Getting Data In

Community Activity

	traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linuxCan someone he... by sureshkumaar Path Finder in Getting Data In 03-24-2025 0 7	0	7
	splunk alert triggering multiple incidents instead of single incident Hi All,I have a splunk alert that is having this search query:index="dcn_b2b_use_case_analytics" sourcetype=lime_proc... by avi123 Explorer in Getting Data In 03-24-2025 0 5	0	5
	Configuring Logstash to send files to Splunk Hello all,So I'm very new to Splunk, like I've been playing around with it for less than 3 months. I have been taske... by Fr3nchee Engager in Getting Data In 03-24-2025 0 4	0	4
	Sending Appdyanmics CPU, Memory and Disk metrics to Splunk Hi All,We have requirement to onboard the Infrastructure metrics (CPU, Memory and Disk ) monitored using Appdyanics t... by SplunkSN Loves-to-Learn Everything in Getting Data In 03-21-2025 0 1	0	1
	splunk alert raising multiple SNOW tickets that are not stopping until I disable the alert when I run this search query in splunk search and reporting apps my output looks like this as mentioned below Search... by avi123 Explorer in Getting Data In 03-20-2025 0 2	0	2
	How to configure the load balancer to handle HEC data? We are in a transition from sending the data through HFs to sending the data directly to the indexers and we wonder h... by danielbb Motivator in Getting Data In 03-18-2025 0 3	0	3
	Do we need to run an indexer rolling restart when getting new HEC data stream? We are transitioning from getting the HEC data through HFs to getting it directly to the indexers and we are wonderin... by danielbb Motivator in Getting Data In 03-18-2025 0 4	0	4
	New source type with regex not working correctly I've created a new source type with a regex. It was working but I found an edge case where it was broken. I rewrote t... by tchamp Explorer in Getting Data In 03-17-2025 0 3	0	3
	Creating a new sourcetype and performing transforms on it in the same TA If I have a transforms.conf like the below:[ORIGIN2]REGEX = (?:"id":"32605")FORMAT = sourcetype::test-2DEST_KEY = Met... by ra__22 Explorer in Getting Data In 03-17-2025 0 5	0	5
	AIX UF extract checksum error When I try to install the UF for AIX, it fails to extract to with a checksum errorAIXSERVER:/nim/media/SOFTWARE/splun... by BookerRick New Member in Getting Data In 03-17-2025 0 2	0	2
	Line breaking source types I am trying to fix the issue of my zeek logs not being broken into separate events. These logs are in json format and... by mstodola New Member in Getting Data In 03-15-2025 0 4	0	4
	Change a sourcetype at the indexer Hello,I'm to try changing the sourcetype at the indexer level based on the source. First question is that possible o... by ITSplunk117 Path Finder in Getting Data In 03-14-2025 0 6	0	6
	ERROR: Tor IP are not updating in lookup If you download https://splunkbase.splunk.com/app/7208 Full Tor Node List Lookup App, it comes already with a csv fil... by chetan_patidar Engager in Getting Data In 03-13-2025 0 0	0	0
	Save Output from Scripted Input in KV Store Hello,I have written a Python script that performs an API query from a system. This script is to be executed as scrip... by MrLR_02 Explorer in Getting Data In 03-13-2025 0 9	0	9
	Is it Possible to Configure a cronjob with Scripted Input Hello, I have a bash script that basically creates a cronjob. Not sure if this is allowed or not but I am able to exe... by JoshuaJJ Path Finder in Getting Data In 03-12-2025 0 4	0	4
	How to forward events from Splunk Indexer to CyberArk PTA? Q: Need to forward the data from all the indexes (Windows, Linux, etc...) to CyberArk PTA via Syslog or any other fro... by potnuru Path Finder in Getting Data In 03-12-2025 0 11	0	11
	How to Drop All Logs Under a Specific Directory and Its Subdirectories Using props.conf & transforms.conf on a Heavy For Description:I am using a Splunk Heavy Forwarder (HF) to forward logs to an indexer cluster. I need to configure props... by ParsaIsHash Explorer in Getting Data In 03-12-2025 0 13	0	13
	Windows 11 ARM Chip Support As the computer laptop field continues to grow the use of ARM based chips for Windows 11, is there an ETA on a Splunk... by clightburn1 Engager in Getting Data In 03-11-2025 0 1	0	1
	Can I ingest JSON file into an index Hi,I have a python modular input that populates an index (index_name). This ran into some gateway error issues causin... by cherrypick Path Finder in Getting Data In 03-11-2025 0 1	0	1
	Data not getting ingested into Splunk for multiple sources I have configured an app and added 7 different source files in a single inputs.conf with the same index name and sour... by sureshkumaar Path Finder in Getting Data In 03-08-2025 0 6	0	6
	Index created in Cluster Master not showing in Heavy Forwarder Hi, We have configured a data input in HF and there is an option to select index there. I have created new index in C... by Karthikeya Communicator in Getting Data In 03-08-2025 0 35	0	35
	Detailed logs from Cortex XDR I'm trying to extract endpoint data from Cortex XDR, but I don't want to see just alerts in Splunk—I need all the end... by securepoint Engager in Getting Data In 03-08-2025 0 3	0	3
	Logs to Metric Custom Format I am having difficulty converting event logs to metric data pointshttps://docs.splunk.com/Documentation/Splunk/9.4.0/... by rrossetti Splunk Employee in Getting Data In 03-07-2025 0 1	0	1
	Send the data to nullqueue except matching event I want to send the all the event to nullqueue except having match "EventType": 5000. {"EventID": 2154635, "EventType"... by RSS_STT Explorer in Getting Data In 03-07-2025 0 5	0	5
	Update Splunk Add-on for Salesforce Streaming API for cloud compatibility The current version is not available for the cloud.According to conversations with Splunk Support, the update address... by rjastrze Explorer in Getting Data In 03-06-2025 0 3	0	3