Getting Data In

Community Activity

Onboarding MOVEit Server Database logs to Splunk How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method? by msatish Path Finder in Getting Data In 05-05-2025 0 1	0	1
DB connection errors- no Http Event Collectors available Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below... by juhiacc Explorer in Getting Data In 05-03-2025 0 3	0	3
How to upload a csv from a host that has a universal forwarder? We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo... by danielbb Motivator in Getting Data In 05-02-2025 0 2	0	2
How to Drop Events Larger Than 10,000 Bytes Before Indexing? Hi everyone,I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they get i... by yashb Engager in Getting Data In 05-01-2025 0 3	0	3
Do not run Powershell script when Splunk starts Hi,I want to run a Powershell script on a Windows universal forwarder according to a cron schedule. My input looks si... by splunk310805 Observer in Getting Data In 04-30-2025 0 1	0	1
When using the Field Extractor can you use the same name for a field? will it append or add to the original field create When using the Field Extractor can you use the same name for a field? will it append or add to the original field cre... by Cheng2Ready Communicator in Getting Data In 04-29-2025 0 1	0	1
Capability to upload image in Splunk Dashboard Studio Hi All,Which Capability do i assign to Splunk user to upload image in Dashboard Studio by krutika_ag Path Finder in Getting Data In 04-29-2025 0 1	0	1
1 hour from indexing to Splunk-Web Hello,Some of the forwarder installations are behaving strangely.They take an hour for the data to be indexed and dis... by chrisitanmoleck Path Finder in Getting Data In 04-29-2025 0 8	0	8
KV Store initialization has been not completed yet in SHC Dears,,,The KV Store initialization on our search head cluster was previously working fine. However, unexpectedly, we... by Mfmahdi Path Finder in Getting Data In 04-28-2025 0 2	0	2
Unable to remove prefix by SEDCMD in sourcetype but able to run in search I am trying to remove everything before the {<!-- --> character to preserve the JSON format. I am using SEDCMD-keepjson = s/^... by Alan_Chan Explorer in Getting Data In 04-27-2025 0 3	0	3
Why does linebreaking regex have no capturing groups? Hi Need help to fix the below error My Props : Sample events: by jackin Path Finder in Getting Data In 04-27-2025 0 10	0	10
Extracting a value from MQTT string before parsing to JSON I have an requirement to extract a value from an mqtt string before i parse it to json.Initially i was using MQTT Mod... by luminousplumz Engager in Getting Data In 04-26-2025 0 2	0	2
Can Windows UF send some EventCodes as XML and all othesr as Classic? Short question: can I configure my window UF inputs.conf to collect Security Event logs as renderXML=false , unless i... by SPL_Dummy Engager in Getting Data In 04-26-2025 0 2	0	2
How do I set timezone properly in props.conf? Our data source is generating syslog data using UTC. Time in the syslog header is formatted as Oct 22 15:51:14. We ma... by vpuri6004 New Member in Getting Data In 04-25-2025 0 5	0	5
Running rsyslog and Splunk Enterprise on the same machine Hi, I have a small lab (air gapped) with about 2 Linux servers not including the Splunk server and 25 Windows machin... by jkamdar Communicator in Getting Data In 04-25-2025 0 3	0	3
How to run a scripted input on only one of several heavy forwarders? We have a Splunk app that includes multiple scripted inputs.The app is deployed to 15 heavy forwarders, but we want o... by danielbb Motivator in Getting Data In 04-25-2025 0 4	0	4
_time is being set to mtime instead of parsed event time I have the following source log files:[root@lts-reporting ~]# head /nfs/LTS/splunk/lts12_summary.log2014-07-01T00:00:... by punkle64 Engager in Getting Data In 04-25-2025 0 11	0	11
Please help me out to understand the below configs We have one index os_linux which has 2 source type and i see props and transform is written .can you help me to under... by hemant_lnu Engager in Getting Data In 04-24-2025 0 1	0	1
How to Splunk the SAP Security Audit Log The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the conten... by afx Contributor in Getting Data In 04-24-2025 3 28	3	28
Unable to get logs in splunk from mulesoft Hi, I have created a new token and index in splunk for my mulesoft project.These are the configurations I have done i... by fhatrick Loves-to-Learn in Getting Data In 04-24-2025 0 6	0	6
Akamai add-on logs are not populating. We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ... by Karthikeya Communicator in Getting Data In 04-24-2025 0 2	0	2
Unable to send events through log4j in Spark to Splunk We want to use splunk-library-javalogging to send logs via Log4j to Splunk ServiceEnvironment: Spark with log4j2 in ... by davidco Loves-to-Learn in Getting Data In 04-23-2025 0 5	0	5
Problem with DC windows Secure logs sending Hello team!We have a problem with sending data from several Domain Controllers to our splunk instance. We are collect... by ProPoPop Loves-to-Learn Lots in Getting Data In 04-23-2025 0 2	0	2
How to determine if data sent to HEC came in on Event or Raw endpoint Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really... by gn694 Communicator in Getting Data In 04-23-2025 0 4	0	4
add customerID to incoming data (event & metric) Hello,We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID.I've been ... by Andre_ Path Finder in Getting Data In 04-23-2025 0 2	0	2