Getting Data In

Community Activity

Problem with DC windows Secure logs sending Hello team!We have a problem with sending data from several Domain Controllers to our splunk instance. We are collect... by ProPoPop Loves-to-Learn Lots in Getting Data In 04-23-2025 0 2	0	2
How to determine if data sent to HEC came in on Event or Raw endpoint Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really... by gn694 Communicator in Getting Data In 04-23-2025 0 4	0	4
add customerID to incoming data (event & metric) Hello,We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID.I've been ... by Andre_ Path Finder in Getting Data In 04-23-2025 0 2	0	2
CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel. Hi All,Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share your... by becksyboy Contributor in Getting Data In 04-23-2025 0 3	0	3
Palo alto Strata logging service logs Hi, I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON ... by Splunkers2 Observer in Getting Data In 04-23-2025 0 1	0	1
Why is linecount 2 when it's clearly 1? For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case? by danielbb Motivator in Getting Data In 04-22-2025 0 8	0	8
Filter/modify data prior to ingestion? Not sure this is even possible, but I'll ask anyway...I have application(s) that are sending JSON data into Splunk, f... by BogeyMan Loves-to-Learn Lots in Getting Data In 04-22-2025 0 1	0	1
Unable to view value from events Hi,Unsure what is the root cause as i was trying to do some minor adjustment to ignore the [ ] at the transforms.conf... by ws Path Finder in Getting Data In 04-22-2025 0 3	0	3
How to avoid indexing events twice Hi,I'm facing an issue where the same data gets indexed multiple times every time the JSON file is pulled from the FT... by ws Path Finder in Getting Data In 04-22-2025 0 10	0	10
User Disable In earlier versions of splunk i remember there use to be an option to disable active user and it will then show as st... by Mridu27 Engager in Getting Data In 04-22-2025 0 3	0	3
Typo3 logs to Splunk Hi,I need recommendations on typo3 logs source type.Be default, I set source type as "typo3" in inputs.conf but logs ... by tech_g706 Path Finder in Getting Data In 04-21-2025 0 3	0	3
How to split a json array into multiple events? I'm looking for a way to split a JSON array into multiple events, but it keeps getting indexed as a single event.I've... by ws Path Finder in Getting Data In 04-21-2025 0 15	0	15
Inconsistency between search results between Splunk UI and Rest API & REST API itself Hi Community, I'm trying to extract search results using REST API and I'm facing the following problem. 1. I'm using... by siddharth1479 Path Finder in Getting Data In 04-18-2025 1 11	1	11
Edge Processor Destination not showing up in Pipeline I've been writing new pipelines to my Edge Processors when I discovered that no destination values are showing up for... by Bobert Observer in Getting Data In 04-18-2025 0 0	0	0
How can we determine the overall percentage of memory utilization on a Windows server? I've read through some of the Splunk documentation and previously one of my colleagues already configured the "Window... by tangtangtang12 Loves-to-Learn Lots in Getting Data In 04-17-2025 0 2	0	2
HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ? We have 40 dc server sending logs to onprem indexers but i see on Deployment server i can see only on App which has o... by Hemant_h Engager in Getting Data In 04-17-2025 0 2	0	2
Why are we missing Windows "WinEventLog:Security" event logs? I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se... by dionrivera Communicator in Getting Data In 04-17-2025 0 15	0	15
How to parse timestamp which is in epoch and assign it to the same field timestamp Hello All,I have log file which has the following content in json format, I would like to parse the timestamp and con... by sabollam Loves-to-Learn Lots in Getting Data In 04-17-2025 0 11	0	11
Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs As we have recently enabled various audit settings on our domain, we now have 4662 events being generated on the DCs.... by stemerdink Engager in Getting Data In 04-17-2025 0 3	0	3
ITSI Glass Table Hello Experts,In Splunk ITSI, we’re able to see the alerts in the Alerts table, but those alerts are not being reflec... by manideepa Engager in Getting Data In 04-16-2025 0 1	0	1
Trimming data and sending it through Cribl and Datadog So the title is pretty self explanatory. I have been approached and requested to trim logs. I had initially installed... by Abass42 Communicator in Getting Data In 04-16-2025 0 5	0	5
Integrating and Ingesting Atlassian Audit Logs into Splunk? Based on the article provided below we have updated our Atlassian settings to pull the Bitbucket logs into our Audit ... by anandhalagaras1 Contributor in Getting Data In 04-16-2025 0 4	0	4
Routing Sourcetype We are collecting the sourtype of the data we are currently receiving by changing it as follows.[A_syslog]TRANSFORMS-... by blanky Explorer in Getting Data In 04-16-2025 0 2	0	2
HEC configuration for AWS logs We have a architecture of 3 site multi cluster which contains 6 indexers (2 in each site), 3 search heads (one in eac... by Karthikeya Communicator in Getting Data In 04-16-2025 0 16	0	16
Ask Questions, Get Help about Data Manager for Splunk Cloud Hello from Splunk Data Manager Team,We are excited to announce the preview of Data Manager for Splunk Cloud. Before y... by wni Splunk Employee in Getting Data In 04-16-2025 3 22	3	22