Getting Data In

Discussions

Thread Info

Trouble authenticating ALL Active Directory users

I'd like to open my Splunk system up to all of our AD users rather than mapping particular groups as we've in the pas...

by Explorer in

Unbound DNS Resolver Logs

``` Dec 27 01:47:46 pvlpfSense01 unbound: [91480:1] info: resolving acceptor.mcafee-mvision-mobile[.]com. A IN ...

by Explorer in

Logs with XML data is being read as two separate events by Splunk

Hi There Folks! Please refer screen shot of the original log file in a NotePad.http://prntscr.com/w82jd1 Although...

by Explorer in

License Capping

We have a 16GB Indexing License for one applicatiom , which for the first time we have exceeded the limit. I would li...

by Path Finder in

Is it possible to filter, route, and change the index of specific events?

Hi All, Basically the data (WinEventLogs) flow is UF -> HF -> indexer Group 1/ Indexer Group 2. All the data will...

by Path Finder in

How to on-board comma separated csv data with pipes around each fields

HiLooking for the advice how to on-board the csv file with comma separated values but each field has pipes around it ...

by Builder in

index size

in my stand alone environment indexes.conf: maxDataSize=100mb maxTotalDataSizemb=200000 but in ui one of ind...

by Path Finder in

Collect SCOM Custom Performance Data with Splunk

We have integrated SCOM with Splunk using Splunk Add-on for MS SCOM [HF]. We are getting ALL Perfmon Data in Splunk f...

by Observer in

App not creating sourcetypes

Hi folks, I’m having an issue getting Juniper logs to show the correct sourcetype. Right now they simply all show u...

by Communicator in

Datamodels with Smartstore

I have an environment where I'm using a datamodel with the _internal index. My datamodel_summary is created in the pa...

by Loves-to-Learn in

Syslog Output missing header

Hello All I found a similar question but did not see an answer. https://community.splunk.com/t5/Getting-Data-In/N...

by Contributor in

Non-admin user can't see all the owners in the filter dropdown

Hi, We have Splunk Enterprise. and recently migrated from LDAP TO SAML. And we started observing that non-admin us...

by New Member in

Can non-admin role manage the search jobs run by all users?

A user with non-admin role can only see own search jobs in "Jobs" page. in a Splunk document (https://docs.splunk....

by Explorer in

Not able to send logs to my syslog-ng server

Hi eveyone, I'm try to send pihole.log to my syslog-ng server through an splunk universal forwarder. Details about...

by Path Finder in

Change sourcetype for data coming from UF

Hello Splunkers, I need help with change sourcetype in logs. There is UF installed on Win server. I would like to...

by Path Finder in

What all the way to integrate splunk with scom

hi all i wanted to integrate scom with splunk please suggest best practices and best options

by Loves-to-Learn in

Receiving multiple json events as one from third party application

Hi everyone, I`m receiving multiple JSON events as one event from third party application as showned below. ...

by Loves-to-Learn in

just started learning splunk

How do I resolve this error -> happens with both linux and mac The TCP output processor has paused the data flow. F...

by New Member in

Splunk Scripted Inputs ingesting only Headers

Hi All, Splunk is ingesting only a portion of the scripted input ps.sh from my *nix os TA, and I don't know why. ...

by Explorer in

Ingesting AlienVault OTX feed service with Splunk?

Someone recently asked me how they could tie Splunk in with the free AlientVault OTX feed service. Has anyone ever do...

by Splunk Employee in

Removing subset of logs from index while maintaining route to syslog server

Windows security logs are sent to a heavy forwarder, which is configured to send these logs to a syslog server in add...

by Loves-to-Learn Lots in

IP Address of Search Head

I'm configuring one computer as a forwarder and another as the receiver. How do I find the IP address that the forwar...

by Engager in

Need help in extracting network events before indexing

I have a file with full of logs from different sources. But i want to monitor only logs from a particular network dev...

by Path Finder in

splunk universal forwarder

Hi Actually we are forwarding data from 2 forwarders servers to the indexer server, from one forwarder server we ...

by Loves-to-Learn in

Getting OCI Audit Logs into Splunk

Hello, Our infrastructure is currently hosted on Oracle Government Cloud and we are trying to determine a way to ge...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Trouble authenticating ALL Active Directory users

Unbound DNS Resolver Logs

Logs with XML data is being read as two separate events by Splunk

License Capping

Is it possible to filter, route, and change the index of specific events?

How to on-board comma separated csv data with pipes around each fields

index size

Collect SCOM Custom Performance Data with Splunk

App not creating sourcetypes

Datamodels with Smartstore

Syslog Output missing header

Non-admin user can't see all the owners in the filter dropdown

Can non-admin role manage the search jobs run by all users?

Not able to send logs to my syslog-ng server

Change sourcetype for data coming from UF

What all the way to integrate splunk with scom

Receiving multiple json events as one from third party application

just started learning splunk

Splunk Scripted Inputs ingesting only Headers

Ingesting AlienVault OTX feed service with Splunk?

Removing subset of logs from index while maintaining route to syslog server

IP Address of Search Head

Need help in extracting network events before indexing

splunk universal forwarder

Getting OCI Audit Logs into Splunk

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Taking one site of two site indexer cluster down f...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions