Getting Data In

Discussions

Thread Info

[AWS Trumpet] Only partial CloudTrail logs compared to the AWS Add-on?

I am using the https://github.com/splunk/splunk-aws-project-trumpet to get AWS logs in, I am facing an issue though w...

by New Member in

Is there a way to grant access to a specific index within an app's authorize.conf?

I have index1, index2, and index 3. I want role_user to have access to all three within a specific app. Is there a wa...

by Explorer in

FortiGate logs forwarded from FortiAnalyzer not extracting timestamp

After upgrading FortiAnalyzer (FAZ) to 6.2.3, I'm seeing Splunk timestamping issues from the FortiGate (FGT) logs it ...

by Contributor in

I am moving form 1 machine to 5 machine on Splunk and i want to know what is the best way to use them?

Hi We are upgrading from 1 standalone machine to 5 machines. I am looking to get a cluster up and running. Origin...

by Motivator in

Issue with INDEXED_EXTRACTIONS for Microsoft Exchange Server Message Tracking log files

Hello, everybody! I have Splunk Enterprise 7.3.2 infrastructure with Splunk UF's deployed particularly to our corp...

by Path Finder in

Splunk add on for Citrix Netscaler

Do I need dedicated syslog server to get syslog messages and then forward it using Universal Forwarder??Considering I...

by Communicator in

How to pre-process input to macro before searching in base search?

We have a wonderful set of end-users who can enter dates in various formats. Data sample is like reportNa...

by Super Champion in

Splunk HTTP Event Collector works only on localhost.

I have set up a Splunk Enterprise trial instance on a red-hat Linux server. I enabled and setup the HEC, however w...

by Explorer in

_internal large amounts of data incoming

i have an average of 100 events coming into the splunk _internal index per minute on a instance that is not very busy...

by Explorer in

Windows_TA vs Windows

I have two apps installed on Windows clients. One looks like the full blown Windows_TA app and one looks like a trun...

by Explorer in

How to send data (JSON/CSV) from AWS s3 to Splunk at 5 minute intervals?

Hello, I am storing data (JSON/CSV) in s3 bucket in AWS and I want to send this data into Splunk and data is updat...

by Loves-to-Learn Lots in

servers time validation

good morning Is there a way to validate the time of the current splunk servers? Let me explain, during these days t...

by Path Finder in

How to collect Azure container log to splunk?

Hi, I need to collect Azure container log into splunk. I will utilize azure monitor app for splunk. It is pulling log...

by Path Finder in

How to reconfigure syslog-ng when file is getting updated but data isn't getting into indexer (Universal Forwarder)?

Hi, We have configured syslog-ng to send data to indexers, Sometimes, the syslog file is getting updated but data ...

by Explorer in

Windows Event Logs & Sysmon

What's everyone doing for collecting both Windows Event Logs & Sysmon? Are you collecting all Even IDs or only a sm...

by Communicator in

Change Splunk management port for single Linux host

Hello!I'm new to Splunk, and I would like to change the management port for only a single host from 8089 to 9089 due ...

by Explorer in

Is "RecordNumber" a unique identifier?

I'm dealing with a lot of duplicate event logs at the exact same millisecond. From what I can tell, everytime this ha...

by Path Finder in

script input running "splunk cmd openssl"

Hello, I have a script to index enddate from certificats #!/bin/sh echo debug enddate date=`date "+%d/%m/...

by Path Finder in

App local files updated in indexer cluster

I have an app which included a custom command which in turn has to cache some information on the indexer it runs. Wha...

by Path Finder in

Need to Disable A Process Name with Event ID

We are collecting Wineventlog data from Security, Application & System. In Security we want to disable a particular...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

[AWS Trumpet] Only partial CloudTrail logs compared to the AWS Add-on?

Is there a way to grant access to a specific index within an app's authorize.conf?

FortiGate logs forwarded from FortiAnalyzer not extracting timestamp

I am moving form 1 machine to 5 machine on Splunk and i want to know what is the best way to use them?

Issue with INDEXED_EXTRACTIONS for Microsoft Exchange Server Message Tracking log files

Splunk add on for Citrix Netscaler

How to pre-process input to macro before searching in base search?

Splunk HTTP Event Collector works only on localhost.

_internal large amounts of data incoming

Windows_TA vs Windows

How to send data (JSON/CSV) from AWS s3 to Splunk at 5 minute intervals?

servers time validation

How to collect Azure container log to splunk?

How to reconfigure syslog-ng when file is getting updated but data isn't getting into indexer (Universal Forwarder)?

Windows Event Logs & Sysmon

Change Splunk management port for single Linux host

Is "RecordNumber" a unique identifier?

script input running "splunk cmd openssl"

App local files updated in indexer cluster

Need to Disable A Process Name with Event ID

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...