Getting Data In

Thread Info

Microsoft Azure Add-on for Splunk - Almost a 30 day delay

The Azure Add on seems to be working well with the exception of how behind it is. Specifically for the signins (sourc...

by Explorer in

Index gzipped files without .gz extension

Hi, I am trying to index gzipped files that do not have the .gz extension on a window universal forwarder. Fir...

by Motivator in

Ping identity data from Cloud console to Splunk

Hello Splunkers, has any one done getting ping identity ( SAS) data from from portal to Splunk On-prem if you ha...

by Observer in

Using HEC with props.conf and transforms.conf

Hi there, I'm experiencing difficulty in discarding certain events while they're passing through my heavyweight fo...

by New Member in

Can I deny a specific sourcetype from receiving http event collector events?

We have a team that are sending far too many wasteful logs to us for a specific sourcetype. It's going to take them ...

by Contributor in

Can UF still forward data if license expire?

Hello could you please help me to have better understanding of UF. Can we still use Splunk UF even after the end da...

by Engager in

Which add-on for o365 and Azure log collection?

Hi all, I am planning on integrating o365 and Azure cloud services to my Splunk on-prem environment. Now there ar...

by Path Finder in

Setup assistance - Panorama to UF with syslog-ng to Splunk Enterprise at AWS

Hi all! I've always had a pretty straight forward approach to bringing in my Palo logs straight to an on-prem Search ...

by Path Finder in

Search api configuration to query another instance of splunk?

https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTTUT/RESTsearches i can see through search API provided by Splu...

by Loves-to-Learn in

Injesting data through search api?

Is there any way we can inject data to one running Splunk enterprise(on premise) to another through search API? I can...

by Loves-to-Learn in

implications of changing the configurations of an indexed file

Hi splunk community! Im new to splunk here so im not very clear on the consequences of updating indexes 1. For exam...

by Explorer in

Why I'm getting xmlwineventlog?

Hello, I'm trying to get windows data from a couple servers. But instead of receiving wineventlogs I'm getting xml...

by Explorer in

Splunk Indexer Parsing Queue Blocking

Hello, I just recently restarted my splunk enterprise instance in order to add an app and once it was back up, i no...

by Explorer in

Is this a correct way to measure AWS CloudTrail ingest lag?

Using the following search, I'm seeing AWS CloudTrail ingest lag between 4 and 9 hours. index=ibp_aws sourcetype=a...

by Path Finder in

SC4S onboarding

Hello, I am new to Splunk and working on getting SC4S setup correctly. My question is where do I setup the SC4S ...

by Path Finder in

Data fields in Microsoft Office 365 Reporting Add-on for Splunk

Hi, I have created an app in Azure given the permissions to the Office 365 management activity API and also created...

by New Member in

Cannot forward one specific index between indexers

I'm working on an indexer to try to forward all data ingested with IT Essentials Work + Splunk Add-on for Unix & Linu...

by Explorer in

Tutorial Data upload

Ive uploaded the Splunk tutorial data successfully into my Splunk enterprise instance. There is also a prices.csv.zi...

by New Member in

AS400 and Splunk Integration

Hi Splunkers, Is it feasible to collect data from a DB2/AS400 server using Splunk? i.e. to collect required data ...

by Explorer in

wmi WQL query using hostname variable

I am trying to get data into Splunk to show the members of the local / builtin windows groups. In particular "Adminis...

by Engager in

forward index to new index

I inherited an old splunk environment where all data was indexed into the main index. I have setup a new environment ...

by Explorer in

Troubleshooting a file monitor on Universal Forwarder

I currently have a Universal Forwarder running on a linux syslog server with a bunch of file monitors in place such a...

by Path Finder in

Retrieving the "tag" and line "field" in docker logs (http collector / json format)

Hi,I am using Splunk 8.2.1 and I have configured the docker daemon to send logs to Splunk via an HTTP collector.I hav...

by Observer in

How to add and parse XML data in Splunk?

how parsing xml data ? <v8e:Event> <v8e:Level>Information</v8e:Level> <v8e:Date>2022-...

by Communicator in

send a subset of logs via syslog to a Third Party and all logs to Indexer

Hi at all, I have a problem that is described many times in Splunk docs but I didn't find my Use Case: I have to ...

by SplunkTrust in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Microsoft Azure Add-on for Splunk - Almost a 30 day delay

Index gzipped files without .gz extension

Ping identity data from Cloud console to Splunk

Using HEC with props.conf and transforms.conf

Can I deny a specific sourcetype from receiving http event collector events?

Can UF still forward data if license expire?

Which add-on for o365 and Azure log collection?

Setup assistance - Panorama to UF with syslog-ng to Splunk Enterprise at AWS

Search api configuration to query another instance of splunk?

Injesting data through search api?

implications of changing the configurations of an indexed file

Why I'm getting xmlwineventlog?

Splunk Indexer Parsing Queue Blocking

Is this a correct way to measure AWS CloudTrail ingest lag?

SC4S onboarding

Data fields in Microsoft Office 365 Reporting Add-on for Splunk

Cannot forward one specific index between indexers

Tutorial Data upload

AS400 and Splunk Integration

wmi WQL query using hostname variable

forward index to new index

Troubleshooting a file monitor on Universal Forwarder

Retrieving the "tag" and line "field" in docker logs (http collector / json format)

How to add and parse XML data in Splunk?

send a subset of logs via syslog to a Third Party and all logs to Indexer

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions