Getting Data In

Discussions

Thread Info

Good example of a working custom REST endpoint (but not an admin:* one)

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note...

by SplunkTrust in

Netskope onboarding

Hi, I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Spl...

by Explorer in

cloudwatch logs tagging

Expert advice needed. I was able to ingest cloudwatch logs for ecs and lambda with data manager Now i need to add...

by Loves-to-Learn in

pull Azure event hub logs to Splunk

How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh...

by Communicator in

Why doesn't my Ingest Action work?

I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi...

by Explorer in

How do I set up a KV Store lookup?

I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku...

by Motivator in

Splunk and Cisco Firepower Audit Logs

Hello folks, My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've be...

by Explorer in

Splunkforwarder Startup Error in Docker containers

Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUN...

by Explorer in

Turning off chunked encoding in Universal Forwarder

Hi, We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is ...

by Explorer in

Creating service account in splunk to re-assign the orphaned knowledge object

Hi, I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I...

by Communicator in

AWS logging to our Splunk

AWS logs to Splunk We need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk ins...

by Communicator in

Regex for multiline events where skipping lines is required.

I have multiline events where it is required to capture the error messages. The events are separated by "FAILED". ...

by Communicator in

Splunk Data Retention

we got a requirement to on-board new platform logs to Splunk. They will have 1.8 TB/day data to be ingested. As of no...

by Communicator in

Splunk data retention

I was newly aligned into a project and didn't have proper KT from the left ones. I have queries regarding my current ...

by Communicator in

Integration document for Cisco Cyber Vision with Splunk

I am looking for a document to integrate Cisco cyber vision integration with Splunk.

by Splunk Employee in

Change index based on source and index from different environments

Hello, we have Windows servers from two environments, we want WinEventLog source (Windows Events logs) to go in "wi...

by Motivator in

Can I bring the logs to see if a user on Azure has MFA enabled?

HI everyone, I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azu...

by Explorer in

Splunk UF version 9.4.1 install issue

OS Version: Server 2019 I'm trying to install Splunk UF in my test lab. Using the GUI install, I put all the necess...

by Observer in

Syslog-ng error

Hi, I setup the syslog-ng to receive syslog from devices and splunk HF on the same server will read those logs file...

by Explorer in

Having multiple Forwarders sharing the same Instance GUID

As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of...

by Explorer in

Akamai add-on logs are not populating.

We have installed Akamai add-on (https://splunkbase.splunk.com/app/4310) on our HF and installed Java and configured ...

by Communicator in

Change initial date then stop ingestion

I have disabled input (generic S3) of aws add-on for a year. After I enable it, it ingests old data so I disable it a...

by Path Finder in

Palo alto Strata logging service logs

Hi, I have onboarded palo-alto ...

by New Member in

Ingesting application logs from Docker container into Splunk Cloud

Hi everyone, I'm seeking advice on the best way to send application logs from our client's Docker containers into a...

by Engager in

How to solve duplicate GUIDs of Forwarders?

As the title suggests, I am having multiple Universal Forwarders sharing the same Instance GUID due to the mistake of...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Good example of a working custom REST endpoint (but not an admin:* one)

Netskope onboarding

cloudwatch logs tagging

pull Azure event hub logs to Splunk

Why doesn't my Ingest Action work?

How do I set up a KV Store lookup?

Splunk and Cisco Firepower Audit Logs

Splunkforwarder Startup Error in Docker containers

Turning off chunked encoding in Universal Forwarder

Creating service account in splunk to re-assign the orphaned knowledge object

AWS logging to our Splunk

Regex for multiline events where skipping lines is required.

Splunk Data Retention

Splunk data retention

Integration document for Cisco Cyber Vision with Splunk

Change index based on source and index from different environments

Can I bring the logs to see if a user on Azure has MFA enabled?

Splunk UF version 9.4.1 install issue

Syslog-ng error

Having multiple Forwarders sharing the same Instance GUID

Akamai add-on logs are not populating.

Change initial date then stop ingestion

Palo alto Strata logging service logs

Ingesting application logs from Docker container into Splunk Cloud

How to solve duplicate GUIDs of Forwarders?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Edge Processor Destination not showing up in Pipel...

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...