Getting Data In

Thread Info

Can you run multisite clusters with different OS?

Hi, I wanted to ask if multisite Splunk clusters can run different Operating systems without any issues. For ...

by New Member in

Local Windows Event [WinEventLog://Application]

Hi! I'm trying to collect the local splunk server Windows Application event logs. I would like them in non_XML form...

by Engager in

What are the configurations required to forward specific log messages to Splunk?

What are the configurations required to forward specific log messages to Splunk. Every log message that contains "...

by Loves-to-Learn in

How to downgrade a Heavy Forwarder to a Universal Forwarder?

The Splunk Documentation has steps to upgrade a Universal Forwarder to a Heavy Forwarder. But not any steps on downgr...

by Builder in

Not receiving all windows logs from clients

Hello, I'm trying to setup Splunk in a lab environment. I've got one windows client which I want to send logs over ...

by Path Finder in

Index emails to splunk

Hi Guys, We have a requirement where we need to index emails to be ingested into splunk. I know a couple of apps a...

by Path Finder in

monitor .bash_history and list monitor

Hi, we have got a inputs.conf with : [monitor:///home/.../.bash_history]disabled = 0crcSalt = <SOURCE>whitelist =...

by Path Finder in

WSUS - How to get approved / unapproved windows update logs?

Hi, We are able to fetch update logs from our WSUS server using add-on for windows. However, we want to display...

by Explorer in

Line Breaking without removing field

In my props.conf, I have LINE_BREAKER=field1 this breaks the events how I want but it removes field1 from every event...

by Explorer in

Escape special characters in DB Connect

Pulling database events with Splunk DB Connect I noticed that:1. New (non-existing) fields are created2. text fields ...

by Builder in

Getting 401 while connecting with token whereas able to connect with username and password

Hi, When i am using Splunk admin username and password, am able to get the indexes via below code HttpService...

by Explorer in

Which inputs.conf does "splunk add monitor" modify

I've been working with Splunk for many years and have always made changes via the .conf files. However, I recently a...

by Communicator in

Splunk App for Phantom Reporting

Hi Team, Splunk App for Phantom Reporting Testing 1 : If HEC token is created in HF, Indexes are created in...

by Builder in

What is the best approach to forward Logpoint syslog to Splunk?

Hi, I want to get all syslog data from a large Logpoint implementation to forward to Splunk. Is there a recommend...

by Path Finder in

Upload failed with WARN : supplied index 'Web' missing

I'm working to upload some data sets from the splunk tutorial page in order to learn how to use Splunk and am unable ...

by New Member in

Field description data input as fschange.

Hello Logs are being collected through fschange. Do you know the field description of the fschange log? Particu...

by Explorer in

Splunk Add-on for Microsoft Office 365 - Inputs configuration

Hello, On the HF of this add-on there is an Inputs configuration. On the Content Type drop down, there is a choice...

by Explorer in

Incomplete/Missing Data written from F5 Load Balancer to Splunk Syslog HF

Client's F5 Load Balancer is writing data to our Splunk Syslog Heavy Forwarder, but when searching in Splunk Search H...

by New Member in

Splunk Indexing Question

My index shows the latest event section "in an hour", I have never seen that before. What exactly does that mean?

by Path Finder in

Spool vs OneShot

What is the difference between using Spool vs OneShot CLI commands? Unfortunately I'm unable to install UFs or dire...

by Loves-to-Learn in

Performance Tuning or Other Hints for Windows Event Forwarding

We have been using WEF as our collection point for a while. We started out small but have expanded the range of even...

by Path Finder in

How to disable logging

We are currently running Splunk Enterprise, on-prem on a Linux VM and have a search head, with several forwarders. ...

by Explorer in

Microsoft web application proxy log format inputs.conf

I'm trying to configure my forwarder on a Windows server to send the Web Application Proxy logs. I'm using this form...

by Loves-to-Learn in

Unable to initialize modular input "checkpoint_opseclea"

Hi All, I am getting the below error in our SHC. Unable to initialize modular input "checkpoint_opseclea" def...

by Loves-to-Learn Lots in

PhantomRemoteSearch/Connecttosinglesplunk

Hi, We are integrating phantom with splunk using below doc https://docs.splunk.com/Documentation/PhantomRemoteSea...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can you run multisite clusters with different OS?

Local Windows Event [WinEventLog://Application]

What are the configurations required to forward specific log messages to Splunk?

How to downgrade a Heavy Forwarder to a Universal Forwarder?

Not receiving all windows logs from clients

Index emails to splunk

monitor .bash_history and list monitor

WSUS - How to get approved / unapproved windows update logs?

Line Breaking without removing field

Escape special characters in DB Connect

Getting 401 while connecting with token whereas able to connect with username and password

Which inputs.conf does "splunk add monitor" modify

Splunk App for Phantom Reporting

What is the best approach to forward Logpoint syslog to Splunk?

Upload failed with WARN : supplied index 'Web' missing

Field description data input as fschange.

Splunk Add-on for Microsoft Office 365 - Inputs configuration

Incomplete/Missing Data written from F5 Load Balancer to Splunk Syslog HF

Splunk Indexing Question

Spool vs OneShot

Performance Tuning or Other Hints for Windows Event Forwarding

How to disable logging

Microsoft web application proxy log format inputs.conf

Unable to initialize modular input "checkpoint_opseclea"

PhantomRemoteSearch/Connecttosinglesplunk

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!