Getting Data In

Thread Info

to collect Swap memory used/available/total from linux server

splunk ta_unix app only collects and stores swap memory used percent metrics and i want to index other metrics like ...

by Builder in

OKTA event log/per user by day for ingestion baseline

Hello, OKTA Add-on User, I was wondering if you have event size per user per day on the OKTA log, user, group, app....

by Contributor in

Why am I getting an SSL Cert Verify Failed Error Setting Up AWS Inputs

Hello I keep getting SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:742) when tryin...

by Communicator in

Push notifications on policy violations and events from AppDynamics to Splunk, with Splunk HEC?

We are interested in a very targeted integration between App Dynamics and Splunk, namely the ability to push and catc...

by Path Finder in

Retrieve the windows owner of a monitored file. (To create a field or rename the source)

Hello, we monitor files generated by processes launched by several users on the same server. There is not in the na...

by Observer in

How to create Alerts for: Data Ingestion exceeding my licensed amount? Disk sizes are exceeding size on indexers?

How to create Alerts for: Data Ingestion exceeding my licensed amount? Disk sizes are exceeding size on indexers? I...

by Builder in

Remove the field from a JSON ingested by Splunk

When forwarding alerts to Splunk via SQS, it automatically pushes the entire JSON document into one field, called "Bo...

by New Member in

With 8.1.2 or later should we still use an HEC tier on HWFs?

I read that in 8.1.2 it's less painful to update HEC configs, no longer requiring a restart for CRUD operations. Shou...

by Influencer in

Is there a Splunk Universal Forwarder for Linux i686

I'm trying to install a universal forwarder on one of my systems. I originally tried with the main Linux package in t...

by Path Finder in

Index Field Transform not Catching Every Event

I'm running a simple transform to change the index from "tenable" to "tenable-dc" for one of my sourcetypes. Props....

by Engager in

SPLUNKFORWARDER error

I am getting the below error, looking the splunkd.log file. DC:DeploymentClient - channel=tenantService/handshake...

by Loves-to-Learn Lots in

splunk-connect-for-kubernetes breaking on every newline (\n) ?

Hello, Posting here checks off a huge bucket list for me! I am hoping what I am sharing is a known, and has a known...

by New Member in

Stanza for to ingest logs from specific date

Hello Team, I want the stanza to ingest logs from a specific date in Linux or Window environment. Currently am us...

by Path Finder in

Need an idea how to reduce Symantec Web Security Services Data

Hello, I am monitoring my Symantec Web Security Services data via the corresponding app. My daily ingest is 7287.0...

by Path Finder in

Why isn't my TIME_FORMAT working for this syslog data?

I just configured a new device to send data to a syslog server (w/universal forwarder), but when it shows up in Splun...

by Path Finder in

Parsing McAfee Firewall Logs

Hello All! I am trying to parse McAfee firewall logs but the props.conf I am using doesn't seem to work. This is ...

by Path Finder in

Splunk App for Infrastructure Error (See pic)

Hi, Anyone know why I am getting this error when I install Splunk App for Infrastructure. Splunk Support is not co...

by Path Finder in

Alternatives to Splunk UF for Server 2003/2008 R1

Looking for an alternative way to forward logs to splunk for legacy Windows server 2003/2008r1. I dont see a universa...

by Explorer in

Does a Heavy Forwarder have a GUI?

I know that a Universal Forwarder doesn't have a graphic user interface. But, does a HEAVY forwarder have a GUI?

by New Member in

Monitoring console showing all forwarders as missing

When I go to the monitoring console and take a look at the forwarders, the console shows them as all missing yet our ...

by Path Finder in

Choosing the sourcetype

I am adding some CMK (checkmk) data to splunk using a custom deployment app. I will be creating a new index. I have s...

by Explorer in

_time vs _indextime: Why is it necessary to sync the two timestamps, and which one is considered using the time range picker?

Hi, I have an understanding that _time --> is the event time (the time which is present in the event means the ti...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

to collect Swap memory used/available/total from linux server

OKTA event log/per user by day for ingestion baseline

Why am I getting an SSL Cert Verify Failed Error Setting Up AWS Inputs

Push notifications on policy violations and events from AppDynamics to Splunk, with Splunk HEC?

Retrieve the windows owner of a monitored file. (To create a field or rename the source)

How to create Alerts for: Data Ingestion exceeding my licensed amount? Disk sizes are exceeding size on indexers?

Remove the field from a JSON ingested by Splunk

With 8.1.2 or later should we still use an HEC tier on HWFs?

Is there a Splunk Universal Forwarder for Linux i686

Index Field Transform not Catching Every Event

SPLUNKFORWARDER error

splunk-connect-for-kubernetes breaking on every newline (\n) ?

Stanza for to ingest logs from specific date

Need an idea how to reduce Symantec Web Security Services Data

Why isn't my TIME_FORMAT working for this syslog data?

Parsing McAfee Firewall Logs

Splunk App for Infrastructure Error (See pic)

Alternatives to Splunk UF for Server 2003/2008 R1

Does a Heavy Forwarder have a GUI?

Monitoring console showing all forwarders as missing

Choosing the sourcetype

_time vs _indextime: Why is it necessary to sync the two timestamps, and which one is considered using the time range picker?

Event times for specific log file are incorrect

Convert a string to table in splunk

Timeout on multiline parsing?

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

s3 - Multiple directories data to be ingested into...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions