Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

exchange

Hello. how to collects microsoft exchange 2019 audit logs to splunk

by Explorer in

federated search in splunk

What is the difference between standard and transparent federated search type in splunk with examples or usecase?

by New Member in

UF inputs.conf stanza

I'm working on an input.conf from a universal forwarder when I noticed the first stanza is missing a ] ex:[WinEvent...

by Engager in

How to increase indexer speed or size to write disk?

Recently I upgraded splunk enterprise to 9.0.2 version. After few days, Index queue fill ratio is 100% and indexing...

by Loves-to-Learn in

Trying to extract field and trim log after?

Hello everyone! I am trying to extract hostname from syslog-heading, and after trim it? Is it technically possible? ...

by Contributor in

How can I black list event code and user type?

I'm trying to blacklist the event code 4634 when user_type = computer. I'm using the below blacklist in my inputs.co...

by New Member in

How to get linux logs to blacklist in input.conf?

Hi Team, getting huges audit logs and wanted to blacklist in input.conf . index=*linux* source="/var/log/audit...

by Explorer in

How to write a Splunk search to get to a field value that belongs to particular field?

Good day, i am using search query to correlate one field belongs and related jobs for that field i am using bel...

by Path Finder in

What are the best practices for defining source types?

I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the...

by Splunk Employee in

Getting in the commands from cisco devices

Hi, I collected the cisco deviceslog with "Cisco Networks Add-on for Splunk Enterprise". And install "Cisco Networks...

by Explorer in

TIME_PREFIX configuration is not working

Hi All, We are working in Splunk Cloud environment, I want to deploy custom the TIME_PREFIX configuration for one o...

by Path Finder in

Why does the indexer peer node takes hours to join cluster?

I have a case where some indexers take 4 to 5 hours to join the cluster. The system shows no/little system usage (CPU...

by Explorer in

Servicenow Integration

I have setup servicenow to splunk integration and coming to the inputs, I have turned on the Splunk sys user group a...

by Motivator in

Splunk rejects syslog messages

Hello, everyone I've "all-in-one" splunk installation, configured syslog input, but input messages are rejected. ...

by Contributor in

How to pass conditional field names for a field in props.conf stanza?

There is a threat log with 2 sub_types (url and vulnerability) and sample data are as below. panwlogs-,2022-12-15T0...

by New Member in

Are any default apps in universal forwarder unnecessary?

I just installed universal forwarder, And was deploying my first app using DS, I came accros few apps in place pri...

by Communicator in

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

Hello i have two windows event collectors. 3 domain controllers send their events to one event collector (WEC01), and...

by Path Finder in

When monitoring CSV file on Windows, it only ingests top line and inconsistent events?

We have a distributed splunk (8.x) environment on-prem, with CM and 3 peers, 2 SH, 1 deployment server, and many clie...

by Path Finder in

Where and how do I configure a sourcetype for generic xml?

Hey there! I'm trying to monitor(batch)) a folder congaing xml files, the XML files don't necessarily have th...

by Explorer in

What is the recommended method to ingest exported sysmon logs?

Context: I have an external client that uses Arctic Wolf for sysmon logs on their endpoints and need to ingest those ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

exchange

federated search in splunk

UF inputs.conf stanza

How to increase indexer speed or size to write disk?

Trying to extract field and trim log after?

How can I black list event code and user type?

How to get linux logs to blacklist in input.conf?

How to write a Splunk search to get to a field value that belongs to particular field?

What are the best practices for defining source types?

Getting in the commands from cisco devices

TIME_PREFIX configuration is not working

Why does the indexer peer node takes hours to join cluster?

Servicenow Integration

Splunk rejects syslog messages

How to pass conditional field names for a field in props.conf stanza?

Are any default apps in universal forwarder unnecessary?

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

When monitoring CSV file on Windows, it only ingests top line and inconsistent events?

Where and how do I configure a sourcetype for generic xml?

What is the recommended method to ingest exported sysmon logs?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...