Getting Data In

Thread Info

Need to install Jira module in python splunk .

Need to install Jira module in python splunk . But it is not getting installed . How to install any custom modul...

by Loves-to-Learn Lots in

Problem anonymizing data in Splunk

We want to anonymize the usernames in the following event using sed script. Raw event: {"externalId": null, "stat...

by Path Finder in

Dropdown

Hi, if input is add then show all data, if input is delete show only the added data to delete in splunk Add ...

by Path Finder in

Splunk enterprise not receive any data from Universal Forwarder

Hi, I'm a trial user for Splunk. I have a setup in Azure: One Azure VM running Splunk Enterprise and four Azure ...

by Loves-to-Learn in

Can splunk recognize Chinese character timestamp

1.How can I extract timestamp to correct time as following ?2020/12/29 下午 02:39:45 "下午" means PM ==> 2020/12/29...

by Loves-to-Learn Lots in

Splunk Add-on for Microsoft Office 365 - M365 Enterprise Mobility + Security E3 Subscription

Hi,I have a question related to the subscription of M365 services. Will the Splunk Add-on for Microsoft Office 365 ca...

by Loves-to-Learn in

Log ingestion Via HEC - Huge log volume

Hi All, We are ingesting huge volume of logs from fluentd to splunk via HEC method. Will there be any loss as huge ...

by Builder in

configuring a receiver - cluster master

hi, we have following setup 1 cluster master, 3 indexers, 1 deployement server, 3 search heads, 1 Heavy forwarder...

by Path Finder in

find absence of data in splunk - iis

Hello; We ingest IIS logs. Recently some of our iis calls lately haven't included the required username, causi...

by Explorer in

Regex field extracting more than one field with same name and different value

I got to extract some fields of a JSON log. Log buildup eksample:{"name":"cookie","Value":"Foo"}{"name":"cookie","Val...

by Path Finder in

Understanding how to use snowincident for servicenow/splunk integration

Hello, I am really confused on how to use the snow commands such as the ones listed here: https://docs.splunk.com/...

by New Member in

How to pull data from Sharepoint to Splunk?

How to pull the data from SharePoint to Splunk? Because we need the total count of the data on the SharePoint

by Observer in

Routing and filtering syslog

Have Palo Alto logs being sent to syslog-ng server. A UF is on the syslog-ng and forwarding logs to Heavy Forwarder. ...

by Engager in

Don't forward old IIS Logs to Splunk

Hello All! I am configuring Splunk in different servers to send the IIS Logs. I am doing it by adding the IIS Log F...

by Explorer in

How to uninstall/reinstall Universal Forwarder

I have uninstalled the collector (ver. splunkforwarder-6.3.0-aa7d4b1ccb80-x64-release.msi) on Server 2012 R2, when I ...

by New Member in

Safe TRUNCATE value on json events

What would be a “safe” value for the TRUNCATE option in props.conf? I have some pretty big json events coming via H...

by Explorer in

Locate Splunk Cloud Host details for Universal Forwarder

Good Afternoon - I am new to Splunk and setting this up.My aim is to push IIS W3C formatted files from our web server...

by Loves-to-Learn in

Local udp:514 input not forwarded

Hi,I have 2 heavy forwarders set up; F1 is forwarding to F2, and F2 forwards to splunk cloud. On F1 i have set up a...

by Path Finder in

Azure Key Vault & Active Directory Identity Protection Alerts

Hi, Does anyone know if either of these apps, provide the means to collect events generated by the Azure Key Vault ...

by Path Finder in

timestamp extraction not working

I have an http event collector configured with a heavy forwarder in the DMZ forwarding to an internal Indexer. The ti...

by Explorer in

ADD DATA does not appear in the Splunk Entreprise app

Hello ! I am new in Splunk , i am on the course Fundamentals 1 and i cant find the ADD DATA icon . I have just on...

by New Member in

How to get the Windows host name in Forwarder Management on the deployment server to appear as the FQDN?

I have both Windows and Linux servers in my environment, with Deployment apps for both production and test for each O...

by Explorer in

Why is splunk-winprintmon.exe being run every minute?

Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why ...

by Communicator in

Save file on client with python

I want to offer a "Save file" dialog over a python script. The Script and Splunk runs on a server, the dialog s...

by Loves-to-Learn in

Syslog -ng not writing to directory var/log/syslog/remote

One of our servers is forwarding fine however the files aren't being written to var/log/syslog/remote. I am new to Sp...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Need to install Jira module in python splunk .

Problem anonymizing data in Splunk

Dropdown

Splunk enterprise not receive any data from Universal Forwarder

Can splunk recognize Chinese character timestamp

Splunk Add-on for Microsoft Office 365 - M365 Enterprise Mobility + Security E3 Subscription

Log ingestion Via HEC - Huge log volume

configuring a receiver - cluster master

find absence of data in splunk - iis

Regex field extracting more than one field with same name and different value

Understanding how to use snowincident for servicenow/splunk integration

How to pull data from Sharepoint to Splunk?

Routing and filtering syslog

Don't forward old IIS Logs to Splunk

How to uninstall/reinstall Universal Forwarder

Safe TRUNCATE value on json events

Locate Splunk Cloud Host details for Universal Forwarder

Local udp:514 input not forwarded

Azure Key Vault & Active Directory Identity Protection Alerts

timestamp extraction not working

ADD DATA does not appear in the Splunk Entreprise app

How to get the Windows host name in Forwarder Management on the deployment server to appear as the FQDN?

Why is splunk-winprintmon.exe being run every minute?

Save file on client with python

Syslog -ng not writing to directory var/log/syslog/remote

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions