Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

What is the difference between a inputs.conf whitelist and dorp events with Props.conf and Transfroms.conf?

Hi folks, I need a quick clarification, I need to know if I use a whitelist function on inputs.conf I will sa...

by Motivator in

UF status was not connected dashboard

Hi All, we are working on to create a dashboard on UF status connection by using phone home interval in DS using se...

by Path Finder in

Does anyone have an updated Lambda function for handling splunk-logging lambda & Cloudwatch logs?

I have deployed a Lambda function from the "splunk logging" blueprint for collecting VPC Flow logs and Cloudwatch eve...

by New Member in

How to configure hot, warm, and cold buckets?

Hello Splunkers , I have single machine splunk infrastructure. What stanzas I need to provide in indexes.conf for ...

by Path Finder in

Splunk DB connect permission problem

Hello everyone, I am trying to configure Splunk DB connect app, and getting next one error in logs: 2023-01-12T14...

by Contributor in

What are best practices when the timestamp is an integer?

Hi experts, have .CSV file that timestamp is quite a simple integer and its incremental like 1,2,3,,,, I ...

by Splunk Employee in

AWS Add-on 6.3 errors with Generic S3 inputs

We recently updated our AWS Add-on to version 6.3, after which all Generic S3 inputs stopped ingesting. Noticed th...

by Engager in

Syslog UFs unable to connect to Indexers?

We are currently experiencing an issue in our 9.0.2 environment where our syslog UFs are unable to connect to our ind...

by Loves-to-Learn Lots in

Constant HIGH CPU/MEMORY USAGE- How can I bring this down?

We have a stand alone Splunk v8.2.0 deployment. 16vcpu/32GB memory. From other posts here I started looking throug...

by New Member in

Truncate only certain events from a source?

Good day experts, to manage the ingestion volume, I need apply truncation to a source that sends pretty high volume o...

by Engager in

How to remove all words in an event except for certain ones and put them in a table?

I have a event like this 02.09.2022; seller david address 434 xyz house price 20000 [color:green] {noffloors: 5] ...

by Observer in

How do I get Splunk Universal Forwarder for AIX 5.3?

Can someone help to get the Splunk universal forwarder for AIX 5.3 thanks!

by Explorer in

How to solve setnull issue while filtering required events?

Hi , We are getting lot of events into our Splunk which is filling up the our computer disk storage rapidly. ...

by Explorer in

How to verify the repFactor behavior set up in indexes.conf

Hello Splunkers,For a specific index I configured repFactor = auto and I suppose that the logs are exactly the same o...

by Communicator in

Indexer fails to join back cluster due to standalone buckets?

Indexer in the cluster was abruptly shutdown and subsequently fail to join back to the cluster. Please help to provid...

by Splunk Employee in

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

by Path Finder in

HEC event formatting: How to configure Splunk to show only message field and not all fields?

Good evening,With a Java Spring Boot application, I use the library provided by Splunk to send to Splunk the logs usi...

by Loves-to-Learn in

Why License Usage has empty fields?

Hi guys.I was asking why my reports, using license_usage.log from LicenseMaster, for "LicenseUsage" sometimes do not ...

by Contributor in

Why are there completely different formats in same logfile?

Hi all, We have an application which produces logfiles where other logfiles are inserted (they are pulled from std...

by Explorer in

Why did curl failed with error code 56?

I am trying to list existing HEC tokens with curl command as below: curl -k -u admin:<admin_password...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What is the difference between a inputs.conf whitelist and dorp events with Props.conf and Transfroms.conf?

UF status was not connected dashboard

Does anyone have an updated Lambda function for handling splunk-logging lambda & Cloudwatch logs?

How to configure hot, warm, and cold buckets?

Splunk DB connect permission problem

What are best practices when the timestamp is an integer?

AWS Add-on 6.3 errors with Generic S3 inputs

Syslog UFs unable to connect to Indexers?

Constant HIGH CPU/MEMORY USAGE- How can I bring this down?

Truncate only certain events from a source?

How to remove all words in an event except for certain ones and put them in a table?

How do I get Splunk Universal Forwarder for AIX 5.3?

How to solve setnull issue while filtering required events?

How to verify the repFactor behavior set up in indexes.conf

Indexer fails to join back cluster due to standalone buckets?

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

HEC event formatting: How to configure Splunk to show only message field and not all fields?

Why License Usage has empty fields?

Why are there completely different formats in same logfile?

Why did curl failed with error code 56?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Execute script on forwarder with privileges

How to extract required data from the HEC _raw eve...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...