Getting Data In

Discussions

Thread Info

can i install heavy forwarder on my windows server ?

to integrate my mcafee with splunk ,sould i need to install heavy forward on my windows server

by New Member in

How do we define collections.conf in SplunkCloud?

Creating Lookup Definition (transforms stanza) can be done on Splunk Web UI. But since we need to point a kv definiti...

by Builder in

SNMP polling error

Have problem with snmp polling. I have 140 servers, which cpu i must monitor, and use snmp polling for it. But from 1...

by Path Finder in

How to forwarded logs from Splunk to MCAS

Hi What will be the best way to implement the below request ? We need to configure the some logs to be forwarde...

by Contributor in

Universal Forwarder not reading user-seed.conf (version 7.2.6).

I have read other articles but haven't found an answer. I recently pushed the universal forwarder to Windows clie...

by Engager in

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

I am trying to enable encryption of the traffic from all of my universal forwarders to the indexer. Looks like this i...

by Communicator in

Conditional execution of transforms based on property of event

Does anyone know of a way to control execution of transforms based on a non-metadata property of an event? I have...

by Builder in

Clone Splunk Indexer?

Hey All, Off the wall question and was curious if anyone has tried this or not and if its advisable. Looking to ad...

by Builder in

How to index data from a single server when the log path is in a shared drive?

Hi All, I am facing the below issue: I am reading few log sources (monitor) from the 3 servers, Server1, Server2 a...

by Explorer in

Different sourcetype with one hostname

We have a series of logs from different devices such as (Firewall .waf. antivirus,...) that come from syslog server t...

by Explorer in

Debug HEC input

How debug HEC input? To see incoming JSON?

by New Member in

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

I need some help getting me config right in pros.conf. When the data comes I can see the _time is not set to the v...

by Explorer in

What is included in HEC introspection data?

I'm ingesting data via HEC and I know there is data about it in _introspection, but I don't know what I'm looking at ...

by Contributor in

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

I have a couple of apps that I am trying to update on my Indexer (TA's) and am constantly seeing a 400 bad request er...

by Explorer in

Forward Data to a third-party system

Hi, I am using SplunkForwarder to forward data to a non-splunk system by adding the stanza below in outputs.conf. ...

by Contributor in

Indexer Splunkd services are not able to run

In indexer cluster environment one of the Indexer got stopped unable to start/restart C:\Windows\system32>d: D:>cd sp...

by Path Finder in

.bash_history

I have multisite environment and I want to monitor all the ssh user commands through .bash_history. for that purpose ...

by New Member in

Result of the report using rest api

Hi, How can i fetch result of an existing report in Splunk (report already executed) using a rest API. The report ...

by New Member in

Filtering NULL values after STATS

Hello Splunkers, First of all, than you all for such great community. I have a question. I am running a query i...

by New Member in

Metrics Button Share

All, After installing the Anlaytics Workspace app I would like the metrics button to appear in one of my custom a...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

can i install heavy forwarder on my windows server ?

How do we define collections.conf in SplunkCloud?

SNMP polling error

How to forwarded logs from Splunk to MCAS

Universal Forwarder not reading user-seed.conf (version 7.2.6).

Can I configure the output.conf file via app deployment to enable encryption of traffic from universal forwarders to indexer?

Conditional execution of transforms based on property of event

Clone Splunk Indexer?

How to index data from a single server when the log path is in a shared drive?

Different sourcetype with one hostname

Debug HEC input

TIMESTAMP_PREFIX not finding timestamp in JSON structure.

What is included in HEC introspection data?

Issue with indexer recreating apps after manual deletion (400 Error) Splunk Enterprise v8.03, Ubuntu 18.04.

Forward Data to a third-party system

Indexer Splunkd services are not able to run

.bash_history

Result of the report using rest api

Filtering NULL values after STATS

Metrics Button Share

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?