Getting Data In

Ask a Question

Discussions

Thread Info

TCP routing and change target index on secondary Splunk platform

Hello, We have two clustered Splunk platforms. Several sources are sent to both platforms (directly to clustered ...

by Motivator in

Trying to collect data through HEC with json event containing empty values

Hello, I obtain a "Failed processing http input" when trying to collect the following json event with indexed ...

by Explorer in

DB_Connect

I have an index in which data is coming DB_connect , but it showing NO EVENTS as it is showing this error"Invalid dat...

by Contributor in

How to create reset in the dashboard

Hi All I would like to add reset button in the dashboard however i am not able to see the option to add in dashboa...

by Path Finder in

Is there a specific license needed to support indexing on a heavy forwarder?

Please advise as to whether a specific license is needed to support indexing on a heavy forwarder; Like an indexing l...

by Splunk Employee in

SEDCMD not working in Splunk Cloud

I have syslogs coming into Splunk that need some cleaning up - it's essentially JSON with a few extra characters here...

by Explorer in

Cannot View Logs in Splunk after Integrating with Google Workspace

This is regarding the integration between Splunk and Google Workspace.I have followed the documentation below to conf...

by Engager in

What are best practices for logging to splunk?

We have logs that are written to /var/log /var/log/audit We need to keep these for 365 days, and want to e...

by New Member in

Way to set up GUI setup for automatic install on multiple devices

My office has deployed around 120 devices that they have now requested splunk be added to. We have been unsuccessful ...

by New Member in

Field string incorrectly showing post onboarding

Hi, F5 team is sending logs to our splunk syslog server as comma seperated values. Post onboarding we see some of fie...

by Communicator in

Line Breaking Issue - text and Json

Hello, Below is my log file and I want to break as two log events in splunk using props.conf(regex) 2024-07-3...

by Explorer in

Differences between on prem and cloud

I am pretty new to Splunk. What is the difference between Splunk on premises vs Splunk cloud vs AWS splunk? Please en...

by Communicator in

Onboarding F5 WAF logs to Splunk

I am deployed to new project in splunk. We have logs coming from F5 WAF devices sent to our syslog server. Then we wi...

by Communicator in

Ingesting Log Files in Windows - Some Logs Being Ingested and Some Failing

Hi team,I have been experiencing issues with log ingestion in a Windows Server and I was hoping to get some advice.Th...

by Path Finder in

Splunk onboarding field values mistake

We are trying to onboard data from F5 WAF devices to our splunk. F5 team sending it by key value pairs. And one of th...

by Communicator in

Problem with timestamp extraction and props.conf

I have the following props which works fine in the "Add Data" GUI and a test file of logs: EVENT_BREAKER = ([\r...

by Explorer in

Just in time admin access

Does Splunk on Prem or cloud have a solution that allows users to be an Analyst when doing that role and sign in or e...

by New Member in

Splunk not ingesting all logs with xml ... Only ingesting 1 out of every 3

Hi, I am dealing with an issue where I am ingesting some logs that contains a few regular line then followed by xml d...

by Path Finder in

Moving indexers from centos to redhat8

Hi Folks, currently we have 4 physical indexers running on CentOS but since CentOS is EOL , plan it to migrate ...

by Path Finder in

How to send OpenCTI data to Splunk

Hi there, i got issue when setting connector Splunk in OpenCTI When i check logs, it says terminated i fol...

by Communicator in

How to filter specific logs and send it as syslog to a third-party host

Hi all, I want to send logs (which are part from our sourcetype [kube_audit]) from my HeavyForwarder to a third-par...

by Engager in

Splunk HTTP Event Collector support for custom metadata(tags) fields/routing fields.

Splunk version 9.0.8/9.1.3/9.2.x and above has added capability to process key value pairs that will be added at inde...

by Splunk Employee in

UF in AIX stops after some time.

Hi, a few days ago, I installed the UF in an AIX server but it had some details, such as the service running, but the...

by Explorer in

Logs truncated in Splunk despite line being under the 10000 bytes threshold

Hi community,I have observed an issue with the ingestion of the first line in a log file that, at first glance, seeme...

by Path Finder in

Why are Splunk some logs missing from kiwi syslog?

Hello everyone I am running into an issue that may be either Splunk or my Kiwi Syslog server, and I am not really sur...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

TCP routing and change target index on secondary Splunk platform

Trying to collect data through HEC with json event containing empty values

DB_Connect

How to create reset in the dashboard

Is there a specific license needed to support indexing on a heavy forwarder?

SEDCMD not working in Splunk Cloud

Cannot View Logs in Splunk after Integrating with Google Workspace

What are best practices for logging to splunk?

Way to set up GUI setup for automatic install on multiple devices

Field string incorrectly showing post onboarding

Line Breaking Issue - text and Json

Differences between on prem and cloud

Onboarding F5 WAF logs to Splunk

Ingesting Log Files in Windows - Some Logs Being Ingested and Some Failing

Splunk onboarding field values mistake

Problem with timestamp extraction and props.conf

Just in time admin access

Splunk not ingesting all logs with xml ... Only ingesting 1 out of every 3

Moving indexers from centos to redhat8

How to send OpenCTI data to Splunk

How to filter specific logs and send it as syslog to a third-party host

Splunk HTTP Event Collector support for custom metadata(tags) fields/routing fields.

UF in AIX stops after some time.

Logs truncated in Splunk despite line being under the 10000 bytes threshold

Why are Splunk some logs missing from kiwi syslog?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions