Getting Data In

Community Activity

Good example of a working custom REST endpoint (but not an admin:* one) I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Not... by sideview SplunkTrust in Getting Data In 04-14-2025 3 4	3	4
Netskope onboarding Hi,I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Splunk cloud... by tech_g706 Path Finder in Getting Data In 04-14-2025 0 2	0	2
cloudwatch logs tagging Expert advice needed.I was able to ingest cloudwatch logs for ecs and lambda with data managerNow i need to add tags ... by okana Loves-to-Learn Lots in Getting Data In 04-14-2025 0 2	0	2
pull Azure event hub logs to Splunk How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh... by splunklearner Communicator in Getting Data In 04-11-2025 0 6	0	6
Why doesn't my Ingest Action work? I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi... by gerrysr6 Explorer in Getting Data In 04-11-2025 0 5	0	5
How do I set up a KV Store lookup? I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku... by danielbb Motivator in Getting Data In 04-11-2025 0 4	0	4
Splunk and Cisco Firepower Audit Logs Hello folks,My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've been ... by b17gunnr Path Finder in Getting Data In 04-11-2025 0 3	0	3
Splunkforwarder Startup Error in Docker containers Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUNK_START_ARGS=--acce... by samuel-devops Explorer in Getting Data In 04-10-2025 1 15	1	15
Turning off chunked encoding in Universal Forwarder Hi,We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is sit... by jni Explorer in Getting Data In 04-10-2025 0 7	0	7
Creating service account in splunk to re-assign the orphaned knowledge object Hi,I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I ne... by man03359 Communicator in Getting Data In 04-10-2025 0 1	0	1
AWS logging to our Splunk AWS logs to SplunkWe need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk instan... by splunklearner Communicator in Getting Data In 04-09-2025 0 10	0	10
Regex for multiline events where skipping lines is required. I have multiline events where it is required to capture the error messages.The events are separated by "FAILED".I nee... by TheJagoff Communicator in Getting Data In 04-09-2025 0 5	0	5
Splunk Data Retention we got a requirement to on-board new platform logs to Splunk. They will have 1.8 TB/day data to be ingested. As of no... by Karthikeya Communicator in Getting Data In 04-08-2025 0 18	0	18
Splunk data retention I was newly aligned into a project and didn't have proper KT from the left ones. I have queries regarding my current ... by Karthikeya Communicator in Getting Data In 04-07-2025 0 5	0	5
Integration document for Cisco Cyber Vision with Splunk I am looking for a document to integrate Cisco cyber vision integration with Splunk. by doli Splunk Employee in Getting Data In 04-07-2025 0 4	0	4
Change index based on source and index from different environments Hello,we have Windows servers from two environments, we want WinEventLog source (Windows Events logs) to go in "windo... by splunkreal Motivator in Getting Data In 04-07-2025 0 5	0	5
Can I bring the logs to see if a user on Azure has MFA enabled? HI everyone,I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azure ... by toporagno Explorer in Getting Data In 04-06-2025 0 1	0	1
Splunk UF version 9.4.1 install issue OS Version: Server 2019I'm trying to install Splunk UF in my test lab. Using the GUI install, I put all the necessary... by christal654 Observer in Getting Data In 04-05-2025 0 5	0	5
Syslog-ng error Hi,I setup the syslog-ng to receive syslog from devices and splunk HF on the same server will read those logs files.H... by tech_g706 Path Finder in Getting Data In 04-05-2025 0 3	0	3
Having multiple Forwarders sharing the same Instance GUID As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of... by Na_Kang_Lim Path Finder in Getting Data In 04-04-2025 0 9	0	9
Change initial date then stop ingestion I have disabled input (generic S3) of aws add-on for a year. After I enable it, it ingests old data so I disable it a... by karn Path Finder in Getting Data In 04-03-2025 0 2	0	2
Ingesting application logs from Docker container into Splunk Cloud Hi everyone,I'm seeking advice on the best way to send application logs from our client's Docker containers into a Sp... by tawm_12 Engager in Getting Data In 04-02-2025 0 2	0	2
How to solve duplicate GUIDs of Forwarders? As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of... by Na_Kang_Lim Path Finder in Getting Data In 04-02-2025 0 1	0	1
How to convert "data" Field to "event" in Splunk HTTP Event Collector (HEC)? I'm ingesting data into Splunk via the HTTP Event Collector (HEC), but the data is wrapped inside a "data" key instea... by bhavesh0124 Explorer in Getting Data In 04-02-2025 0 5	0	5
Akamai WAF integration with Splunk I have installed akamai add on for splunk in our HF. https://splunkbase.splunk.com/app/4310 I followed the documentat... by jitbahan New Member in Getting Data In 04-02-2025 0 7	0	7