Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

I've followed the docs for setting up log-to-metrics but I haven't been able to get it to work as intended. I have...

by New Member in

extract complete path from a wildcard Inputs file monitor

Example monitor://foo/bar I want all the file it grabs under bar with the full path to those file. like if there i...

by Explorer in

inputs.conf says only monitor application event logs but it is logging system and security also

my inputs.conf says to monitor only application events but it is monitoring security and system logs as well. below i...

by New Member in

How Do I assign src_ip to all event codes those are having same Logon_ID?

I would like to assign src_ip to all events who is having same logon_id. but the src_ip coming only to EventCode=4624...

by Engager in

Why my configuration is not working ? (nullQueue Windows)

Hi everyone, First of all i have tried every solution present in splunk answers on this subject but no one solved ...

by Engager in

“Create Source Type” inquiry

“Create Source Type” inquiry. We want to create a new sourcetype that break events based a word orderActivityRep {...

by New Member in

Splunk Support for Active Directory: How to use GSS-API authentication rather than Simple-Auth

Splunk Version: 6.6.11 SA-ldapsearch App Version: 2.1.6 Build: 738 Hello, we have multiply domains in the fore...

by Engager in

How can we set the index time to be the event time?

We would like to set the index time to be the event time (at index time). How can we do it?

by Ultra Champion in

Universal forwarder setup wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup wizard again. Click the finish button to exit the setup Wizard.

When Installing UF I am receiving error on Windows servers could you please help me on this

by Loves-to-Learn Lots in

How to adhere rate limit headers and leave calls for others

Our Splunk is hitting a 3rd party API and using up all of the API calls we are allocated. Other users are unable to a...

by New Member in

How do i exclude some events from being indexed by Splunk?

i have a data source that is very noisy, and i only want to index specific events from it, not all of them. for examp...

by Motivator in

How do I migrate Indexes from one multisite cluster to another multisite cluster?

Hi Community Members, I would like to migrate indexes from one multisite cluster to another multisite cluster. Bot...

by SplunkTrust in

Issue to find the format to convert string to date

Hi I tried to convert some string to date but it doesn't work. Below an example of date ("Created Time") ...

by Loves-to-Learn in

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Hi Community, I'm trying to extract search results using REST API and I'm facing the following problem. 1. I'm using...

by Path Finder in

Monitored CSV where the headers and number of columns are determined by one of the fields.

I need to monitor a csv file where the first 6 column headers are static but based on the 3rd column (a number 0-5) t...

by Loves-to-Learn Lots in

Issue with AWS universal forward to SplunkCloud

Hello! There is some strange situation i did like in article https://medium.com/@robert.r.svensson/how-to-send-securi...

by Loves-to-Learn Lots in

Validate filter value and show error message if value is invalid

Hi, I want to validate the data i enter in data input filter and also want to show error message if user does not ...

by New Member in

How to apply ingest time log to metric?

Hi All, Let's say I receive log data through TCP on UF, and I want to save the data in event index and metric inde...

by Path Finder in

Increase the number of lines in the log set sourcetype

Can someone remind me of the name of the attribute used after ingesting a log to increase the amount of the log event...

by Communicator in

Does the Universal Forwarder Support LDAP?

We use the REST API regularly with several of our Universal Forwarders. I would like to setup LDAP with all of the...

by Engager in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Getting Data In

Discussions

Set up log-to-metrics from Universal Forwarder to Splunk Enterprise

extract complete path from a wildcard Inputs file monitor

inputs.conf says only monitor application event logs but it is logging system and security also

How Do I assign src_ip to all event codes those are having same Logon_ID?

Why my configuration is not working ? (nullQueue Windows)

“Create Source Type” inquiry

Splunk Support for Active Directory: How to use GSS-API authentication rather than Simple-Auth

How can we set the index time to be the event time?

Universal forwarder setup wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup wizard again. Click the finish button to exit the setup Wizard.

How to adhere rate limit headers and leave calls for others

How do i exclude some events from being indexed by Splunk?

How do I migrate Indexes from one multisite cluster to another multisite cluster?

Issue to find the format to convert string to date

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Monitored CSV where the headers and number of columns are determined by one of the fields.

Issue with AWS universal forward to SplunkCloud

Validate filter value and show error message if value is invalid

How to apply ingest time log to metric?

Increase the number of lines in the log set sourcetype

Does the Universal Forwarder Support LDAP?

opentelemetry LOG Data over HEC - What are the bes...

What are the federated search requirements for rem...

Creating Sourcetype form event data not data

Monitoring Exchange logs over CIFS

How to configure checking interval for Nagios comm...