Getting Data In

Discussions

Thread Info

Line breaker for multiline communigate logs

Hello, I have onbox Communigate logs i am trying to get imported into splunk for the PBXApp application. It logs mult...

by Path Finder in

Checkpoint system logs and field extraction

Hi, I'm able to receive and extract firewall traffic data using the log exporter function. But system messages (e....

by Explorer in

NUMA aware support for Windows Universal Forwarder?

When running the Universal Forwarder on a physical Windows server with multiple CPUs, it looks like the agent selects...

by Observer in

An issue with the HTTP Event Collector (HEC) has been identified in Splunk 7.x

Summary: After upgrading from Splunk Enterprise or Splunk Cloud 6.x to 7.x, customers are reporting a bug with HTTP E...

by Splunk Employee in

Automatically extract json object embedded in xml using props/transforms

Hi there, I'm facing an interesting problem with fairly complex logs consisting of one or more xml namespaces, some o...

by Explorer in

How to get secure syslog from keysecure/ safenetat appliance?

Hey splunksters, -Just curious if anyone has had success getting secure syslog over tcp-port 6514 . The safenet appl...

by Path Finder in

How to calculate difference between two time stamps

Hi, I have seen a few post on this subject, but none seem to fix my issue. I am trying to calculate the difference be...

by Engager in

Index time masking maintaining string length (continue)

Posting a new question similar to my query from post: https://community.splunk.com/t5/Getting-Data-In/Index-time-mask...

by Explorer in

Need to stop flodding of incidents in servicenow from splunk

I have below setting to generate incidents in Servicenow. This alert is schedule to trigger after every 5 min. But i...

by Explorer in

Index time masking maintaining string length

Hi, I want to do masking for logs at index time but the replaced value ("X" here) should be same character length a...

by Explorer in

Indexers SSL Problem

Hi guys. I'm trying to configure my two indexers to receive data with SSL. My inputs.conf configuration is: ...

by New Member in

How to get a list of all hosts installed with Universal Forwarder

I have a bunch of agents(hosts) in Appdynamics, I wanted to figure out that the Universal Forwarder is installed or n...

by New Member in

Alert for Hosts not Online

I'd like to know when a series of hosts go offline. What would be the best SPL to use with something like this? T...

by Communicator in

dynamic host name

My previous team has set a static host name in the input.conf. I am currently trying to make the IP as the host name....

by Explorer in

Sourcefile name changes at index time - intermittently

Hi All, I am currently ingesting plain text files with a filename format as follows - 4d618da0-48f0-430d-9c9f-10...

by Communicator in

json extract field

i have one event entry like this indexed using props.conf entry like below. But this is not coming in json format ...

by Communicator in

All sourcetypes not getting thawed

I had to thaw data from index abc from 1 Dec 2019-30 Dec 2019 Steps performed: 1. Copied buckets into thaweddb f...

by Communicator in

CDP/LLDP data to Splunk

HelloI need to build network topology of my infrastructure.How can get cdp or lldp commands result to splunk.

by Loves-to-Learn Lots in

Splunk workflow action "show Source" does not display logs in the format as original log file. is there a way?

Can we make the "show Source" option to display the log format same as the original log file?

by Path Finder in

Log events are being merged for few cases

Hi I am facing a challenge with some of the splunk logs being merged as a one event. I have tried breaking them b...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Line breaker for multiline communigate logs

Checkpoint system logs and field extraction

NUMA aware support for Windows Universal Forwarder?

An issue with the HTTP Event Collector (HEC) has been identified in Splunk 7.x

Automatically extract json object embedded in xml using props/transforms

How to get secure syslog from keysecure/ safenetat appliance?

How to calculate difference between two time stamps

Index time masking maintaining string length (continue)

Need to stop flodding of incidents in servicenow from splunk

Index time masking maintaining string length

Indexers SSL Problem

How to get a list of all hosts installed with Universal Forwarder

Alert for Hosts not Online

dynamic host name

Sourcefile name changes at index time - intermittently

json extract field

All sourcetypes not getting thawed

CDP/LLDP data to Splunk

Splunk workflow action "show Source" does not display logs in the format as original log file. is there a way?

Log events are being merged for few cases

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Dashboard Studio - Adding a drop down to filter re...

How to achieve static value in dropdown list?

How to display JSON array difference?

Splunk Cloud: HEC is not receiving data from cribl...

Connection error with Splunk HEC data input?