Getting Data In

Ask a Question

Discussions

Thread Info

IIS Parsing Issues

Hi, I'm getting problems while getting data parsed from IIS TA. an example may be in the host field I'm getting: ...

by Loves-to-Learn in

Sourcetype by Forwarder GUID

Hi there, I have 2 forwarders on a single box - one HF one UF. I want to switch off the UF. Im looking for a list o...

by Builder in

field extraction

Hi All, what should be the regex while doing event extraction for srcip eventtime=1604591829395228259 appid=4...

by Path Finder in

Change a sourcetypes 'host' field to read from the 'shost' field instead.

I have a feed that has the host field defaulting to what is essentially the sourcetype, but in the shost field I have...

by Path Finder in

Index has empty data when using HEC

Hello I need an urgent help. I created HEC data inputs. I did follow these guidelines.https://docs.splunk.com/Do...

by Loves-to-Learn Everything in

Issue with Monitoring files in Splunk

i m trying to monitor a json file with custom sourcetype for line breaking that i have build but not getting events ...

by Observer in

Transforms working intermittently on index cluster for AWS Kinesis to HEC

Hello Splunkers, We are receiving config notifications, CloudTrail and others from AWS through Kinesis - the genera...

by Communicator in

Forwarding Cisco Finesse logs into Splunk Cloud

Has anyone forwarded Cisco Finesse logs to Splunk Cloud? If yes, it would be great if they can share the steps to do ...

by Explorer in

isReadOnly is

Hi, In smart store splunk clusters with smart store enabled on all indexes with remotePath in [default} stanza, I...

by Path Finder in

micro focus Service Manager logs parsing

by Explorer in

Universal Forwarder send syslog to a thrid party

First of all, can UF's send syslog to a third party? The documentation says, "You can configure a forwarder" but does...

by Communicator in

Splunk not recognizing nested json

I've searched quite some time, but I'm not able to find why Splunk is not recognizing a nested JSON. Here's how my ...

by Path Finder in

Selective indexing of events from UF on Heavy Forwarder

Hello, I have read the documentation on routing and filtering events (https://docs.splunk.com/Documentation/Splunk/...

by Path Finder in

Load Balancing UF to 3rd third party receivers

Hi, I have some troubles setting up the following topology. There is 1 UF which needs to forward unCooked raw data ...

by Explorer in

Eventgen: is it possible to create events taking pair values from a file?

Hi at all, I have to use eventgen to populate a demo I prepared. I'm able to populate events starting from a temp...

by SplunkTrust in

How to upload wevtutil generated xml file of Security log into Splunk?

I have a situation when I need to dump a remote Security log with wevtutil and subseqently upload it into Splunk to c...

by New Member in

Monitoring File Directories but not indexing file contents

Hi all, Sorry for the really newb question (because I am one).I have Splunk Enterprise running on my standalone PC ...

by Engager in

Issue with timestamps creating extra events

Certain events in these logs have dates in certain tags below such as <BeginDateTime> and <EndDateTime> . They are cr...

by New Member in

Variable string processing in variable string in map command

IF the _raw is the same as above, I want to search with the query below. Index=_internal sourcetype=splunkd I...

by Loves-to-Learn Lots in

Index events with timestamp of previous day

We have a report from a system that needs to be indexed into splunk on monthly basis. This report is generated on 1st...

by Path Finder in

Does indexer discovery also apply to heavy forwarder to Splunk enterprise?

by Explorer in

SSL Forwarding: Why does a Splunk forwarder need its own certificate?

outputs.conf on forwarder gets its own cert. E.g. something like [tcpout-server://192.168.1.100:9997] sslRootCAPat...

by Path Finder in

How to index Json array into metric index?

Hi All, My question is the same as the title. How am I able to index Json array into metric index? I would appreciate...

by Path Finder in

How to remove a group of characters for each value from list/multivalue.

String of variable alert_type:|detail.action=blocked|detail.devicename=hd03|detail.virus=fec_virus_macro_sic_1|detail...

by Explorer in

field extraction working with rex but not props.conf

I am trying to extract a portion of the source as a field. Here's what the source looks like: D:\Host Logs\...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

IIS Parsing Issues

Sourcetype by Forwarder GUID

field extraction

Change a sourcetypes 'host' field to read from the 'shost' field instead.

Index has empty data when using HEC

Issue with Monitoring files in Splunk

Transforms working intermittently on index cluster for AWS Kinesis to HEC

Forwarding Cisco Finesse logs into Splunk Cloud

isReadOnly is

micro focus Service Manager logs parsing

Universal Forwarder send syslog to a thrid party

Splunk not recognizing nested json

Selective indexing of events from UF on Heavy Forwarder

Load Balancing UF to 3rd third party receivers

Eventgen: is it possible to create events taking pair values from a file?

How to upload wevtutil generated xml file of Security log into Splunk?

Monitoring File Directories but not indexing file contents

Issue with timestamps creating extra events

Variable string processing in variable string in map command

Index events with timestamp of previous day

Does indexer discovery also apply to heavy forwarder to Splunk enterprise?

SSL Forwarding: Why does a Splunk forwarder need its own certificate?

How to index Json array into metric index?

How to remove a group of characters for each value from list/multivalue.

field extraction working with rex but not props.conf

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

ESXi and vSphere logs

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions