Getting Data In

Community Activity

AWS Grand Central Add-on with nested AWS OUs We installed the Grand Central 3.0.7 add-on installed in our Splunk Cloud environment and were working on configuring... by rbolande Explorer in Getting Data In 05-28-2021 0 0	0	0
How to SEDCMD nested json calculated as string? Hey Splunkers! We have a large json event that has a Body Message, and BodyJson Message, a little redundant but this ... by Aatom Explorer in Getting Data In 05-28-2021 0 4	0	4
How do I create extractions where it can pick field names from the events See events below I have 2 types of logs from one source where I need to map fields vs values ...I dont want to create complex regex as... by puneetkharband1 Path Finder in Getting Data In 05-28-2021 0 4	0	4
Rex field1=abcdCheck:123456wxyz, sdfCheck:234567qweI want get the result as Check:123456 by Khuzair81 Path Finder in Getting Data In 05-28-2021 0 3	0	3
Do shortened events from universal forwarder count towards license? Hi,Our event size is set to the default 10,000 bytes. We are using the universal forwarder to get log events to our i... by Som Explorer in Getting Data In 05-28-2021 0 7	0	7
How to setup a Universal Forwarder to forward syslog data from firewall I have a windows 2019 SRV and will be installing splunk forwarder 8.0.4I have a firewall and I have set the IP of thi... by jbleich Path Finder in Getting Data In 05-27-2021 0 3	0	3
Logs are stopped genarating from 2nd april My logs showing before April 2nd only when I check for previous 7 days it's not showing what may be the issue please ... by anil1432 Explorer in Getting Data In 05-27-2021 0 9	0	9
sending data from s3 to splunk Hi , i am sending aws s3 data through aws TA into splunk.In start data is indexing properly after 2 day,stops the ind... by snehal Loves-to-Learn Lots in Getting Data In 05-27-2021 0 3	0	3
Universal Forwarder and AppLocker Events XML Hey Guys trying to toubleshoot an issue here. Trying to get the XML events from the UF on Windows machines into splu... by pirsa Explorer in Getting Data In 05-27-2021 0 4	0	4
Why is my Index Current Size greater than my Max Size (Cluster) Hi Splunk Folk,I've spent most of the morning trying to find this with no luck, I've seen some similar posts but none... by richardgosnay Explorer in Getting Data In 05-27-2021 0 1	0	1
Space Delimeter Problem with Quotation Mark So IIS logs are usually delimited by a space between every other field, however I have recently realized that when a ... by zekiramhi Path Finder in Getting Data In 05-27-2021 0 0	0	0
How do you test a modular input on the command line with a valid session_key? I'm writing a modular input (simpleinput) which stores its password using StoragePasswords facility offered by the Sp... by envancleve Engager in Getting Data In 05-27-2021 1 2	1	2
Ingested data not fond Hello,I am doing the Splunk Fundamentals module 4 lab. After ingesting the data it's nowhere to be found. Please help... by RB1 Observer in Getting Data In 05-26-2021 0 5	0	5
AWS Config Aggregator to Splunk Has anyone accomplished getting AWS Config Aggregator data into Splunk? Our Splunk infrastructure is entirely on-prem... by 96nick Communicator in Getting Data In 05-26-2021 0 1	0	1
Heavy Forwarder blocked indexqueue Hello, Could someone tell me what i am required to do to sort this issue out please?I have inputs going into my HF ho... by willsy Communicator in Getting Data In 05-26-2021 0 2	0	2
Ingest entire XML file Hello everybody,we are monitoring via Universal Forwarder several directories with a large XML file in there (around ... by nicofantinato Path Finder in Getting Data In 05-26-2021 0 6	0	6
Sending Json output via CURL I m just trying to feed the AWS instance data to Splunk, the output for "aws ec2 describe-instances" is in json forma... by vickymanoignis Loves-to-Learn in Getting Data In 05-26-2021 0 5	0	5
Renaming sourcetype and source with props and transforms We have some VIOS servers that are special-purpose machines that aren't allowed to have a UF installed. I want to ho... by barak_l_griffis Engager in Getting Data In 05-25-2021 0 3	0	3
Close a TRANSACTION with only 1 EVENT Hi.I would like to unterstand why Splunk does not close a transaction with only 1 event, if i force a STARTSWITH para... by verbal_666 Builder in Getting Data In 05-25-2021 0 3	0	3
Splunkforwarder fishbucket and salt used to create hashes I have a csv file that I am monitoring with the props.conf for the sourcetype associated with this file with the para... by govardha Path Finder in Getting Data In 05-25-2021 0 6	0	6
Monitoring Directories My local drive doesn't appear in monitoring data in files and directories. Does anyone know how to make my local driv... by hieu098 New Member in Getting Data In 05-25-2021 0 1	0	1
How to filter using sourctype field joined with another sourcetype I have a issue like ,the field which is not in the second sourcetype used as filter is not getting filtered.Environme... by dtccsundar Path Finder in Getting Data In 05-25-2021 0 1	0	1
Sophos Central SC4S Hi,I am currently working on getting our Sophos Central Cloud logs into SPLUNK. I have the 1st step out of the way in... by Shaun-Crouch Observer in Getting Data In 05-25-2021 0 0	0	0
Sending HEC data to Nullqueue We are using HEC collector endpoint to consume logs from FluentD, we recently identified filtering opportunity and tr... by sun1000 Path Finder in Getting Data In 05-24-2021 0 11	0	11
Adding HEC input does not have option for app selection Hi,While adding an HEC input on the Splunk heavy forwarder, Splunk does not provide the option to select the app. I a... by termcap Path Finder in Getting Data In 05-24-2021 0 3	0	3