Getting Data In

Thread Info

DBconnect cron schedule behavior

I used DBconnect to pull data from the database in every 1min *(cron: * /1 * * * *). I would like to ask if this sche...

by Explorer in

How to make my regex more efficient?

Hi, I've exceeded my configured match_limit in limits.conf with this regex: "log":\s"(?<log_source>.*?)\s(?<ISO8601...

by Communicator in

Forwarding Search Results on a schedule

I have a requirement to forward search results of a query to an indexer of an external organization. The volume of th...

by Contributor in

Regex to extract for fqdn

Hi - Was looking for some assistance in extracting the FQDNs from the paths below: /var/log/remote/ldap.inftech.net...

by Engager in

Novice question: transforming index and sourcetype for UDP/syslog

I'm trying to use our Splunk environment as a replacement for an older syslog server. We have multiple indexers, and ...

by Path Finder in

F5 Syslog Load Balancing

Hi, We setup an F5 VIP to load balance syslog input to several heavy forwarders on UDP 514. We're successfully rec...

by New Member in

Can wget be used instead of Curl to export data from Splunk using REST API ?

I am in a unique situation where I want to use Splunk's REST API to export data to a third party system. Looking at...

by Contributor in

Unable to see Eval fields on GUI

Hello Everyone, I have written props.conf in which i have added the below eval statement Eval-appname="newapp" ...

by Engager in

Integrate Splunk and Azure Log Analytics

what is the recommended way to integrate Splunk with Azure Log Analytics

by Contributor in

Batch input not working. Please help troubleshoot it

There is a csv file I had added to a a directory which HF monitors. That input is set as Batch input. Because the...

by Contributor in

UF on cloud servers to send log data to ON premise Splunk indexers

Looking for a process if possible to send cloud server log data to ON Premise Splunk indexers. Searched but nothing...

by Path Finder in

Forwarding windows event viewer logs to Splunk

I have installed Splunk on a Linux box and is listening for incoming on 9997. Our linux boxes send its syslog to it a...

by Communicator in

How to restore frozen archived data, multiple buckets, months of data?

I was recently asked to restore a couple months of data. After reading>>> https://docs.splunk.com/Documentation/Splun...

by Builder in

DateParserVerbose - Failed to parse timestamp

Hi Splunkers, I am facing the below time stamp issues. Could you please help me with this issue. 08-01-2021 22:49...

by Loves-to-Learn Everything in

set indexes dynamically in inputs.conf

I was able to set indexes dynamically in inputs.conf based off the source path folder name however, it seems like its...

by Explorer in

Securing Client side logging using HTTP Event Collector

I am sending client side logs (browser logs) to Splunk. I have setup an HTTP Event Collector (HEC) where I am sending...

by Engager in

Wineventlog and Sysmon on split indexes using the same source (WinEventLog://ForwardedEvents)

Hello everyone, I am collecting Windows Event Logs and Sysmon Logs from my Windows Domain to my WEF. From WEF using...

by Communicator in

JSON spath mvexpand

Hi, { [-] advisories: [ [+] ] number_of_device: 1 os_name: ios os_version: 1234 status: checked} Abov...

by Communicator in

Query format for viewing server name with count on respect of color

Hi Team, I am very new in Splunk and i need your help to change my query as per requirement Please vali...

by Engager in

UF remote to on-prem Splunk Enterprise best practices

We have several remote and traveling systems that we need to forward logs from to our on-prem Spunk environment. Splu...

by Communicator in

What's the best practice to get AWS data into the Splunk platform at scale?

What's the best practice to get AWS data, such as VPC Flow, CloudWatch, CloudTrail, into the Splunk platform at scale...

by Splunk Employee in

How to drop events on a heavy forwarder?

hi, I have a heavy forwarder configured this way inputs.conf[udp://514]sourcetype = syslogindex = abcconnection_hos...

by Explorer in

Preserve data on disconnected machine

I have a few endpoints with forwarders that need to be disconnected from the network for periods of time (up to a mon...

by Explorer in

Splunk Linux TA - packages script, some hosts have time in the future

I'm running what I believe to be a somewhat standard input, from the Splunk Linux TA. I just realized for some hosts...

by Path Finder in

Upgradation of Splunk for Symantec App

Hi @gcusello , We've been asked to upgrade our existing Splunk version(7.1.3) to 8.1. So for that we are now up...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

DBconnect cron schedule behavior

How to make my regex more efficient?

Forwarding Search Results on a schedule

Regex to extract for fqdn

Novice question: transforming index and sourcetype for UDP/syslog

F5 Syslog Load Balancing

Can wget be used instead of Curl to export data from Splunk using REST API ?

Unable to see Eval fields on GUI

Integrate Splunk and Azure Log Analytics

Batch input not working. Please help troubleshoot it

UF on cloud servers to send log data to ON premise Splunk indexers

Forwarding windows event viewer logs to Splunk

How to restore frozen archived data, multiple buckets, months of data?

DateParserVerbose - Failed to parse timestamp

set indexes dynamically in inputs.conf

Securing Client side logging using HTTP Event Collector

Wineventlog and Sysmon on split indexes using the same source (WinEventLog://ForwardedEvents)

JSON spath mvexpand

Query format for viewing server name with count on respect of color

UF remote to on-prem Splunk Enterprise best practices

What's the best practice to get AWS data into the Splunk platform at scale?

How to drop events on a heavy forwarder?

Preserve data on disconnected machine

Splunk Linux TA - packages script, some hosts have time in the future

Upgradation of Splunk for Symantec App

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions