Getting Data In

Discussions

Thread Info

Sending router data to splunk for analysis

I am new at splunk.i have got a task to do and its like kind of monitoring home network security and for that i have ...

by New Member in

Filtering (discarding) logs using Heavy Forwarder. Regex filter fails after transforms reload

I'm using an on-prem Heavy Forwarder to filter some noisy logs coming in via syslog (HF is installed on syslog server...

by Explorer in

Microsoft Azure Add on for Splunk (TS-MS-AAD v 3.1.1) error:309 | _Splunk_ Unable to obtain access token

Hello I am installing a fresh new install of this app to replace our old version (1.2.4) I am using the same creden...

by Builder in

CPU Utilization of Splunk Forwarder running on Linux machine showing wrong values

Hi, I have two servers running on Centos that have Universal Forwarder installed and I've enabled the following...

by Explorer in

How to run a nested loop?

Hi, I have one field containing an array within an array. How can I run a for loop to query the nested arrays and...

by Engager in

Help extracting key value pairs within a grouped/nested field.

I'm trying to pull KV pairs from a event field, and having trouble. The issue is I don't know what the field names wi...

by Path Finder in

Rest api & splitting json events with fields and timestamps

Hi, im really struggling to split out events from my json at the moment. currently i only get a single event with m...

by New Member in

Extract JSON data within the logs ( JSON mixed with unstructured data)

We got a requirement to extract information from log file. The log file contains JSON data which is the bread-butter ...

by Super Champion in

how to write props and transforms.conf for docker services

I am getting output for docker services in linux server (docker ps -a - linux command) . it will list the services...

by Builder in

How do i get tiemstamp of when an index was created?

I basically i want to get a timestamp of when an index created in Splunk...I am aware that the timestamp of when each...

by Communicator in

How to write a monitoring stanza in inputs.conf to monitor a file in linux using splunk.

Hi All, Can any help me on how to write a stanza in inputs.conf to monitor a file in linux. Files to be monitored...

by Motivator in

Splunk Smartstore : Bucket status

Hi All, We have Indexer cluster configured on AWS EC2 Instances which is configured with Smart store. Since this ...

by Explorer in

List of servers sending logs to Heavy forwarder

Hello All, We have 20 indexers and 5 HF's in our Environment. HF's are forwarding their data to indexers. I'd n...

by Explorer in

Appendcols - Issue in the output of the query

Query1 : index="*" earliest=-1mon@mon latest=@mon| stats count O/P : 25,419,925,723 Query2 : index="*" earliest=-...

by Path Finder in

Index data from shell script with headers

I want to index a shell script output thro inputs.conf. I have configured the script [script://$SPLUNK_HO...

by Builder in

forwarder stopped in AIX

I installed splunk universal forwarder version 6 in AIX and it stopped automatically after some time. please let me k...

by Builder in

Capture historical data of processes in AIX

I am new to Splunk and was wondering if there is a way to capture the historical data of the amount of CPU or Memory ...

by Engager in

How do I locate KVstore & scripted based look ups?

Under lookups I see a few .csv based & few look up definitions. So where are the KVstore based or scripted based look...

by Builder in

Splunk field extractor ignors comma towards the end

I have a CSV with the following data 19,john doe,blue car,NAY,NA,YAY,,NIL,,,,NA,, There are 14 fie...

by Path Finder in

Splunk log management

I know splunk manages its own internal logs and there is log.cf and local-log.cfg. I am wondering can we manage log f...

by New Member in

Configured but Inactive Forwards, inspite of resolving Firewall issue. Why?

Hello I am trying to configure a forwarder between a Linux Machine and a Windows machine. My Splunk is installed o...

by New Member in

splunk forwarder up-gradation using tar file on custom path

Hi All, We are planning to upgrade splunk forwarders with ansible. We observed that our forwarders are running ...

by Path Finder in

The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate in

The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate...

by Loves-to-Learn Lots in

Cisco IOS

Have recently been administrating our Splunk deployments. My question is in the CISCO TA app our props.conf has [sour...

by Observer in

What is the best way to forward Vcenter and ESXi host logs to Splunk?

Hello, I am working on a project to get logs from Vcenter and ESXi host to Splunk . question 1 ) Is Vcenter ap...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Sending router data to splunk for analysis

Filtering (discarding) logs using Heavy Forwarder. Regex filter fails after transforms reload

Microsoft Azure Add on for Splunk (TS-MS-AAD v 3.1.1) error:309 | _Splunk_ Unable to obtain access token

CPU Utilization of Splunk Forwarder running on Linux machine showing wrong values

How to run a nested loop?

Help extracting key value pairs within a grouped/nested field.

Rest api & splitting json events with fields and timestamps

Extract JSON data within the logs ( JSON mixed with unstructured data)

how to write props and transforms.conf for docker services

How do i get tiemstamp of when an index was created?

How to write a monitoring stanza in inputs.conf to monitor a file in linux using splunk.

Splunk Smartstore : Bucket status

List of servers sending logs to Heavy forwarder

Appendcols - Issue in the output of the query

Index data from shell script with headers

forwarder stopped in AIX

Capture historical data of processes in AIX

How do I locate KVstore & scripted based look ups?

Splunk field extractor ignors comma towards the end

Splunk log management

Configured but Inactive Forwards, inspite of resolving Firewall issue. Why?

splunk forwarder up-gradation using tar file on custom path

The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate in

Cisco IOS

What is the best way to forward Vcenter and ESXi host logs to Splunk?

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

Configuring Splunk OTel Collector for Linux/Window...