting cloudtrail...

by Loves-to-Learn in

Why am I seeing this message "forwarding data over HTTP is only supported on Universal Forwarders"?

Hi All, We just upgraded our HWF to version 8.2.5 and now when we start splunk we get this this message: "ERROR...

by Path Finder in

Why do the indexed files still have the wrong timestamp after editing the props.conf file?

Hi,I can't get Splunk to use the content of timestamp_start as _time.This is an example of log:canale=<value>;an=<va...

by New Member in

How to edit props and transforms to route data to an index based field?

Hi, I'm trying to route data to a specific index based on a value in a field. I have a series of data that look...

by Path Finder in

Splunk Cloud - How to generate list of deployed apps/TA's on indexers?

Using Splunk Cloud and management made the decision to send from UF's straight to Splunk Cloud indexers. As such, ha...

by Explorer in

How to use config to get rid of multipath error?

Hi Splunkers! I have a problem with props.conf and tranforms.conf I face with this error in Linux Servers. ...

by Path Finder in

Splunk forwarder

How to check inputs.conf file to see the how the log files are being sent to splunk. How to check forwarder is...

by Path Finder in

Why is Syndication input repeating events?

Hi all, I'm using the syndication component (latest version), to fetch data from multiple feeds: https://www.cl...

by Engager in

How to keep original sourcetype in summary index?

I have multiple scheduled searches that run on large indexes and save the results to a summary index. There is no agg...

by Explorer in

How to locate Port for o365 add-on

Hi, I'm setting up the splunk add-on for o365 and as stated in the Splunk documentation i have to allow the commun...

by Path Finder in

How to test powershell scripts with Splunk environment

Hi, i am trying to create an add on that runs a powershell script to perform some actions. Since i dont want to ha...

by Observer in

Help with universal Forwarder not forwarding logs

I am operating in an environment with a standalone Splunk Enterprise instance running v8.1.3 on RHEL. In my environm...

by Path Finder in

How to Visualize Performance Metrics using IT essentials Work?

Hello, Thank you for taking the time to consider my question. I'm trying to visualize the health of several window...

by Explorer in

How to create an alert when a new forwarder is added to deployment server?

I'm looking for a way to report/alert anytime a new forwarder is added to my deployment server. I've tried searching ...

by Path Finder in

Why are all events being filter except for EventCode 0 when filtering Windows Events?

Hi I'm filtering windows events from the Heavy Forwarder, everything works fine, all events are filtered except fo...

by Builder in

Has Anyone Integrated DynaTrace Data into Splunk?

Are you able to capture client-side events? Has integrating DynaTrace data added more visibility into your operati...

by SplunkTrust in

Getting Data to Splunk from clients outside our LAN

I am trying to setup our Splunk architecture to be able to receive events from clients/workstations outside our local...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to ingest Windows process Command Line arguments?

Can Heavy Forwarder write syslog data locally ?

DHCP server log time parsing issue- why is this happening?

While searching DHCP logs there are huge latency (indextime -time) for few events

Why is SC4S UDP data send not working?

Is SQL team (2017) compatible with splunk db connect?

Why is JSON Event Data Showing Duplicate Values?

How logging from different sources works when there is network outage?

How to log Cloudtrail logs from multiple AWS accounts?

Why am I seeing this message "forwarding data over HTTP is only supported on Universal Forwarders"?

Why do the indexed files still have the wrong timestamp after editing the props.conf file?

How to edit props and transforms to route data to an index based field?

Splunk Cloud - How to generate list of deployed apps/TA's on indexers?

How to use config to get rid of multipath error?

Splunk forwarder

Why is Syndication input repeating events?

How to keep original sourcetype in summary index?

How to locate Port for o365 add-on

How to test powershell scripts with Splunk environment

Help with universal Forwarder not forwarding logs

How to Visualize Performance Metrics using IT essentials Work?

How to create an alert when a new forwarder is added to deployment server?

Why are all events being filter except for EventCode 0 when filtering Windows Events?

Has Anyone Integrated DynaTrace Data into Splunk?

Getting Data to Splunk from clients outside our LAN

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions