Getting Data In

Thread Info

Couldn't determine $SPLUNK_HOME or $SPLUNK_ETC ,SETTING $SPLUNKHOME (LINUX)

Hey guys I am getting an error on my ubuntu server "Couldn't determine $SPLUNK_HOME or $SPLUNK_ETC :perhaps one shou...

by Engager in

List of indexer and list of indexes for each indexer

In the distributor environment how do i pull the report for List of indexer and list of indexes for each indexer - no...

by Explorer in

How to delete data / index (reset start from scratch)

From UI it seems easy to add data but I don't see an option to delete existing data from index. I need the quick an d...

by Explorer in

Get a long string in a form of array without using Rex

Hi Team, I have a field that has the data in this format below : [ { data data data }],[ {data data data}] As y...

by Path Finder in

Overwrite index on each local csv file data pulling

I have a need to overwrite an index every time a continously monitored local csv file is modified. This index shoul...

by Path Finder in

Split a nested json array with key/value pairs

Hi all, Im trying to manually upload the following JSON file into splunk enterprise however its producing one event...

by Path Finder in

Qualys IOError Activity log

Hi, We're currently using host detection among other api calls with the Qualys app. I recently tried utilizing the ...

by Path Finder in

Enterprise causing server to freeze

I admin a Splunk Enterprise instance for an isolated LAN that has 3 workstations and two DCs (1 is file server, 2 is ...

by Communicator in

Custom Search Command pass arguments as subsearch

I need to pass two values to my Custom Search Command. These are my Options: x = Option(require=T...

by Loves-to-Learn in

Custom search command Values for these required options are missing: ...

I need to pass to my python custom search command two values: x and y. I found some examples where it's shown this:...

by Loves-to-Learn in

Why does the _json default sourcetype work, but a clone of it doesn't?

Hello! Running Splunk Enterprise 8.0.5. I have a scripted input that calls an Azure Event Hub and parses the json...

by Motivator in

Json parsing - Failed to parse timestamp

Hi all, I'm quite new to splunk. I've been testing the manual upload of the following json file to splunk enterpris...

by Path Finder in

Replications not happening for certain buckets (version 6.3.1).

We have a single-site indexer cluster with 2 indexers and one cluster master. We are seeing some issues related to on...

by Explorer in

Monitoring a config file, index only the changes

Hello there, First off, im new to Splunk and im evaluating if all our auditing / monitoring / reporting needs can ...

by Loves-to-Learn Lots in

Windows - Filtering Forwarded Events based on LogName

I have a use-case: There is a WEC server receving logs from a server farm. I need to forward only security events f...

by SplunkTrust in

Need help with REST API on Splunk Cloud

Hello, I have a request to receive the data from an application into splunk cloud using REST API. Opt 1: Requeste...

by Motivator in

Integrate Crowdstrike with Splunk

Looking for a documentation where the steps are mentioned to get the crwodstrike logs on Splunk. What is the procedur...

by New Member in

Splunk DB Connect: Install on SQL Server itself?

I've been surfing the documentation for Splunk DB Connect, and can't find any indication that I need to install anyth...

by Path Finder in

Indexing and parsing Azure AD logs

I am new to splunk, we are currently trying to configure Splunk to parse AzureAD logs being received from a Syslog se...

by Path Finder in

HEC replacing underscore (_) with space ( )

I'm working with Proofpoint Threat Response events that are being sent to our instance of Splunk using an HEC connect...

by Contributor in

Windows Forwarder to read eventlog from another windows server

Hi Friends, We have old 2003 Windows server where we can not install UF anymore. So we want to read EventLogs from ...

by Path Finder in

Unpacking and Uploading certain files from an archive automatically/scripted

What is the best way to get data into Splunk from a zip file (files in different subfolders of the zip) in an automat...

by Engager in

AGREETOLICENSE not agreeing? Windows10

I'm trying to install Splunk UF through an MDM onto windows 10 but i'm running into an issue with the AGREETOLICENSE ...

by New Member in

Same sourcetype different data sets

I have a source type for multiple CSV files where it is configured as with a no_timestamp. For now I have used this ...

by Contributor in

How to pull logs into Splunk from Proofpoint via APIs or any other methods from a Proofpoint Cloud instance?

Has anyone done Splunk and Proofpoint Cloud instance integration? I am looking for help to pull the logs from Proofpo...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Couldn't determine $SPLUNK_HOME or $SPLUNK_ETC ,SETTING $SPLUNKHOME (LINUX)

List of indexer and list of indexes for each indexer

How to delete data / index (reset start from scratch)

Get a long string in a form of array without using Rex

Overwrite index on each local csv file data pulling

Split a nested json array with key/value pairs

Qualys IOError Activity log

Enterprise causing server to freeze

Custom Search Command pass arguments as subsearch

Custom search command Values for these required options are missing: ...

Why does the _json default sourcetype work, but a clone of it doesn't?

Json parsing - Failed to parse timestamp

Replications not happening for certain buckets (version 6.3.1).

Monitoring a config file, index only the changes

Windows - Filtering Forwarded Events based on LogName

Need help with REST API on Splunk Cloud

Integrate Crowdstrike with Splunk

Splunk DB Connect: Install on SQL Server itself?

Indexing and parsing Azure AD logs

HEC replacing underscore (_) with space ( )

Windows Forwarder to read eventlog from another windows server

Unpacking and Uploading certain files from an archive automatically/scripted

AGREETOLICENSE not agreeing? Windows10

Same sourcetype different data sets

How to pull logs into Splunk from Proofpoint via APIs or any other methods from a Proofpoint Cloud instance?

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions