Getting Data In

Discussions

Thread Info

DBconnect - input data the Redshift with error (Unable to process JSON)

Hi, I successfully configured the AWS Red Shift JDBC driver, I can connect to the database and run queries, but wh...

by Path Finder in

Rename sourcetype not working

I want all syslog data to come in as a general sourcetype. If it matches a transforms, it should be changed. Splunk i...

by Builder in

Why does INGEST_EVAL duplicate my events if I assign a value to _raw?

When I configure INGEST_EVAL to replace _raw with something else, it duplicates the event. Splunk Enterprise Versi...

by Communicator in

unable to ingest data from module 4 on fundamentals 1 training

HI there I added the tested data as admin user and then logged out to sign in as poweruser. but i cant see the data...

by New Member in

Correct Input Stanza for Windows 2003

Hi all, I usually onboard Windows Server 2008 and newer but 2003 it is not working with below Stanza # Windows p...

by Explorer in

Log Source volume calculator

Hi everyone, I am looking for any document which can help to calculate log source volume. I have 10 different typ...

by Path Finder in

How can I automate the downloading of universal forwarder?

Everything I am reading is that to download via wget, cURL, etc, that you have to specify the full path that contains...

by Explorer in

Splunk JSON timestamp in KV_MODE

Hi All, I have Event timestamp with miliseconds: _time with Unix epoch seconds: and during search...

by Explorer in

Regex extraction and then concatenation of multiple capture groups

Hi, I have a log that has the following: dn=site,dn=com,dn=au I would like to extract and concatenate all these f...

by Communicator in

Is it possible to have a period in a regex capture group name for field extractions? e.g. requesterDN.ou

Hi, I'm doing some custom regex extractions for various fields and often they'll be under a bigger field for exampl...

by Communicator in

slave-apps doesn't like my app

Hi, I built a simple app with the add-on builder (using the python script inputs) and then copied it in the "maste...

by Path Finder in

How can I see the search peer that a forwarder is connected to when using indexer discovery?

Apart from seeing data coming from the forwarders arriving in an index, is there any way I can see which indexer a fo...

by Motivator in

Where can I find a list of parameters for the PDFgen endpoint?

Hi everyone, In my script, I am using the /services/pdfgen/render/ endpoint to export the views I want. However, I...

by Path Finder in

De-nesting JSON during indexing

I have the following event from GCP pubsub: { attributes: ...

by Engager in

using curl to query Splunk internal data from the outside

Hello everyone I have a question about using curl to query Splunk internal data from the outside, such as Send index ...

by Loves-to-Learn in

Onboarding local MS Exchange Server with audit and activity data like O365

Hi all, i have already integrated O365 using the O365 management API and collecting the user, admin, system, and po...

by Explorer in

DBconnect cron schedule behavior

I used DBconnect to pull data from the database in every 1min *(cron: * /1 * * * *). I would like to ask if this sche...

by Engager in

How to make my regex more efficient?

Hi, I've exceeded my configured match_limit in limits.conf with this regex: "log":\s"(?<log_source>.*?)\s(?<ISO8601...

by Communicator in

Forwarding Search Results on a schedule

I have a requirement to forward search results of a query to an indexer of an external organization. The volume of th...

by Communicator in

Regex to extract for fqdn

Hi - Was looking for some assistance in extracting the FQDNs from the paths below: /var/log/remote/ldap.inftech.net...

by Engager in

Getting Data In

Discussions

DBconnect - input data the Redshift with error (Unable to process JSON)

Rename sourcetype not working

Why does INGEST_EVAL duplicate my events if I assign a value to _raw?

unable to ingest data from module 4 on fundamentals 1 training

Correct Input Stanza for Windows 2003

Log Source volume calculator

How can I automate the downloading of universal forwarder?

Splunk JSON timestamp in KV_MODE

Regex extraction and then concatenation of multiple capture groups

Is it possible to have a period in a regex capture group name for field extractions? e.g. requesterDN.ou

slave-apps doesn't like my app

How can I see the search peer that a forwarder is connected to when using indexer discovery?

Where can I find a list of parameters for the PDFgen endpoint?

De-nesting JSON during indexing

using curl to query Splunk internal data from the outside

Onboarding local MS Exchange Server with audit and activity data like O365

DBconnect cron schedule behavior

How to make my regex more efficient?

Forwarding Search Results on a schedule

Regex to extract for fqdn

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Drop Windows Event Logs with EventID 5156 and not ...

Splunk add-on for Cisco Meraki getting data from o...

Files can't be ingested while being in transit via...

Using Splunk with NiFi

Pulsar vs Kafka

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >