Getting Data In

Discussions

Thread Info

Can we have fewer Heavy Forwarders than Indexers?

by Splunk Employee in

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use?

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use? It is integrated ...

by Builder in

Microsoft Azure Addon for Splunk throwing error "log_error:309 | _Splunk_ Unable to obtain access token"

After configuring the addon as specified in the document, the error logs are showing "log_error:309 | _Splunk_ Unable...

by Explorer in

Java SDK Program Connection Reset

I created a first Java program with Splunk SDK and set scheme to "http". But I haven't this "Exception in thread "mai...

by Observer in

Can't receive logs from AD W2019

Hi, We have installed and configured Splunk in a Linux machine with the objective of receiving data from an AD in a...

by Explorer in

Frequency of kube:objects:pods sourcetype events

Hi all, Do you know, how to set up the frequency for the sourcetype="kube:objects:pods" events? Right now, in our s...

by Loves-to-Learn in

Not able to search index=_internal from searchead

I'm trying to do a search against index=_internal but I do not see this index on my searchhead. I do see it when I...

by Engager in

Integrating Tata Communication Microsoft Teams with Splunk

Hi Team, I believe Tata communication launches its services for Microsoft teams so that there would be direct calli...

by Contributor in

Please help with LINE BREAKING/Truncate issue

Hello, Can anyone please help me with the line breaking and truncate issue which I am seeing for the nested Json ev...

by Motivator in

How to fetch HTTP Headers in HTTP Event Collector

Hi Team, I am trying to integrate Shodan notification (Webhook) with Splunk. I have configured HTTP Even Collecto...

by Engager in

Windows UF ignores CSV header until restart

I have a simple CSV file input on a Windows UF with a header of field names in the top row. The file is overwritten d...

by Builder in

Merge lines from rotated file

Hello, I have some difficulties to ingest properly logs from rotated file, where the rotation is fully handled by a...

by Explorer in

Indexing all text log files in a directory

I have a directory with about 750 log files. The files are all text files and the total size of this directory is 117...

by Explorer in

HEC Collector behind WAF

We are looking to security our HEC Collector a bit more by putting it behind a WAF. But can't find any documentation ...

by New Member in

How to monitor Windows Defender evtx file?

Hello everyone, I try to "ADD DATA" and specifically add the file "Microsoft-Windows-Windows Defender% 4Operational...

by Loves-to-Learn Lots in

Extraction of time if there are multiple formats

Hello, I have syslog events that come with the _time either in seconds(epoch 1620685037) OR time in microseconds f...

by Path Finder in

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Has any Splunk guru ever written a Splunk Maintenance plan? What would you include in it? Would you share your insigh...

by Builder in

Issues with wildcard input stanza

I've been having issues with wildcarded input monitoring. In an attempt to adjust for an issue with file path naming...

by Explorer in

Can Any Red Hat Satellite Logs be Ingested?

Hello! Has anyone ever successfully ingested Red Hat Satellite logs using Splunk? If not, are there any plans on ma...

by Path Finder in

Best AWS ingestion approach

Hello, I am trying to settle on a new AWS event collection strategy. We are currently collecting using the older p...

by Explorer in

FortiAnalzer Field Extraction

Hi, I'm receiving FortiGate event via FortiAnalyser and I need to set the Host to the name of the device that creat...

by Path Finder in

Write to Output lookup

HI Team, Need one help, I want to run a schedule for the below search events every 1 hr and capture the inportant ...

by Path Finder in

Configuring Splunk_TA_stream 7.1.3 to ingest netflow from pfSense 2.4.4 on SE 7.3.1

Hi all, It doesn't matter how much I read the documentation https://docs.splunk.com/Documentation/StreamApp/latest...

by Explorer in

My Splunkcloud _time is 4 hours in the future

Hey Splunkers, while I was able to be self sufficient in most cases I have one application log server which is driv...

by Explorer in

Need help with Events truncate issue

Hello, I have events coming via HEC to Splunk cloud with event size 2641524, i see the sourcetype truncate limit wa...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can we have fewer Heavy Forwarders than Indexers?

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use?

Microsoft Azure Addon for Splunk throwing error "log_error:309 | _Splunk_ Unable to obtain access token"

Java SDK Program Connection Reset

Can't receive logs from AD W2019

Frequency of kube:objects:pods sourcetype events

Not able to search index=_internal from searchead

Integrating Tata Communication Microsoft Teams with Splunk

Please help with LINE BREAKING/Truncate issue

How to fetch HTTP Headers in HTTP Event Collector

Windows UF ignores CSV header until restart

Merge lines from rotated file

Indexing all text log files in a directory

HEC Collector behind WAF

How to monitor Windows Defender evtx file?

Extraction of time if there are multiple formats

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Issues with wildcard input stanza

Can Any Red Hat Satellite Logs be Ingested?

Best AWS ingestion approach

FortiAnalzer Field Extraction

Write to Output lookup

Configuring Splunk_TA_stream 7.1.3 to ingest netflow from pfSense 2.4.4 on SE 7.3.1

My Splunkcloud _time is 4 hours in the future

Need help with Events truncate issue

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions