Getting Data In

Community Activity

Windows Host field inconsistant Last week a large portion of our Windows hosts reported in with a different "host" value. This is causing all sorts o... by Jhyde517 Loves-to-Learn in Getting Data In 11-03-2021 0 0	0	0
Where does windows get its host field from? I have a few windows machines Light Forwarding in to a central indexer, sending just WinEventLogs for now. For most h... by Jason Motivator in Getting Data In 11-03-2021 4 12	4	12
Splunk cuts off json field in search results Hello,I have been struggling with something that probably is common sense to experts. Part of the Splunk messages tha... by mnikolov2793 Observer in Getting Data In 11-03-2021 0 3	0	3
How to force timezone for AWS Add-On Inputs (like CloudFront) With the AWS Add-On for Splunk (version 5.0.3) we can pull logs from a CloudFront S3 bucket via the "Generic S3" type... by rewtroy Explorer in Getting Data In 11-03-2021 0 2	0	2
The timestamp has a one hour offset Hello,I am using "Splunk_TA_juniper" and I noticed a new problem with timestamp: there is a one hour offset for the t... by djoiret Explorer in Getting Data In 11-03-2021 0 4	0	4
Clean Forwarder fishbuckets for one sourcetype Hi - I have a command to clean fish buckets in a forwarder - if i want to take back in data for testing etc...cd var/... by robertlynch2020 Influencer in Getting Data In 11-02-2021 0 1	0	1
AWS Lambda to SplunkCloud log ingestion (No CloudWatch) Hi!What's the best strategy if I want my AWS Lambda logs get ingested directly to SplunkCloud? I don't want my Lambda... by skyebrenzo New Member in Getting Data In 11-02-2021 0 0	0	0
Network toolkit Hi All, I'm using network toolkit's external lookup ping for monitoring server down in my environment, but after incr... by sharmaa5 Engager in Getting Data In 11-02-2021 0 0	0	0
Monitoring/Forwarding data on the Splunk server itself My apologies if this question seems mundane or was answered elsewhere but I have searched to no avail. I am complete... by mercierj Explorer in Getting Data In 11-02-2021 0 7	0	7
Throttle condition is suppressing each result output i want to suppress alert for next 4 hoursi am trying to use throttle along with each result trigger conditionsplunk ... by rahulg Explorer in Getting Data In 11-02-2021 0 2	0	2
Prevent duplicates from generic S3 input I've set up a generic S3 input and it's working pretty well. However, I sometimes get duplicate events.I believe the ... by cbreezier Engager in Getting Data In 11-02-2021 2 1	2	1
Data is not getting parsed on HEC I have props.conf[source::tcp:7660]TRUNCATE=10000000LINE_BREAKER = {\"timeNO_BINARY_CHECK = trueSHOULD_LINEMERGE = fa... by rahulg Explorer in Getting Data In 11-02-2021 0 6	0	6
Lookup row delete Hi,I've added a new row to an existing lookup file for testing the query and now I need to delete the last couple of ... by Raghul_S Engager in Getting Data In 11-01-2021 0 1	0	1
Can you run multisite clusters with different OS? Hi, I wanted to ask if multisite Splunk clusters can run different Operating systems without any issues.For example, ... by fatemabwesnet New Member in Getting Data In 11-01-2021 0 4	0	4
Local Windows Event [WinEventLog://Application] Hi! I'm trying to collect the local splunk server Windows Application event logs. I would like them in non_XML form... by steveo2 Engager in Getting Data In 11-01-2021 0 0	0	0
What are the configurations required to forward specific log messages to Splunk? What are the configurations required to forward specific log messages to Splunk.Every log message that contains "Sca... by ssoftility Loves-to-Learn in Getting Data In 11-01-2021 0 3	0	3
How to downgrade a Heavy Forwarder to a Universal Forwarder? The Splunk Documentation has steps to upgrade a Universal Forwarder to a Heavy Forwarder. But not any steps on downgr... by Stefanie Builder in Getting Data In 11-01-2021 0 2	0	2
Not receiving all windows logs from clients Hello,I'm trying to setup Splunk in a lab environment. I've got one windows client which I want to send logs over to ... by izyknows Path Finder in Getting Data In 11-01-2021 0 3	0	3
Index emails to splunk Hi Guys,We have a requirement where we need to index emails to be ingested into splunk. I know a couple of apps are ... by neeravmathur Path Finder in Getting Data In 11-01-2021 0 4	0	4
monitor .bash_history and list monitor Hi,we have got a inputs.conf with :[monitor:///home/.../.bash_history]disabled = 0crcSalt = <SOURCE>whitelist = \.bas... by jariw Path Finder in Getting Data In 11-01-2021 0 0	0	0
WSUS - How to get approved / unapproved windows update logs? Hi, We are able to fetch update logs from our WSUS server using add-on for windows. However, we want to display appro... by priyanka_231019 Explorer in Getting Data In 11-01-2021 0 0	0	0
Line Breaking without removing field In my props.conf, I have LINE_BREAKER=field1 this breaks the events how I want but it removes field1 from every even... by willcwhite Explorer in Getting Data In 11-01-2021 0 2	0	2
Escape special characters in DB Connect Pulling database events with Splunk DB Connect I noticed that:1. New (non-existing) fields are created2. text fields ... by altink Builder in Getting Data In 10-29-2021 0 0	0	0
Getting 401 while connecting with token whereas able to connect with username and password Hi, When i am using Splunk admin username and password, am able to get the indexes via below codeHttpService.setSslSe... by akshgpt25 Explorer in Getting Data In 10-29-2021 0 5	0	5
Which inputs.conf does "splunk add monitor" modify I've been working with Splunk for many years and have always made changes via the .conf files. However, I recently a... by tsheets13 Communicator in Getting Data In 10-29-2021 0 1	0	1