Getting Data In

Discussions

Thread Info

UF 10.0 — splunk-winevtlog.exe crashes in VCRUNTIME140.dll / KERNELBASE.dll (EventCode=1000)

After upgrading to UF 10.0 we see many Application Error (EventCode=1000) crashes on a subset of servers only. Faulti...

by Engager in

Kindly build this in single query.

Hi, Sample Data (CSV format) – student_id,student_name,class,school,subject,score1,Alice,10A,School1,Math,852,B...

by Explorer in

Splunk stencil icons in LucidChart.com?

Has anybody gotten any of the Splunk stencil icons to import into LucidChart.com? There is an import for Omnigraffle ...

by Esteemed Legend in

Forwarder Management shows 0 agents

Hi all, Yesterday I had 8 Universal Forwarders visible in Forwarder Management. Today it shows 0. Environment S...

by Contributor in

Why is UBA data stopping send data

Hi everyone, I’m investigating an issue where UBA (User Behavior Analytics) data in Splunk appears to ha...

by Contributor in

how to apply the props and tranforms ?

Hi all, How to apply props.conf and transforms.confSample Log Data2024-09-01 12:10:22 student=Alice subject=Math sc...

by Explorer in

Parsing linux events from syslog to SC4S and Splunk Cloud.

Hello, Due to the requirements of the project I am working on, all events will arrive at Splunk Cloud from SC4S. Th...

by Engager in

Can we perform ingest rules on cooked data?

We have cooked data coming from HFs, is there a way to perform ingestion rules on this cooked data?

by Motivator in

DNS lookup failed for "$decideOnStartup": Host not found (authoritative)

When 'tail -f /opt/streamfwd/var/log/streamfwd.log' is executed Why do I get the following message? WARN [1406107...

by Explorer in

Dell PowerScale Add-on for Splunk - Configuration

I am trying to fetch the Dell PowerScale metrics data into splunk via HF. I have installed the Add-On on the HF, but ...

by Explorer in

KVstore failed to upgrade to 7.0 from 4.2 in Splunk enterprose version 9.4.1

This is what we are getting KVStore Upgrade Status:Upgrade Status: kvstore_upgrade_abortedStart Time: Mon Oct 6 21:52...

by New Member in

5 year data retention bucket setup

We have a requirement to have a 5 year data retention. Unfortunately, we discovered that Splunk has not been configur...

by Explorer in

Persistent Queue on Intermediate Heavy Forwarder

Hi All,I would like to confirm whether a persistent queue can be used on an Intermediate Heavy Forwarder that receive...

by Path Finder in

Opencti addon on Splunk cluster

Hello, is Splunk opencti addon compatible on Splunk cluster (shc)? From 2/3 search heads we are getting this error:...

by Motivator in

Legacy windows (XP, Server 2000) log onboarding to Splunk (without UF)

Hi team,Is there any way to onboard legacy windows (XP, Server 2000) logs to Splunk, without UF? Specifically non dom...

by Engager in

Standalone SH pulling data from Indexer Clustering - but indexer time settings not being applied by default.

Existing Env : 1. Indexer Clustering 2. Search head Clustering. For testing an Issue. I have a a standalone sea...

by Observer in

TA-MS-AAD Signin logs missing - help!

Hey gang, I'm using the Splunk Add on for Microsoft Azure to ingest AAD signin logs to Splunk under the azure:aad:sig...

by Contributor in

Forcing sourcetype on Heavy Forwarder

Hi, So I have a HF instance, which receive multiple types of syslog on many different ports. Ideally, you would hav...

by Path Finder in

Universal Forwarder installation on remote host

We need to install UF on remote application servers (linux/windows) but as a splunk admin, I don't have direct access...

by Path Finder in

we have daily ingestion of 7 TB but how do i know which source is sending how much data

splunk query to find how much data is coming via hec , how much data is coming via dbconnect , how much data is comin...

by Path Finder in

Db connect HTTP 400 Error

I am getting below error on my dbconnect, every thing was working fine HTTP Error 400, HEC response body: {"text":"...

by Communicator in

Splunk licensing pool warning not clearing

Hi, I accidentally uploaded too much data on one day (a jsonl file) and violated the 500mb limit in place for the s...

by Engager in

Splunk File Monitoring

Hello Splunkers, I have a question around Monitoring a same File from different server, The situation is Server1, S...

by Path Finder in

Integration of MS Exchange server with splunk

Dear All, I need your assistance in fetching Microsoft Exchange Server logs using the Splunk Universal Forwarder. ...

by New Member in

Issue with my search query

Greeting, I am trying to identify users who have not had any activity in O365 for over 180 days, however my search ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Getting Data In

Discussions

UF 10.0 — splunk-winevtlog.exe crashes in VCRUNTIME140.dll / KERNELBASE.dll (EventCode=1000)

Kindly build this in single query.

Splunk stencil icons in LucidChart.com?

Forwarder Management shows 0 agents

Why is UBA data stopping send data

how to apply the props and tranforms ?

Parsing linux events from syslog to SC4S and Splunk Cloud.

Can we perform ingest rules on cooked data?

DNS lookup failed for "$decideOnStartup": Host not found (authoritative)

Dell PowerScale Add-on for Splunk - Configuration

KVstore failed to upgrade to 7.0 from 4.2 in Splunk enterprose version 9.4.1

5 year data retention bucket setup

Persistent Queue on Intermediate Heavy Forwarder

Opencti addon on Splunk cluster

Legacy windows (XP, Server 2000) log onboarding to Splunk (without UF)

Standalone SH pulling data from Indexer Clustering - but indexer time settings not being applied by default.

TA-MS-AAD Signin logs missing - help!

Forcing sourcetype on Heavy Forwarder

Universal Forwarder installation on remote host

we have daily ingestion of 7 TB but how do i know which source is sending how much data

Db connect HTTP 400 Error

Splunk licensing pool warning not clearing

Splunk File Monitoring

Integration of MS Exchange server with splunk

Issue with my search query

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions