Getting Data In

Community Activity

Splunk Not Collecting bash_history Logs from All Hosts in Real-Time Hello,I am trying to collect bash_history logs in real-time from multiple Linux hosts using Splunk. I have deployed t... by salikovsky Explorer in Getting Data In 03-05-2025 0 6	0	6
Handle log rolling and index yesterday's log file we have a scenario where we roll logs everyday. we want Splunk to index log file for yesterday only. We don't want to... by shabamichae Path Finder in Getting Data In 03-05-2025 0 5	0	5
What might be the reason for excessive logs in Windows event? I have around 800 users in my environment and the count of 4624 and 4634 is around 80,000 for the last 15 minutes. Wh... by omprakash9998 Path Finder in Getting Data In 03-05-2025 0 5	0	5
Using existing Splunkweb certificate to secure an addtional port We have an existing Splunk 9.1.3 Enterprise environment and run Splunkweb at port 8000 using an outside CA signed cer... by ptrsnk Explorer in Getting Data In 03-04-2025 0 8	0	8
Reindex and create new event for file when modtime changes, regardless of content I have a file I'm monitoring that changes several times a day. It is likely that sometimes the file contents will be ... by whar_garbl Path Finder in Getting Data In 03-04-2025 0 1	0	1
Pulling data into splunk via API What is the best practice to have a Splunk heavy forwarder call out to a third party API and pull logs into Splunk. M... by dolj Explorer in Getting Data In 03-04-2025 0 2	0	2
Splunk Add-on for Google Workspace giving 400 Error We are using the Splunk Add-On for GWS Version3.0.3 for Splunk Cloud and receiving this error when attempting to pull... by cbyrd Observer in Getting Data In 03-04-2025 0 1	0	1
Splunk Forwarder $xmlregex I'm looking for support on my $xmlregex Blacklist. I have checked as many previous tickets as I can and I'm still stu... by ashketchum New Member in Getting Data In 03-04-2025 0 1	0	1
universal forwarder Dear all, I have the following outputs.conf configuration:[tcpout] defaultGroup = my_indexers [tcpout:my_indexers] s... by hazem Path Finder in Getting Data In 03-04-2025 0 3	0	3
Re: What happens when the forwarder is configured to send data to a non-existent index? Hi All I get this message but the indexes does exist, not permanent , it happens at 01:00 in the morning some days Se... by JTS911 Explorer in Getting Data In 03-04-2025 0 1	0	1
Docker - Universal Forwarder service stops - Test basic https endpoint failed Hi,I am new to Splunk and running both Splunk Enterprise and Universal Forwarder in a Docker container (on the same h... by pmcl77 Loves-to-Learn Lots in Getting Data In 03-04-2025 0 9	0	9
How to Integrate Canary Honeypot with Splunk for Enhanced Security Monitoring? I’m implementing a Canary Honeypot in my company and want to integrate its data with Splunk. What key information sho... by KKuser Path Finder in Getting Data In 03-04-2025 0 1	0	1
JSON array not onbaording as expected Hello,I am having trouble onboaring json array data.I read many contributions , but i still having troublesThis is th... by harryvdtol Path Finder in Getting Data In 03-03-2025 0 3	0	3
How to integrate SentinelOne Singularity Enterprise data into Splunk Cloud? I want to integrate SentinelOne Singularity Enterprise data into my security workflows. What critical data (e.g., pro... by KKuser Path Finder in Getting Data In 03-03-2025 0 0	0	0
Integration between Confluent and Splunk We were told the following - Confluent Vendor has provided the Telemetry URL to configure in the Splunk's Open Teleme... by danielbb Motivator in Getting Data In 03-03-2025 0 1	0	1
HEC - verify what sources are using a HEC token We want to be able to monitor what sources/devices are using what HEC tokens.I know we can use _introspection to retr... by stevensk Explorer in Getting Data In 03-03-2025 0 10	0	10
Parsing issue in distributed Environment Hello Team,parsing issue I have built a distributed Splunk lab using a trial license. The lab consists of three index... by Namdev Loves-to-Learn Lots in Getting Data In 03-03-2025 0 6	0	6
flatterning BodyJson to match splunk TA for aws guardduty We have successfully ingested from an AWS SQS queue guardduty logsIts structured JSON , but the extracted records ar... by jonxilinx Path Finder in Getting Data In 03-01-2025 0 1	0	1
File growth rate must be higher than indexing or forwarding rate Hi guys,I am currently encountering an error that is affecting performance, resulting in delays with the file process... by Rakzskull Path Finder in Getting Data In 02-28-2025 0 11	0	11
Can we clone a splunk instance of Searchhead and indexer and add the new VM to the cluster Hi ,We have a cluster of 3 searchheads and 3 indexers 2+1 primary and DR setup for both indexers and searchhead. If a... by bapun18 Communicator in Getting Data In 02-28-2025 0 3	0	3
Sending JSON log via rsyslog. Hi colleagues, hope everyone is doing well! I need some advice.I have a server that writes logs to /var/log/test_log.... by gitingua Communicator in Getting Data In 02-28-2025 0 4	0	4
Can splunk ingestion pipeline drop or route older events? Is there an option to drop older events from the pipeline? Older events can cause frequent bucket rolling and most li... by hrawat Splunk Employee in Getting Data In 02-28-2025 0 2	0	2
Unable to use nullqueue properly for a Storage Account input Hi everyone,We are pulling Firewall data from a Storage Account containing several categories. There is one specific ... by att35 Builder in Getting Data In 02-27-2025 0 2	0	2
Pushing Powershell Scripts out via Universal Forwarder - Specifying specific hosts I would like to run powershell scripts and commands out to my endpoints via the Universal Forwarder, but based on the... by kjehth93 New Member in Getting Data In 02-27-2025 0 1	0	1
Why is my sourcetype configuration for JSON events with INDEXED_EXTRACTIONS making each extracted field multivalue with duplicate values? I have a Python script configured as a data input that generates one JSON object per line containing events. This is ... by asieira Path Finder in Getting Data In 02-27-2025 10 13	10	13