Getting Data In

Discussions

Thread Info

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

I created an app named a_uf_inputs_conf. The app simply contains inputs.conf that has the monitor stanza's below. Thi...

by Path Finder in

Splunk Universal Forwarders audit logs merged - audit.conf configuration

Hi All, As indicated here (https://community.splunk.com/t5/Getting-Data-In/Why-am-I-unable-to-monitor-SPLUNK-HOME-v...

by Contributor in

How to set up a Universal Forwarder to allow it to receive logs via the REST API?

We have a Universal Forwarder (UF) installation on premises that collects logs from various UF Agents and sends them ...

by New Member in

Unable to pull backlog data through TA-ms-loganalytics.

I have setup the TA-ms-loganalytics on my Splunk enterprise instance, and configured the inputs, i have given the sta...

by Path Finder in

Resource/guide sought for ProofPoint TRAP [ThreatResponse] integration with Splunk

Hello Team , we have requirement to integrete the proofpoint threat response [ TRAP] appliance logs within splunk....

by Path Finder in

Blacklist windows event log by Host Application field

Hello all, I would like to exclude the following windows event log on the universal forwarder. 07...

by Explorer in

Display JSON as list, not table

Hi, I'm trying to create some test data which contains some JSON embedded in it. I'm then trying to extract the JSO...

by New Member in

I want to monitor my email directory

We see lots of email alerts, and they come from a wide variety of places. I want to understand them better. So... ...

by Path Finder in

Search query does not return any values

User complains that the following query is not returning any values in Splunk. dbquery wmsewprd "select REC_TYPE,...

by Explorer in

scripted input (python) - splunk not ingesting program stdout

Hi guys, [FYI, im running splunk 6.3.2 on OSX, dev box so SH, UF, IND are all on the same tin] im trying to setu...

by Path Finder in

Splunk creates a blank timestamp field by manual add data

Hi Splunky´s ive got a csv with the follwing structure: CreationTime,LastWriteTime,Name,Length,Directory I want...

by Path Finder in

extracting fields from "event_message" "context: " portion of splunkd events on indexers?

in splunkd events on indexers such as this: 07-13-2020 11:42:03.337 -0700 WARN DateParserVerbose - Failed t...

by Contributor in

Monitor files which have special characters in them?

Hello there, I'm trying to monitor inputs files which have spaces in it which are in the below format but not all o...

by Explorer in

Using DBConnect to pull logs from an application's internal database.

Is it possible to use DBConnect to pull logs from an application's internal database? The situation we have here is t...

by Communicator in

How to configure an Intermediate Forwarder and the inputs.conf and outputs.conf files in the Application servers?

Hi All We currently have universal forwarder installed in our 3 application servers to forward application logs to...

by Path Finder in

Error while importing data from a CSV export

Hi, I have been looking into how to export events from one index, modify the data(as the original event data conta...

by New Member in

Splunk Enterprise Trial license already expired just after installation

Hi Splunk Support team and Community,Recently I Download the Splunk Enterprise, and installed it on a fresh installat...

by Explorer in

Ingestion via Spark

Hi, We are using Spark Apps to ingest the data into Splunk. For that, we are referring to https://dev.splunk.com/en...

by Explorer in

default '/opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf'?

tl;dr: what are the initial, default contents of /opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf ...

by Contributor in

Need to change the table with timestamp to unix epoch time for RISING column in DB Connect

I need to ingest the data from DB to Splunk via DBCONNECT. Need to choose a column for a RISING column which has a ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I unable to monitor $SPLUNK_HOME/var/log/splunk/audit.log on my Linux Universal Forwarders?

Splunk Universal Forwarders audit logs merged - audit.conf configuration

How to set up a Universal Forwarder to allow it to receive logs via the REST API?

Unable to pull backlog data through TA-ms-loganalytics.

Resource/guide sought for ProofPoint TRAP [ThreatResponse] integration with Splunk

Blacklist windows event log by Host Application field

Display JSON as list, not table

I want to monitor my email directory

Search query does not return any values

scripted input (python) - splunk not ingesting program stdout

Splunk creates a blank timestamp field by manual add data

extracting fields from "event_message" "context: " portion of splunkd events on indexers?

Monitor files which have special characters in them?

Using DBConnect to pull logs from an application's internal database.

How to configure an Intermediate Forwarder and the inputs.conf and outputs.conf files in the Application servers?

Error while importing data from a CSV export

Splunk Enterprise Trial license already expired just after installation

Ingestion via Spark

default '/opt/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf'?

Need to change the table with timestamp to unix epoch time for RISING column in DB Connect

Tips & Tricks When Using Ingest Actions

Announcing Our Splunk MVPs

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Why are Splunk some logs missing from kiwi syslog?

Get Blob Data W/O Key or SAS Token (use service ac...

Splunk Ingest Actions - Using Eval Expression Synt...

unable to get the dynatrace logs to Splunk

Importing HCL BigFix data from Insights, how to ve...