Getting Data In

Community Activity

Capability to upload image in Splunk Dashboard Studio Hi All,Which Capability do i assign to Splunk user to upload image in Dashboard Studio by krutika_ag Path Finder in Getting Data In 04-29-2025 0 1	0	1
1 hour from indexing to Splunk-Web Hello,Some of the forwarder installations are behaving strangely.They take an hour for the data to be indexed and dis... by chrisitanmoleck Path Finder in Getting Data In 04-29-2025 0 8	0	8
KV Store initialization has been not completed yet in SHC Dears,,,The KV Store initialization on our search head cluster was previously working fine. However, unexpectedly, we... by Mfmahdi Path Finder in Getting Data In 04-28-2025 0 2	0	2
Unable to remove prefix by SEDCMD in sourcetype but able to run in search I am trying to remove everything before the {<!-- --> character to preserve the JSON format. I am using SEDCMD-keepjson = s/^... by Alan_Chan Explorer in Getting Data In 04-27-2025 0 3	0	3
Why does linebreaking regex have no capturing groups? Hi Need help to fix the below error My Props : Sample events: by jackin Path Finder in Getting Data In 04-27-2025 0 10	0	10
Extracting a value from MQTT string before parsing to JSON I have an requirement to extract a value from an mqtt string before i parse it to json.Initially i was using MQTT Mod... by luminousplumz Engager in Getting Data In 04-26-2025 0 2	0	2
Can Windows UF send some EventCodes as XML and all othesr as Classic? Short question: can I configure my window UF inputs.conf to collect Security Event logs as renderXML=false , unless i... by SPL_Dummy Engager in Getting Data In 04-26-2025 0 2	0	2
How do I set timezone properly in props.conf? Our data source is generating syslog data using UTC. Time in the syslog header is formatted as Oct 22 15:51:14. We ma... by vpuri6004 New Member in Getting Data In 04-25-2025 0 5	0	5
Running rsyslog and Splunk Enterprise on the same machine Hi, I have a small lab (air gapped) with about 2 Linux servers not including the Splunk server and 25 Windows machin... by jkamdar Communicator in Getting Data In 04-25-2025 0 3	0	3
How to run a scripted input on only one of several heavy forwarders? We have a Splunk app that includes multiple scripted inputs.The app is deployed to 15 heavy forwarders, but we want o... by danielbb Motivator in Getting Data In 04-25-2025 0 4	0	4
_time is being set to mtime instead of parsed event time I have the following source log files:[root@lts-reporting ~]# head /nfs/LTS/splunk/lts12_summary.log2014-07-01T00:00:... by punkle64 Engager in Getting Data In 04-25-2025 0 11	0	11
Please help me out to understand the below configs We have one index os_linux which has 2 source type and i see props and transform is written .can you help me to under... by hemant_lnu Engager in Getting Data In 04-24-2025 0 1	0	1
How to Splunk the SAP Security Audit Log The post question did include the answer, but then it could not be marked as an answer, therefore I pushed the conten... by afx Contributor in Getting Data In 04-24-2025 3 28	3	28
Unable to get logs in splunk from mulesoft Hi, I have created a new token and index in splunk for my mulesoft project.These are the configurations I have done i... by fhatrick Loves-to-Learn in Getting Data In 04-24-2025 0 6	0	6
Akamai add-on logs are not populating. We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ... by Karthikeya Communicator in Getting Data In 04-24-2025 0 2	0	2
Unable to send events through log4j in Spark to Splunk We want to use splunk-library-javalogging to send logs via Log4j to Splunk ServiceEnvironment: Spark with log4j2 in ... by davidco Loves-to-Learn in Getting Data In 04-23-2025 0 5	0	5
Problem with DC windows Secure logs sending Hello team!We have a problem with sending data from several Domain Controllers to our splunk instance. We are collect... by ProPoPop Loves-to-Learn Lots in Getting Data In 04-23-2025 0 2	0	2
How to determine if data sent to HEC came in on Event or Raw endpoint Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really... by gn694 Communicator in Getting Data In 04-23-2025 0 4	0	4
add customerID to incoming data (event & metric) Hello,We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID.I've been ... by Andre_ Path Finder in Getting Data In 04-23-2025 0 2	0	2
CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel. Hi All,Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share your... by becksyboy Contributor in Getting Data In 04-23-2025 0 3	0	3
Palo alto Strata logging service logs Hi, I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON ... by Splunkers2 Observer in Getting Data In 04-23-2025 0 1	0	1
Why is linecount 2 when it's clearly 1? For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case? by danielbb Motivator in Getting Data In 04-22-2025 0 8	0	8
Filter/modify data prior to ingestion? Not sure this is even possible, but I'll ask anyway...I have application(s) that are sending JSON data into Splunk, f... by BogeyMan Loves-to-Learn Lots in Getting Data In 04-22-2025 0 1	0	1
Unable to view value from events Hi,Unsure what is the root cause as i was trying to do some minor adjustment to ignore the [ ] at the transforms.conf... by ws Path Finder in Getting Data In 04-22-2025 0 3	0	3
How to avoid indexing events twice Hi,I'm facing an issue where the same data gets indexed multiple times every time the JSON file is pulled from the FT... by ws Path Finder in Getting Data In 04-22-2025 0 10	0	10