Getting Data In

Community Activity

Delay during log ingestion from Azure Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on... by antnovo New Member in Getting Data In 05-15-2025 0 6	0	6
OpenText NetIQ Logs onboarding via syslog Hi All,Anyone who has worked with OpenText NetIQ Logs before?We are receiving the NetIQ logs via syslog, but the sour... by tech_g706 Path Finder in Getting Data In 05-14-2025 0 4	0	4
Target data from specific Active Directory OU's Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything else? ... by Mobyd New Member in Getting Data In 05-14-2025 0 2	0	2
Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup? I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f... by buzzard192 Explorer in Getting Data In 05-14-2025 0 4	0	4
Why to use syslog or tcp output? Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c... by GaetanVP Contributor in Getting Data In 05-13-2025 0 8	0	8
Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll... by sgutierrez Engager in Getting Data In 05-13-2025 1 4	1	4
Microsoft-AzureADPasswordProtection-DCAgent I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ... by Dilsheer_P Loves-to-Learn Lots in Getting Data In 05-13-2025 0 2	0	2
ingest_eval lookup not working I have the following transforms.conf file:[pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapping... by Niro Explorer in Getting Data In 05-13-2025 0 10	0	10
Ingest time lookup to add fields does not work I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1.I came across... by patelmc Explorer in Getting Data In 05-13-2025 0 2	0	2
ingest_eval works on AIO instance but different results when applied at the HF tier I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and... by Skins Path Finder in Getting Data In 05-13-2025 0 3	0	3
Moving cribl events to their own index Brand new to splunk, inherited a slightly configured system.I want to move certain cribl events to an index called vm... by dtamburin Engager in Getting Data In 05-13-2025 0 3	0	3
forward logs from HF to third-party using syslog i have used this approach to forward logs from specific index to third-party system in my case Qradar so i need to do... by KhalidAlharthi Explorer in Getting Data In 05-12-2025 0 10	0	10
Fortinet logs collected through syslog TCP with SC4S are not splitted correctly Hi all,I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP protocol... by Numb78 Explorer in Getting Data In 05-12-2025 0 3	0	3
WIndows 7 support I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. ... by twh1 Communicator in Getting Data In 05-12-2025 0 9	0	9
Streamfwd pcap filter compilation error I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa... by Mit Observer in Getting Data In 05-11-2025 0 1	0	1
Request for Best Practices on Collecting Essential Data from Endpoints to Splunk Dear Splunk Community,I am currently working on a project focused on identifying the essential data that should be co... by kn450 Explorer in Getting Data In 05-10-2025 0 6	0	6
Split JSON array into individual events on HF We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ... by nmohammed Builder in Getting Data In 05-09-2025 0 12	0	12
sc4s index re-route Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve... by capjacksparo Engager in Getting Data In 05-08-2025 0 5	0	5
call not properly authenticated Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ... by NatanS Explorer in Getting Data In 05-07-2025 1 8	1	8
UF keep looking for removed input stanza I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a .... by Na_Kang_Lim Path Finder in Getting Data In 05-06-2025 0 1	0	1
Defining Timestamp for HEC Input I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ... by Kieffer87 Communicator in Getting Data In 05-06-2025 1 10	1	10
Splunk Answers Content Calendar May 2025 Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll be spotlig... by Anam Community Manager in Getting Data In 05-06-2025 2 0	2	0
i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods 2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ... by tawfiq15 New Member in Getting Data In 05-06-2025 0 1	0	1
Redirecting specific logs using a regex Hi splunk community, I have a question on logs cloning/redirectionPurpose :Extract logs containing "network-guest", a... by Nicolas2203 Path Finder in Getting Data In 05-06-2025 0 19	0	19
Remove the index distributed setup Hi,After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distribut... by ws Path Finder in Getting Data In 05-05-2025 0 3	0	3