Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Help with configuration: How to use Regex to Normalize data?

Dear All, I have a requirement to parse the data correctly. I am getting merged events and wants separate events f...

by Explorer in

How to write a query that will fetch logs that will identify files that were deleted?

Hi All, Some files has been deleted by someone from one of the server, I need to investigate on that. We only kno...

by New Member in

Syslog TCP port 514 or 6514- Having trouble connecting Endpoint Cloud to Splunk HF

Hi everyone, Thanks for taking time in reading this and providing your knowledge , since i've been struggling a b...

by Engager in

How to manipulate JSON before index?

(Single/standalone instance of splunk) I have been in a fight with these events for over a week now. I was hoping ...

by Path Finder in

How to write these Props & transforms configuration?

We have to filter the data which has Result=pass, status=200 and send the other logs to Splunk. we have received the ...

by Explorer in

Splunk DB Connect 3.6.0 and MySQL- having trouble with inputs

Hi! Im running Splunk DB Connect 3.6.0 on my HF (ver 8.0.9) and having some issues with one of my inputs. Im trying t...

by Explorer in

Why is Powershell input not receiving data?

I had a windows admin create a powershell script for me (requires code-signing, plus app whitelisting complexity), an...

by Motivator in

Why are my credentials not working when I run Splunk forwarder commands?

Whenever I run Splunk forwarder commands line splunk list monitor or splunk list forward-server I get prompted to ent...

by Path Finder in

Why is Indexer ignoring TZ setting?

I'm using an HTTP Event Collector to ingest Palo Alto logs from my syslog forwarders. Its using the raw endpoint: 'ht...

by Path Finder in

Why are there Delay/Missing logs from UF source?

Hello all, I have a clustered indexer and SH environment. I'm now noticing that there's a long delay in some of...

by Explorer in

Regex working on search but not props/transforms

I am trying to extract a single section from within some JSON. (The original event is wrapped in even more json). I h...

by Path Finder in

How can I break a multiline log by discarding the header and taking the rest?

Hello, I have a multiline log file, but each file comes with a header that I want to discard and only use the part of...

by Explorer in

How to index diag?

I generated a Diag and now i need to creat an index for it. how do i create it ?

by Loves-to-Learn in

Why are peer nodes not receiving data from Universal forwarder?

Hello, I recently setup a test environment(clustered deployment) on AWS to monitor and get data into the peer nodes...

by Explorer in

Does Splunk not get the date from each event in the gzip?

I'm working with some syslog data that is being pulled in from a gzip file. The data looks like this ...

by Communicator in

How to configure input.conf file to monitor multiple files from the same folder for multiple sourcetype.

folder1 we have multiple file f1,f2,f3,f4 need to configure all files for different sourcetypebelow is the query whic...

by Explorer in

Index Time Extractions Regex meeting character limit? (props.conf)

I have been fighting with a regex in my props.conf (Regex-working-on-search-but-not-props-transforms ) and after a lo...

by Path Finder in

How to set INGEST

There is no time field in my log and I tried to get time from the source file name I tried the settings below ...

by Path Finder in

How to apply source file date using INGEST as Time?

There's no time in my logYou want to extract the source file date using the INGEST command Source name /var/log/d...

by Path Finder in

Sophos Central Logs stopped coming to Splunk (logs ingested through sophos API)

Hi All, We got our Splunk deployment done from a 3rd party, which has completed the deployment and left already. Su...

by Observer in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Getting Data In

Discussions

Help with configuration: How to use Regex to Normalize data?

How to write a query that will fetch logs that will identify files that were deleted?

Syslog TCP port 514 or 6514- Having trouble connecting Endpoint Cloud to Splunk HF

How to manipulate JSON before index?

How to write these Props & transforms configuration?

Splunk DB Connect 3.6.0 and MySQL- having trouble with inputs

Why is Powershell input not receiving data?

Why are my credentials not working when I run Splunk forwarder commands?

Why is Indexer ignoring TZ setting?

Why are there Delay/Missing logs from UF source?

Regex working on search but not props/transforms

How can I break a multiline log by discarding the header and taking the rest?

How to index diag?

Why are peer nodes not receiving data from Universal forwarder?

Does Splunk not get the date from each event in the gzip?

How to configure input.conf file to monitor multiple files from the same folder for multiple sourcetype.

Index Time Extractions Regex meeting character limit? (props.conf)

How to set INGEST

How to apply source file date using INGEST as Time?

Sophos Central Logs stopped coming to Splunk (logs ingested through sophos API)

Creating Sourcetype form event data not data

Monitoring Exchange logs over CIFS

How to configure checking interval for Nagios comm...

How to cofnigure multiple Nagios command in agent_...

Db connect time problem- how to make event time an...