Getting Data In

Ask a Question

Discussions

Thread Info

Splunk Forwarder - Deployment Apps not being downloaded

Hi, The issue is that some servers with universal forwarder agent deployed on them are not being able to successful...

by Explorer in

404 Not Found on Restart SplunkWeb

What does the error below mean and how to remediate it? This is after running `splunk restart splunkweb` HTTP/1...

by Builder in

using splunk heavyforwarder to forward to syslog only not forwarding to index

log sources coming in from UniversalForwarderto Heavyforwarder looking to selectively forward to syslog without index...

by New Member in

How to find last 3 months data usage and what logs are genarated

Hello everyone, I have started using splunk enterprise from July , I have created hosts and forwarders for it , I...

by Explorer in

Configure BREAK_ONLY_BEFORE

I just want to configure BREAK_ONLY_BEFORE. When I save the source type, it automatically adds LINE_BREAKER. I do not...

by Path Finder in

Active User count in the application not working

I want to know the active user count of an application, the following is the query i created, however its not giving ...

by Path Finder in

SMB server logs not coming in into splunk

Hi All, We have configures below stanza on SMB server(UF) and splunk forwarder to collect SMB logs, [WinEventLog:...

by Loves-to-Learn Everything in

Heavy forwarder not sending syslog to indexer

Previously, my heavy forwarder is working fine. Able to search from latest logs in my searchhead. But upon testing an...

by Loves-to-Learn Everything in

I am trying to bring in windows logs from a clients server, but nothing is showing. I created a new application.

This is the inputs from the app I created for the windows logs: [WinEventLog://Application]index = replicate3disabl...

by Path Finder in

How to monitor and index .bz2 files in Splunk?

Hi, All. How to index compressed files in .bz2 format using Universal Forwarder installed on a Windows server? ...

by Loves-to-Learn Everything in

How to extract new fields from a JSON array?

Hi All! How to extract and create different fields by transforms when there is an array (JSON) with several fields ...

by Loves-to-Learn Everything in

UF+Indexer+nullQueue/Route = Zero

Hi, I need some help  scheme: 3 Universal Forwarders -> collecting/forwarding -> Indexer uf: Changed every ...

by Explorer in

Large JSON events not showing field in "Interesting fields"

Good morning all! I have a datasource that is valid JSON (I verified with python and jq). The entire event gets inges...

by Builder in

SSL Error Splunk DB connect add-on

Hello SPLUNKERS, We are seeing this error while integrating the SQL DB using DB connect add-on . Kindly let me know...

by Path Finder in

Nested logs are not parsed correctly

I have nested events that look like this in Splunk: container_id: 13243d84e63d8d5b56c5container_name: /ecs-stg-comp...

by Explorer in

Splunk DB Connect Error:Unable to initialize modular input "server"

Hello, We are seeing the below error after our linux upgrade, Could someone please help us fix this issue? Unable...

by Motivator in

HTTP data input

I'm trying to post REST data via HTTP to splunk. This works when using a pre-generated token to an HEC: POST /serv...

by Explorer in

Log files with different timezones (UTC)

I apologize since similar questions have been asked numerous times in the past. I have read several of them on this s...

by Explorer in

In a trellis layout, how come the "split by" field is only showing "Aggregations"?

I have some data which I have arranged in a table format, the names and [types] of which are as follows: error_typ...

by Engager in

zScaler LSS Log Ingestion

I have a set up a single-node test instance of Splunk to try and ingest zScaler LSS (not NSS) logs via a TCP input. H...

by Engager in

serverclass.conf whitelist from pathname not working

Hello, I've got a 100% Windows environment with a deployment server and I'm trying to configure server classes so w...

by New Member in

help on custom sourcetype for log parsing

Hello, I would like to reach out for some help in creating a custom sourcetype (cloned from _json), I'm calling it ...

by Explorer in

Universal Forwarder sending two sets of Windows Security Logs to two different indexer

I need the Universal Forwarders to send Windows Security Logs to two different indexers but the data I want to send h...

by Loves-to-Learn Lots in

Monitored txt file keeps re-indexing events

PLEASE HELP! This has been driving me mad for days! Every time an event is added, its re-reading the text file from...

by Path Finder in

SEDCMD Assistance Please

Howdy All, I am looking for some assistance with a SEDCMD. I am trying to clean up some XmlWineventlog:security ev...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Forwarder - Deployment Apps not being downloaded

404 Not Found on Restart SplunkWeb

using splunk heavyforwarder to forward to syslog only not forwarding to index

How to find last 3 months data usage and what logs are genarated

Configure BREAK_ONLY_BEFORE

Active User count in the application not working

SMB server logs not coming in into splunk

Heavy forwarder not sending syslog to indexer

I am trying to bring in windows logs from a clients server, but nothing is showing. I created a new application.

How to monitor and index .bz2 files in Splunk?

How to extract new fields from a JSON array?

UF+Indexer+nullQueue/Route = Zero

Large JSON events not showing field in "Interesting fields"

SSL Error Splunk DB connect add-on

Nested logs are not parsed correctly

Splunk DB Connect Error:Unable to initialize modular input "server"

HTTP data input

Log files with different timezones (UTC)

In a trellis layout, how come the "split by" field is only showing "Aggregations"?

zScaler LSS Log Ingestion

serverclass.conf whitelist from pathname not working

help on custom sourcetype for log parsing

Universal Forwarder sending two sets of Windows Security Logs to two different indexer

Monitored txt file keeps re-indexing events

SEDCMD Assistance Please

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!