Getting Data In

Thread Info

Best practice to restrict access to view events by sourcetype?

Is there a best practice to restrict access to events in Splunk by index and sourcetype? I have tested using the ...

by Path Finder in

Props and Transforms doubt

I am pretty new to Splunk and my project is also new. Can someone please explain the configurations given in our clus...

by Communicator in

How to stop powershell running when the UF is restarted?

Has anyone figured out how to run powershell only at scheduled time? In addition to scheduled time, it is running eve...

by New Member in

Powershell script input on a schedule

Not sure if this is a bug or just weird behaviour, I don't seem to be able to work around it. I have loads of powe...

by Path Finder in

What is the disadvantage of having a lot of small buckets and rotating them frequently?

So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instea...

by Contributor in

Drop Windows Event Logs with EventID 5156 and not RFC 1918

HI All, So i wrote this in attempt to reject all RFC1918 TO RFC1918 logs for windows event logs with WID 5156. ...

by Path Finder in

Solution : index renaming not working when using _TCP_ROUTING

Hello, if you are using _TCP_ROUTING and index rename on target platform, logs may go to "last chance index" ...

by Motivator in

WEF - Universal Forwarder multiple Windows TA's / performance issues

Hi, We currently have a centralized WEF collection server that collects all windows logs across the environment.Th...

by Explorer in

Configuring Splunk OTel Collector for Linux/Windows Log Collection (Splunk Cloud/Enterprise)

As you may know, the Splunk OTel Collector can collect logs from Kubernetes and send them into Splunk Cloud/Enterpris...

by Splunk Employee in

TA for HP Storage

Hei, We have onboarded data from HP Storage and I am not sure if there is any TA for this technology or how to ext...

by Engager in

interval as a data input parameter

I want my customer to be able to set the "interval" and control how frequent the module runs. I started with this: ...

by Explorer in

Troubleshooting Slow Search Performance in Splunk with Large Datasets

How can I troubleshoot slow search performance in Splunk when searching across large datasets?"

by New Member in

How can I find a listing of all universal forwarders that I have in my Splunk environment?

Hello , Can you help me out How can I find a listing of all universal forwarders that I have in my Splunk envir...

by Loves-to-Learn Lots in

Upload failed with ERROR: Read Timeout

I tried to upload a zip file. It showed "Upload failed ERROR: Read Timeout." I am using Windows. The file size is 191...

by Observer in

Windows event log XML not parsing with KV_MODE = xml

I have made the following change to a forwarder to send JUST applocker data as XML: [WinEventLog://Microsoft-Windo...

by Communicator in

Timestamp fixing

Hello Splunkers!!I want to extract the _time and match it to the events fields' timestamp while ingesting to Splunk. ...

by Motivator in

Syslog server configuration load balancer

Hi, I am new to Splunk admin. We have a syslog server in our environment to collect logs from our network device. Our...

by Communicator in

Splunk HEC closes connection instead of re-using it

Our apps send data to the Splunk HEC via HTTP POSTS. The apps are configured to use a connection pool, but after send...

by Explorer in

Syslog -- UF -- Indexer

Hi all, We want to configure F5 WAF logs to Splunk. WAF team sending logs to our syslog server. In our syslog serve...

by Communicator in

Sysmon events not getting indexed

Hi, I am deploying sysmon all acrros our company but for some reason the sysmon events are not getting indexed Ou...

by Contributor in

Why did ingestion slow way down after I added thousands of new forwarders and/or sources and sourcetypes?

My Splunk environment was humming right along until I had a need to very quickly add several thousand new FWDs and a ...

by Contributor in

Linux Onboarding -Private AWS VPC

Few servers are hosting in private VPC which are not connected to organisation IT network how can we onboard t...

by Explorer in

TCP routing and change target index on secondary Splunk platform

Hello, We have two clustered Splunk platforms. Several sources are sent to both platforms (directly to clustered ...

by Motivator in

Trying to collect data through HEC with json event containing empty values

Hello, I obtain a "Failed processing http input" when trying to collect the following json event with indexed ...

by Explorer in

DB_Connect

I have an index in which data is coming DB_connect , but it showing NO EVENTS as it is showing this error"Invalid dat...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Best practice to restrict access to view events by sourcetype?

Props and Transforms doubt

How to stop powershell running when the UF is restarted?

Powershell script input on a schedule

What is the disadvantage of having a lot of small buckets and rotating them frequently?

Drop Windows Event Logs with EventID 5156 and not RFC 1918

Solution : index renaming not working when using _TCP_ROUTING

WEF - Universal Forwarder multiple Windows TA's / performance issues

Configuring Splunk OTel Collector for Linux/Windows Log Collection (Splunk Cloud/Enterprise)

TA for HP Storage

interval as a data input parameter

Troubleshooting Slow Search Performance in Splunk with Large Datasets

How can I find a listing of all universal forwarders that I have in my Splunk environment?

Upload failed with ERROR: Read Timeout

Windows event log XML not parsing with KV_MODE = xml

Timestamp fixing

Syslog server configuration load balancer

Splunk HEC closes connection instead of re-using it

Syslog -- UF -- Indexer

Sysmon events not getting indexed

Why did ingestion slow way down after I added thousands of new forwarders and/or sources and sourcetypes?

Linux Onboarding -Private AWS VPC

TCP routing and change target index on secondary Splunk platform

Trying to collect data through HEC with json event containing empty values

DB_Connect

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions