Getting Data In

Discussions

Thread Info

Regarding nested json parsing at index time

I want to parse nested json at index time , what will be the props and trandform.I want separate all messages fields ...

by Loves-to-Learn Lots in

JSON file will not break correctly OR create field extractions

inputsHello - I have the following log that will not line break using the traditional ([\r\n)+). Each event split...

by Communicator in

Login page Banner Message

Hi Everyone, I am trying to add a banner in the splunk login page, though we can add it using html & css under logi...

by Path Finder in

LINE_BREAKER in single line printed JSON doc

I have a JSON doc that prints events like so: {"id":72,"stationName":"W 52 St & 11 Ave","availableDocks":1,"totalD...

by Contributor in

Detailed step-by-step processes to deploy Splunk Apps and Addons using Github from generating SSH keys to the last step

Please I need detailed step-by-step processes on how I can deploy splunk apps and addons from the github(gitlab serve...

by Path Finder in

How to re-direct error messages from scripted input from _internal to a different Index?

I have a scripted input, which run the command ntpstat and the results are sent to os Index. When the ntp daemon is...

by Explorer in

Scheduled data input script, no data found

I have created a data input to run a wrapper script, which executes a python script, and gather its output. It was w...

by Loves-to-Learn Lots in

Can we have fewer Heavy Forwarders than Indexers?

by Splunk Employee in

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use?

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use? It is integrated ...

by Builder in

Microsoft Azure Addon for Splunk throwing error "log_error:309 | _Splunk_ Unable to obtain access token"

After configuring the addon as specified in the document, the error logs are showing "log_error:309 | _Splunk_ Unable...

by Explorer in

Java SDK Program Connection Reset

I created a first Java program with Splunk SDK and set scheme to "http". But I haven't this "Exception in thread "mai...

by Observer in

Can't receive logs from AD W2019

Hi, We have installed and configured Splunk in a Linux machine with the objective of receiving data from an AD in a...

by Explorer in

Frequency of kube:objects:pods sourcetype events

Hi all, Do you know, how to set up the frequency for the sourcetype="kube:objects:pods" events? Right now, in our s...

by Loves-to-Learn in

Not able to search index=_internal from searchead

I'm trying to do a search against index=_internal but I do not see this index on my searchhead. I do see it when I...

by Engager in

Integrating Tata Communication Microsoft Teams with Splunk

Hi Team, I believe Tata communication launches its services for Microsoft teams so that there would be direct calli...

by Contributor in

Please help with LINE BREAKING/Truncate issue

Hello, Can anyone please help me with the line breaking and truncate issue which I am seeing for the nested Json ev...

by Motivator in

How to fetch HTTP Headers in HTTP Event Collector

Hi Team, I am trying to integrate Shodan notification (Webhook) with Splunk. I have configured HTTP Even Collecto...

by Engager in

Windows UF ignores CSV header until restart

I have a simple CSV file input on a Windows UF with a header of field names in the top row. The file is overwritten d...

by Builder in

Merge lines from rotated file

Hello, I have some difficulties to ingest properly logs from rotated file, where the rotation is fully handled by a...

by Explorer in

Indexing all text log files in a directory

I have a directory with about 750 log files. The files are all text files and the total size of this directory is 117...

by Explorer in

HEC Collector behind WAF

We are looking to security our HEC Collector a bit more by putting it behind a WAF. But can't find any documentation ...

by New Member in

How to monitor Windows Defender evtx file?

Hello everyone, I try to "ADD DATA" and specifically add the file "Microsoft-Windows-Windows Defender% 4Operational...

by Loves-to-Learn Lots in

Extraction of time if there are multiple formats

Hello, I have syslog events that come with the _time either in seconds(epoch 1620685037) OR time in microseconds f...

by Path Finder in

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Has any Splunk guru ever written a Splunk Maintenance plan? What would you include in it? Would you share your insigh...

by Builder in

Issues with wildcard input stanza

I've been having issues with wildcarded input monitoring. In an attempt to adjust for an issue with file path naming...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Regarding nested json parsing at index time

JSON file will not break correctly OR create field extractions

Login page Banner Message

LINE_BREAKER in single line printed JSON doc

Detailed step-by-step processes to deploy Splunk Apps and Addons using Github from generating SSH keys to the last step

How to re-direct error messages from scripted input from _internal to a different Index?

Scheduled data input script, no data found

Can we have fewer Heavy Forwarders than Indexers?

How to best configure Splunk Security Essentials app? How to enable ALL use cases for SOC team use?

Microsoft Azure Addon for Splunk throwing error "log_error:309 | _Splunk_ Unable to obtain access token"

Java SDK Program Connection Reset

Can't receive logs from AD W2019

Frequency of kube:objects:pods sourcetype events

Not able to search index=_internal from searchead

Integrating Tata Communication Microsoft Teams with Splunk

Please help with LINE BREAKING/Truncate issue

How to fetch HTTP Headers in HTTP Event Collector

Windows UF ignores CSV header until restart

Merge lines from rotated file

Indexing all text log files in a directory

HEC Collector behind WAF

How to monitor Windows Defender evtx file?

Extraction of time if there are multiple formats

Has any Splunk guru ever written a Splunk Maintenance plan. What would you include in it? Would you share please?

Issues with wildcard input stanza

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions