Getting Data In

Discussions

Thread Info

Doing Splunk Fundamental 2 Lab Exercises

Please I need help with ingesting data to do the Splunk Fundamental 2 Lab Exercises. The problem is that I have all t...

by Path Finder in

Props and transforms to strip syslog header from Zeek data

I am trying to strip the Syslog header from the Zeek data that I have coming in as the Corelight TA only likes the ra...

by Path Finder in

How can i get Splunk 8.0.5 to accept accented and special characters in a csv field name?

Hello, I recently upgraded from Splunk 7.3.2 to Splunk 8.0.5 and I noticed that the newer version does not manage s...

by Builder in

Git Hub integration with splunk

we are looking for the way to integrate the Git Hub(azure) logs (activities/admin actions ) with Splunk (on prem) w...

by Path Finder in

MS Cloud Services TA Auth error

We migrated the MSCS TA to a new HF and are receiving authentication errors even though we're using the same client i...

by Path Finder in

How to connect Apigee Edge to Splunk

Need help configuring a secure connection between Google Apigee Edge and Splunk. What parameters need to be set on t...

by Splunk Employee in

How to create a props.conf with PCRE in Source?

Hi I am monitoring dir paths on a syslog server with a UF. I have a few sources with different formats under the ...

by Contributor in

Splunk not indexing text file

Hi all, i have a simple splunk app that monitors a folder and indexes a text file that is overwritten every hour. It ...

by Loves-to-Learn Lots in

Script

Hello Guys, I want one as shell script in which i want to extract only sourcetype name and TIME_FORMAT attribute fr...

by Communicator in

Re-index data

How do I get the data re-indexed to same sourcetype which I deleted using the delete command. for eg. let...

by Explorer in

Splunk Input from S3

I am quite new to the Splunk currently Working on getting data from S3 file into Splunk. File Constraints -> 1) F...

by Explorer in

uf install didn't create inputs.conf

Hi, I installed a UF on a windows server, and asked it to monitor Forwarding Events, but I don't see anything crea...

by Champion in

Error while adding more than 1 Cisco device

Dear Experts, I am trying to add the data to monitor Cisco logs through Splunk, i am just able to add 1 device onl...

by New Member in

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

Hello, I have a scripted input with a CRON set to 50 5-23 * * * so that it "sleeps" between the hours of midnight a...

by Builder in

Monitor twice the same directory

Hello, i have syslog-ng running and got all my syslog messages from my access points and cisco switches to the same...

by Path Finder in

Splunk TA Stream ipv6

Has anyone tested 'streamfwd' for ipv6 ? .. /opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/strea...

by Engager in

Monitor CPU cores of a Linux machine

Hi, I have a Linux machine running on Centos 6.10 with a quad-core processor (16 threads) On Spl...

by Explorer in

Field extraction for custom waf log

Hello everyone, I am struggling with extracting the fields of a custom WAF log file as there is no sourcetype that ...

by Explorer in

How to determine you "host" name for an HEC endpoint

Sorry for the newbie question, but I can't seem to figure out how to use HEC. I am using a free cloud account. I firs...

by Explorer in

ssl module is not available

Hi, When trying to call some rest API's in a custom script using the request package, if the URL is https Splunk th...

by New Member in

Getting Data In

Discussions

Doing Splunk Fundamental 2 Lab Exercises

Props and transforms to strip syslog header from Zeek data

How can i get Splunk 8.0.5 to accept accented and special characters in a csv field name?

Git Hub integration with splunk

MS Cloud Services TA Auth error

How to connect Apigee Edge to Splunk

How to create a props.conf with PCRE in Source?

Splunk not indexing text file

Script

Re-index data

Splunk Input from S3

uf install didn't create inputs.conf

Error while adding more than 1 Cisco device

How do I set the CRON job for scripted inputs so that the timezone is not UTC?

Monitor twice the same directory

Splunk TA Stream ipv6

Monitor CPU cores of a Linux machine

Field extraction for custom waf log

How to determine you "host" name for an HEC endpoint

ssl module is not available

WMI does not collect data from servers that do not...

How to troubleshoot Complex Heavy Forwarder Flows

Splunk Add on for McAfee DAM (Database Activity Mo...

Splunk Input from S3

How do I set the CRON job for scripted inputs so t...