Getting Data In

Ask a Question

Discussions

Thread Info

Universal forwarder for Linux had mixture of permissions for root and splunk.

Hello, I am working with a Linux system and a universal forwarder. Operating System: Debian GNU/Linux 1...

by Communicator in

Indexing Ubisecure Ubilogin logs?

Hi Have anyone indexed Ubisecure's Ubilogin audit or diag files? Basically those are CSV files, BUT depending of ev...

by SplunkTrust in

Connecting Azure Monitor, log analytics, Application Insights with Splunk

How to link Azure Monitor with Splunk? How to link Azure log analytics workspace with Splunk? How to link Azure Appli...

by New Member in

Issues with XML Linebreaker

Hello fellow splunkers, right now I'm working through the 7 labs for SE II which are necessary to be able to start ...

by Communicator in

Valid JSON not being broken up into individual events

I've checked a number of threads about breaking JSON files and I've tried a number of offered solutions and none seem...

by Path Finder in

dedup by time

hello, I am trying to dedup events from successful authorizations in Splunk. Currently, our windows systems mak...

by Explorer in

Monitoring file changes to a NetApp file share

Hello, New to Splunk. Can Splunk monitor or audit changes to a Netapp file share? We would like to know about fil...

by Loves-to-Learn in

We just loaded an AIX server with a forwarder and we're getting can't write file "/.splunk/authToken_#####_8089:

We just loaded an AIX server with a forwarder and we're getting can't write file "/.splunk/authToken_#####_8089: Perm...

by Path Finder in

Disabling a single tcp/ip data input port breaks connections to other ports

Hi, Follow these steps to reproduce the problem: 1. Create two tcp data inputs. In my case I used ports 9850 and...

by Engager in

Log ingestion from fluentd

Hi All, Is there a way to ingest logs from fluentd to splunk apart from HEC method?

by Builder in

http event collector interval where to set

Hello, I am using HTTP Event collector for one of the sources. And currently the data is getting indexed every Mond...

by Communicator in

DB Connect MySQL can't parse timestamp

I am using DB connect 3.4.0 to get data from SQL Server. I have 2 working inputs with rising id column and timestamp ...

by Path Finder in

Does external load balancer works with Universal/Heavy forwarder?

Related to recommendation as per following link Setup load balancing New versions of SPLUNK now fully support NLB....

by Splunk Employee in

Question regarding _meta on multi-tenant hosts

Hey guys, I had a quick question that I am unable to get an answer for by googling/doc'ing. If I am wanting to ...

by Path Finder in

6.2 Forwarder Configuration on Linux: Why am I getting error "TcpInputProc - Message rejected. Received unexpected 369295616 byte message!" in server's splunkd.log?

Forwarder splunklog extraction - First time manual config for a Linux box. The server is set up to listen on 9997 an...

by Path Finder in

I want to search the list of users whose account was disabled and then enabled within 60 days of time period. how can i achieve this?

users account was disabled in July. but suddenly it was enabled in October and performed password reset by an IT pers...

by New Member in

Splunk Universal forwarder

Hi, We have a Splunk Windows universal forwarder which is not reporting all the metrics as configured for the Splun...

by Observer in

Sort asc/desc multivalue field

I have 2 multi value fields - script and instance. I joined them in another multi value field (steps) using mvappend ...

by Explorer in

ingest events with a specific string - remove the rest

Hi all, I'm trying to ingest (multiline) events with the string "public_ip" and remove the rest props.conf: [p...

by Builder in

Excluding field values from JSON SPATH Table

Hi, Can someone help filter out a nested JSON value in a table? I have a search and SPATH command where I can't f...

by Explorer in

How can I identify buckets with past and future events

Hello I have a windows index that has data as old as 14000+ days. From researching its because there is data th...

by Communicator in

XML tags extraction at index time

Hello, I am trying to create some fields at index time from an XML log. I prepared the sourcetype definition in t...

by Explorer in

Tailor inputs.conf to match specific windows hosts AND mointor a specific file path

is it possibly to edit my Monitors:// to work with specific hostnames (Computer Names) and monitor a specific file lo...

by Path Finder in

Cloud-certified app's .py file is not found after installation on heavy forwarder 7.3 on prem customer instance

12-08-2020 21:54:50.912 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/bitg...

by Engager in

Domain controller data ingestion delay

Hi, facing issue with data ingestion for the windows security events from the domain controller servers index=wine...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal forwarder for Linux had mixture of permissions for root and splunk.

Indexing Ubisecure Ubilogin logs?

Connecting Azure Monitor, log analytics, Application Insights with Splunk

Issues with XML Linebreaker

Valid JSON not being broken up into individual events

dedup by time

Monitoring file changes to a NetApp file share

We just loaded an AIX server with a forwarder and we're getting can't write file "/.splunk/authToken_#####_8089:

Disabling a single tcp/ip data input port breaks connections to other ports

Log ingestion from fluentd

http event collector interval where to set

DB Connect MySQL can't parse timestamp

Does external load balancer works with Universal/Heavy forwarder?

Question regarding _meta on multi-tenant hosts

6.2 Forwarder Configuration on Linux: Why am I getting error "TcpInputProc - Message rejected. Received unexpected 369295616 byte message!" in server's splunkd.log?

I want to search the list of users whose account was disabled and then enabled within 60 days of time period. how can i achieve this?

Splunk Universal forwarder

Sort asc/desc multivalue field

ingest events with a specific string - remove the rest

Excluding field values from JSON SPATH Table

How can I identify buckets with past and future events

XML tags extraction at index time

Tailor inputs.conf to match specific windows hosts AND mointor a specific file path

Cloud-certified app's .py file is not found after installation on heavy forwarder 7.3 on prem customer instance

Domain controller data ingestion delay

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions