Getting Data In

Discussions

Thread Info

Indexed logs and subset of logs into different indexes

Hi All, I am onboarding data from a heavy forwarder using Splunk TA. Is it possible to 1) index all logs into one...

by Communicator in

Compare CSV file and indexed data

How can I compare CSV file test.csv with one column, lets name the column"DNS" to index=myindex with field name "host...

by Explorer in

Command modular shell script's curl request returning exit code 77 when using https.

Hi, I have a command modular input, which calls a shell script. There is a curl HTTPS command in the script. I am a...

by Engager in

Best way to get Windows DHCP logs to Splunk

Hello, I am trying to get Windows DHCP logs to Splunk and trying to use below way to get the same, but wanted to lo...

by Explorer in

Not received logs form UF to splunk cloud

Hi All, Splunk cloud is not receiving the logs form Windows Universal Forwarder. I see the below logs from Splunkd...

by Path Finder in

Splunk Log File Monitoring

Hi Folks,We have log file monitoring of one of the text file , and that text file getting updated once in a week. The...

by SplunkTrust in

Choose correct number of indexes for good performance.

Hello Splunk community, Let's say my input to Splunk is three csv files that use the following schema. Each csv pop...

by Explorer in

splunk forwarder not send data to python socket.io

Hi i hope everyone will be fine.i am facing issue .I am forwarding logs to third party like port of any system.i seen...

by Loves-to-Learn Everything in

Indexer cluster infra migration query

Hi All, We are embarking on moving our Splunk 8.1.3 servers from old version of RHEL to new RHEL servers. The serve...

by Communicator in

Is it possible to configure a redundant Splunk server in outputs.conf?

Hi all, Currently have setup multiple Splunk servers configured in outputs.conf for the universal forwarders but I ...

by Engager in

Failed to add the same UDP port

udp7511 syslog transmission was set up on three firewalls.The same port is not registered on the splank web.I used th...

by Path Finder in

Would Multiple Enterprise Security Splunk Instances Affect Indexing?

Currently working on a project where instead of dedicating only a single instance of Splunk only for ES they actually...

by Path Finder in

UF data going to wrong index

I have a UF on an rsyslog server. The UF is forwarding logs to the indexer successfully, but one of my two input flow...

by Path Finder in

Updated: Help in event break for json file

Hi,Updated:I am trying to break events which is in nested json. Each events start with { "links": I have almost g...

by Builder in

HEC Events not indexing

I'm learning how to use the HTTP Event collector, but no events ever show up in search. I have the inputs enabled and...

by Loves-to-Learn Lots in

Append data to logs matching regex

Hi i'm looking to use a heavy forwarder to append a string to specific log messages. Im following the guide here http...

by New Member in

Extract fields from CSV log file without header

Hello, I have a CSV file in this form : 2021-08-30 15:45:32;MOZILLA;j.dupont;FR6741557ERF;1.1.1.1;CONNEXI...

by Path Finder in

splunk index logs from network drive

i wish to index all the log files in the network drive Y but i am getting the error msg - In handler'monitor':Paramet...

by Explorer in

Searchtime extractions

Hey, We have cisco:esa:cef coming in and whilst we are getting the extractions we need from the main part of t...

by Loves-to-Learn Everything in

Updating Forwarder Credentials

Hi all. We received a bulletin that our UF certificates were expiring. I downloaded the credentials package and ins...

by Explorer in

How to execute searches with auth token, using the Webtools Add-on

Hi @jkat54, thank you for creating this wonderful app. I have a use case that requires executing remote searches...

by Explorer in

How to view status of indexing of evtx files in a folder

I am using Splunk to review logs from disconnected systems. We have the users export the evtx files and send them to...

by Explorer in

Output and deployment client configs constantly overwritten

I have a single-instance Splunk setup with a handful of Universal Forwarders sending in data. There was previously a ...

by Path Finder in

Json datas selection and meta removal

Hye. The situation : an instance of Splunk standalone (test platform), and an UF.The data : JSON Stream with multi...

by Engager in

How to parse logs with a mix of JSON and non-JSON

Hi. I have log source that has a mix of various field types and then a larger nested JSON payload. I can't quite wr...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Indexed logs and subset of logs into different indexes

Compare CSV file and indexed data

Command modular shell script's curl request returning exit code 77 when using https.

Best way to get Windows DHCP logs to Splunk

Not received logs form UF to splunk cloud

Splunk Log File Monitoring

Choose correct number of indexes for good performance.

splunk forwarder not send data to python socket.io

Indexer cluster infra migration query

Is it possible to configure a redundant Splunk server in outputs.conf?

Failed to add the same UDP port

Would Multiple Enterprise Security Splunk Instances Affect Indexing?

UF data going to wrong index

Updated: Help in event break for json file

HEC Events not indexing

Append data to logs matching regex

Extract fields from CSV log file without header

splunk index logs from network drive

Searchtime extractions

Updating Forwarder Credentials

How to execute searches with auth token, using the Webtools Add-on

How to view status of indexing of evtx files in a folder

Output and deployment client configs constantly overwritten

Json datas selection and meta removal

How to parse logs with a mix of JSON and non-JSON

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Assign to missing timestamp event previous event t...

Capture data from single index and differentiate l...

Deployment server for heavy forwarders best practi...

[Cohesity Add-on] Extension with “Protection Runs”...

Splunk VMware OVA for ITSI vs Splunk OVA for VMwar...