Getting Data In

Discussions

Thread Info

F5 BIG-IP linebreaking

Hi Splunkers! I have a problem with line breaking in Splunk add-on F5-bigip. I've tried some regex to break the lin...

by Path Finder in

Splunk Log4J2 Appender in Spring Boot with Maven

I have a simple Maven configuration where I know the following is on the classpath (I can verify it at runtime before...

by Explorer in

Ingesting XML and Classic WinEventLogs issue (renderXml=false)

I've recently updated the Splunk_TA_windows from version 4.1.8 to version 8.12. As I went through the documentation I...

by Engager in

How to index Kubernetes STDOUT data in Splunk?

Need your help, Can you please tell us, how to receive Kubernetes STDOUT data in Splunk Enterprise? Kubernetes is ...

by Builder in

Salesforce AsyncApexJob only ingests once

I feel like this is a known issue & I feel like it's been around for a while, reaching out to see if anyone has worke...

by Explorer in

Syslog-NG: Two Destinations but different syslog messages

I am trying to control ingest rate into Splunk Cloud. I have some firewalls that are very chatty. The firewalls thems...

by Explorer in

malformedEventIndex, how to troubleshoot and fix logs ending up here

Hello all, I created a malformedEventIndex ( malformedevent), per inputs.conf. I see 400 million+/day from thousan...

by Explorer in

How to monitor a script which never stop ?

Hello, I have a script which always up and must never stopped. And I want to know how to deal with it in the inputs...

by Builder in

Difference between AD logs from M365 add-on app and Azure add-on app

Hey all, Is it possible for an overlap of Azure AD sign-ins? I don't want to have duplicate logs and wasting ingest...

by Loves-to-Learn in

Permissions for Linux forwarder on .gz log files

Hi everyone, I want to monitor files on a Linux server. Every hours (at minute 59), a file DATE.log is compressed i...

by Engager in

Why is stream:http not showing

I'm very new too splunk and using the botsv1-attack-only file to begin learning, please be gentle. When I do an i...

by New Member in

Newbie question: Push changes from UI to Indexers

I used Azure/Splunk Enterprise deployment to set up Splunk on my Azure instance. I then did this: Settings > Show...

by Explorer in

Filter an event where first 2 characters are in uppercase

I am ingesting a text file and I have created a field called Flag. I am looking to create a filter which only shows m...

by Communicator in

Does Splunk Http Event Collector supports Server Name Indication (SNI)?

We have a requirement to collect the logs using client Certs (mTLS) authentication, and we are using Splunk HTTP Even...

by New Member in

splunk data input

This is data file( ip -- [time] text &&& ip -- [time] text &&& ip -- [time] text &&&) 41.146.8.66 - - [13/Jan/2016 ...

by Explorer in

Importing CSV field into an existing index field

I've recently installed an add on in my dev instance which created various fields, including user and NormalizedUser....

by Explorer in

how to change timezone for splunk-add-onn for google cloud platform

hi, please i would like to ask for help to determine how to convert the timezone of events i am indexing with the gcp...

by Explorer in

Splunk log masking regex help

Hi, We have this same log entry, 2021-09-14 13:20:08.325 DEBUG [,88538eaa548c8b64,88538eaa548c8b64,true] 1 --...

by Path Finder in

Heavy forwarder

we have indexer , search head and heavy forwarder in a vessel , the heavy forwarder will send the data to a head offi...

by New Member in

Alerts data model

Hi, I'am trying to map alerts for mitre_technique_id from one of my APIs, and I see a strange behaviour from splunk...

by New Member in

Read from inputs.conf file

Hi there, I want to be able to allow a dashboard of my app read the hostname stored in inputs.conf, which is provid...

by Path Finder in

Getting data from dynamodb to Splunk

Hello, what is the best way to get data from dynamoDB to Splunk?

by Explorer in

onboarding azure signin logs to splunk

I want to onboard azure signin logs to my splunk. I installed MS azure add-on for splunk on one HF and completed the ...

by Engager in

Log Ingestion - Custom Log Source

Good morning everyone, I am trying to ingest a log that does not roll over after a new, only when the service t...

by Communicator in

Upload csv file with escaped quotes

Hello together, I have a csv file which looks like this: "Time";"Comment" "15:53:21";"Here stands something...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

F5 BIG-IP linebreaking

Splunk Log4J2 Appender in Spring Boot with Maven

Ingesting XML and Classic WinEventLogs issue (renderXml=false)

How to index Kubernetes STDOUT data in Splunk?

Salesforce AsyncApexJob only ingests once

Syslog-NG: Two Destinations but different syslog messages

malformedEventIndex, how to troubleshoot and fix logs ending up here

How to monitor a script which never stop ?

Difference between AD logs from M365 add-on app and Azure add-on app

Permissions for Linux forwarder on .gz log files

Why is stream:http not showing

Newbie question: Push changes from UI to Indexers

Filter an event where first 2 characters are in uppercase

Does Splunk Http Event Collector supports Server Name Indication (SNI)?

splunk data input

Importing CSV field into an existing index field

how to change timezone for splunk-add-onn for google cloud platform

Splunk log masking regex help

Heavy forwarder

Alerts data model

Read from inputs.conf file

Getting data from dynamodb to Splunk

onboarding azure signin logs to splunk

Log Ingestion - Custom Log Source

Upload csv file with escaped quotes

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout