Getting Data In

Thread Info

Using different certificates for TCP and HEC Input results in 'unknown CA' error

I recently started using the HEC with TLS on my standalone testing instance and now I am seeing some behavior that I ...

by Path Finder in

Why is User is not allowed to modify the job error?

Hi all. One of our users cannot upload files to splunk with the error "User is not allowed to modify the job". Th...

by Explorer in

Log retention with archiving in Splunk for a specific index

Hello, I'm looking to set up a log retention policy for a specific index, for example index=test. Here's what I'd...

by Communicator in

Outdated OS

Where can i get list of all outdated OS for my dashboard. Is there a site or something

by Path Finder in

Splunk Server logs to 3rd party using an Indexer

We have installed Splunk in windows and we want to send windows logs from Search Head, LM and CM to 3rd party using a...

by Loves-to-Learn Everything in

Splunk Slowness

What are the reasons for the slowness observed in the Splunk Mission Control incident review dashboard?

by Explorer in

Unique universal forwarder to multiple destinations

Hello, Is it possible to have only 1 Universal Forwarder installed on a Windows server and this UF sends data to 2 ...

by Explorer in

Loosing logs for a specific host in several hours.

Hi All. Using Splunk for collecting logs from different devices. But logs from on devices on the network , is not...

by Observer in

Why is my log file sometimes ignored?

Self-answered question follows. Perhaps it will help someone else in the same boat. I have a file called portal-se...

by Influencer in

Extract key=value into field

[cmd_data=list cm device recusive] splunk auto extracts just [cmd_data=list] End result - be able to filter on cm...

by New Member in

ESXi and vSphere logs

Hello all, I am reviewing the Splunk add-on for vCenter Log and the Splunk add-on for VMware ESXi logs guides and h...

by Path Finder in

UF not in CMC

Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwa...

by Explorer in

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Hi Splunkers!!, We have recently configured SSO in Splunk using Keycloak, and it's working fine — users are able to...

by Motivator in

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

Hi, we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk (https://sp...

by Observer in

SourceTypes being changed by GUI

Hi All, Help please. Can I get people to agree with me that the following is a bug/design flaw - as my splunk cas...

by Path Finder in

Ingest-time lookup

Hello, has anyone worked with ingest-time lookup and familiar with it? https://docs.splunk.com/Documentation/Splunk...

by Path Finder in

Does props.conf support wildcards?

All, I found myself writing this props.conf today. Say I have this: [tomcat:src:server] EXTRACT-springapp_...

by Builder in

Can I send windows security logs using UF over HTTP to Logstash ?

Hello Experts , I am trying to send windows security logs to logstash(http) receiver . Below is what I have based ...

by Builder in

Splunk with CUCM

Hi Team,Greetings !! This is Srinivasa, Could you please provide Splunk with Unified Applications (CUCM) On-prem , ...

by Observer in

Delay during log ingestion from Azure

Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on...

by New Member in

OpenText NetIQ Logs onboarding via syslog

Hi All, Anyone who has worked with OpenText NetIQ Logs before? We are receiving the NetIQ logs via syslog, but th...

by Explorer in

Target data from specific Active Directory OU's

Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything els...

by New Member in

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f...

by Explorer in

Why to use syslog or tcp output?

Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c...

by Contributor in

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Using different certificates for TCP and HEC Input results in 'unknown CA' error

Why is User is not allowed to modify the job error?

Log retention with archiving in Splunk for a specific index

Outdated OS

Splunk Server logs to 3rd party using an Indexer

Splunk Slowness

Unique universal forwarder to multiple destinations

Loosing logs for a specific host in several hours.

Why is my log file sometimes ignored?

Extract key=value into field

ESXi and vSphere logs

UF not in CMC

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

SourceTypes being changed by GUI

Ingest-time lookup

Does props.conf support wildcards?

Can I send windows security logs using UF over HTTP to Logstash ?

Splunk with CUCM

Delay during log ingestion from Azure

OpenText NetIQ Logs onboarding via syslog

Target data from specific Active Directory OU's

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

Why to use syslog or tcp output?

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions