Getting Data In

Discussions

Thread Info

TA-nmon fifo_reader.py, fifo_reader.sh, nmon.fifo not running, permission denied

The TA-nmon is not sending data to 'nmon' index on my splunk instance. I was looking through the troubleshoot guide f...

by Explorer in

Splunk field transformations page UI

Hi , I have installed Splunk version 7.2.6 in some of the servers and I don't see the type dropdown in one of ...

by Builder in

how to input encrypted files like PGP encrypted files

Hello Everyone, Does anyone know if there is any method in Splunk to index encrypted input files like PGP encrypted...

by Explorer in

Ingest Esxi logs through vrealize into Splunk via syslog

Hi All, I want to ingest ESXi logs through vrealize in Splunk via syslog. Is there any app to get these logs parse ...

by New Member in

Get Teamcity database in Splunk

Hi,I want to integrate Teamcity with splunk so that I can fetch teamcity database in to splunk. What is the best poss...

by Contributor in

Splunk_TA_nix local inputs.conf not allowing multiple indexes

I created a Splunk_TA_nix/local/inputs.conf. I created 2 different indexes in indexes.conf. And then I created an ...

by Loves-to-Learn Lots in

ESET endpoint logs

Hi , i am currently integrating logs from ESET endpoint security server , we have configured ESET to send logs...

by Explorer in

Monitoring FIles from Diretories

Why my files that read from directories not showing the event?

by Engager in

Oracle Cloud (OCI) WAF Logs Ingestion

Hi, Does anyone know how to ingest the WAF logs generated by the Oracle Cloud Web Application Firewall service? The...

by Explorer in

Prevent events from ingesting

Hello, after connecting AWS add-on and configuration, I have this query which is filling my index with much unwa...

by New Member in

Is it possible to Mask or perform linebreaking on older data on Search Head??

Hi,We have a dataset that has improper line breaking on few of the events in it. We have added configuration to inges...

by New Member in

Props.confで、タイムスタンプに時間修正を加えて_timeに格納できない

複数の時間が入っているログから、特定のフィールドのタイムスタンプを一つを選択し、時間を変更した上で、タイムスタンプ（_time）に格納したいのですが、うまくできません。例えばログは以下の様なものです。 580 <158>1 202...

by Observer in

Sysmon App and Add-on installation failure

I wanted to install Sysmon App for Splunk (App) and Microsoft Sysmon Add-on (Add-on) on my development server (Splunk...

by Observer in

Use OSSEC archives.log to collect logs of different systems

Hi all, I am trying to use OSSEC archives.log to collect logs of different systems. It can collect whatever you nee...

by Explorer in

Syslog forwarding to 3rd party: events are truncated at 1024 bytes

Hi at all, I have very long events (more than 10,000 chars) that I have to send via syslog (udp) to a third party s...

by Legend in

Powershell and crontab with universal forwarder not working as expected

I have done some really basic testing as i want to prove that this is not working correctly. I have added 3 scripts i...

by Observer in

send a subset of logs via syslog to a Third Party and all logs to Indexer

Hi at all, I have a problem that is described many times in Splunk docs but I didn't find my Use Case: I have...

by Legend in

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

I created an app named aufinputs_conf. The app simply contains inputs.conf that has the monitor stanza's below. This ...

by Path Finder in

How to configure my props.conf for a file with header in it?

Hello , I'm trying to configure my props.conf for one of the files in which it has header. I don't have any props.c...

by Explorer in

Powershell script not running on schedule

I'm running 2 powershell scripts on an Universal Forwarder version 7.0.1 to get all the users and systems from the AD...

by Path Finder in

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Getting Data In

Discussions

TA-nmon fifo_reader.py, fifo_reader.sh, nmon.fifo not running, permission denied

Splunk field transformations page UI

how to input encrypted files like PGP encrypted files

Ingest Esxi logs through vrealize into Splunk via syslog

Get Teamcity database in Splunk

Splunk_TA_nix local inputs.conf not allowing multiple indexes

ESET endpoint logs

Monitoring FIles from Diretories

Oracle Cloud (OCI) WAF Logs Ingestion

Prevent events from ingesting

Is it possible to Mask or perform linebreaking on older data on Search Head??

Props.confで、タイムスタンプに時間修正を加えて_timeに格納できない

Sysmon App and Add-on installation failure

Use OSSEC archives.log to collect logs of different systems

Syslog forwarding to 3rd party: events are truncated at 1024 bytes

Powershell and crontab with universal forwarder not working as expected

send a subset of logs via syslog to a Third Party and all logs to Indexer

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

How to configure my props.conf for a file with header in it?

Powershell script not running on schedule

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Syslog and Splunk?

Exchange log fowarding.

Splunk rest api result not returning aggregated fi...

input Tab doesnt load : Mircosfot azure add on

Help with building REST API input in Splunk addon ...