Getting Data In

Community Activity

SourceTypes being changed by GUI Hi All,Help please.Can I get people to agree with me that the following is a bug/design flaw - as my splunk case is g... by KeithH Communicator in Getting Data In 05-16-2025 0 6	0	6
Ingest-time lookup Hello, has anyone worked with ingest-time lookup and familiar with it?https://docs.splunk.com/Documentation/Splunk/8.... by tah7004 Path Finder in Getting Data In 05-16-2025 0 8	0	8
Does props.conf support wildcards? All, I found myself writing this props.conf today. Say I have this: [tomcat:src:server] EXTRACT-springapp_name =... by daniel333 Builder in Getting Data In 05-16-2025 0 5	0	5
Can I send windows security logs using UF over HTTP to Logstash ? Hello Experts , I am trying to send windows security logs to logstash(http) receiver . Below is what I have based on ... by vikas_gopal Builder in Getting Data In 05-15-2025 0 14	0	14
Splunk with CUCM Hi Team,Greetings !!This is Srinivasa, Could you please provide Splunk with Unified Applications (CUCM) On-prem , how... by sreddem Observer in Getting Data In 05-15-2025 0 1	0	1
Delay during log ingestion from Azure Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on... by antnovo New Member in Getting Data In 05-15-2025 0 6	0	6
OpenText NetIQ Logs onboarding via syslog Hi All,Anyone who has worked with OpenText NetIQ Logs before?We are receiving the NetIQ logs via syslog, but the sour... by tech_g706 Path Finder in Getting Data In 05-14-2025 0 4	0	4
Target data from specific Active Directory OU's Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything else? ... by Mobyd New Member in Getting Data In 05-14-2025 0 2	0	2
Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup? I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f... by buzzard192 Explorer in Getting Data In 05-14-2025 0 4	0	4
Why to use syslog or tcp output? Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c... by GaetanVP Contributor in Getting Data In 05-13-2025 0 8	0	8
Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll... by sgutierrez Engager in Getting Data In 05-13-2025 1 4	1	4
Microsoft-AzureADPasswordProtection-DCAgent I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ... by Dilsheer_P Loves-to-Learn Lots in Getting Data In 05-13-2025 0 2	0	2
ingest_eval lookup not working I have the following transforms.conf file:[pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapping... by Niro Explorer in Getting Data In 05-13-2025 0 10	0	10
Ingest time lookup to add fields does not work I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1.I came across... by patelmc Explorer in Getting Data In 05-13-2025 0 2	0	2
ingest_eval works on AIO instance but different results when applied at the HF tier I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and... by Skins Path Finder in Getting Data In 05-13-2025 0 3	0	3
Moving cribl events to their own index Brand new to splunk, inherited a slightly configured system.I want to move certain cribl events to an index called vm... by dtamburin Engager in Getting Data In 05-13-2025 0 3	0	3
forward logs from HF to third-party using syslog i have used this approach to forward logs from specific index to third-party system in my case Qradar so i need to do... by KhalidAlharthi Explorer in Getting Data In 05-12-2025 0 10	0	10
Fortinet logs collected through syslog TCP with SC4S are not splitted correctly Hi all,I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP protocol... by Numb78 Explorer in Getting Data In 05-12-2025 0 3	0	3
WIndows 7 support I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. ... by twh1 Communicator in Getting Data In 05-12-2025 0 9	0	9
Streamfwd pcap filter compilation error I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa... by Mit Observer in Getting Data In 05-11-2025 0 1	0	1
Request for Best Practices on Collecting Essential Data from Endpoints to Splunk Dear Splunk Community,I am currently working on a project focused on identifying the essential data that should be co... by kn450 Explorer in Getting Data In 05-10-2025 0 6	0	6
Split JSON array into individual events on HF We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ... by nmohammed Builder in Getting Data In 05-09-2025 0 12	0	12
sc4s index re-route Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve... by capjacksparo Engager in Getting Data In 05-08-2025 0 5	0	5
call not properly authenticated Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ... by NatanS Explorer in Getting Data In 05-07-2025 1 8	1	8
UF keep looking for removed input stanza I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a .... by Na_Kang_Lim Path Finder in Getting Data In 05-06-2025 0 1	0	1