Getting Data In

Ask a Question

Discussions

Thread Info

Issue with Monitoring files in Splunk

i m trying to monitor a json file with custom sourcetype for line breaking that i have build but not getting events ...

by Observer in

Transforms working intermittently on index cluster for AWS Kinesis to HEC

Hello Splunkers, We are receiving config notifications, CloudTrail and others from AWS through Kinesis - the genera...

by Communicator in

Forwarding Cisco Finesse logs into Splunk Cloud

Has anyone forwarded Cisco Finesse logs to Splunk Cloud? If yes, it would be great if they can share the steps to do ...

by Explorer in

isReadOnly is

Hi, In smart store splunk clusters with smart store enabled on all indexes with remotePath in [default} stanza, I...

by Path Finder in

micro focus Service Manager logs parsing

by Explorer in

Universal Forwarder send syslog to a thrid party

First of all, can UF's send syslog to a third party? The documentation says, "You can configure a forwarder" but does...

by Communicator in

Splunk not recognizing nested json

I've searched quite some time, but I'm not able to find why Splunk is not recognizing a nested JSON. Here's how my ...

by Path Finder in

Selective indexing of events from UF on Heavy Forwarder

Hello, I have read the documentation on routing and filtering events (https://docs.splunk.com/Documentation/Splunk/...

by Path Finder in

Load Balancing UF to 3rd third party receivers

Hi, I have some troubles setting up the following topology. There is 1 UF which needs to forward unCooked raw data ...

by Explorer in

Eventgen: is it possible to create events taking pair values from a file?

Hi at all, I have to use eventgen to populate a demo I prepared. I'm able to populate events starting from a temp...

by SplunkTrust in

How to upload wevtutil generated xml file of Security log into Splunk?

I have a situation when I need to dump a remote Security log with wevtutil and subseqently upload it into Splunk to c...

by New Member in

Monitoring File Directories but not indexing file contents

Hi all, Sorry for the really newb question (because I am one).I have Splunk Enterprise running on my standalone PC ...

by Engager in

Issue with timestamps creating extra events

Certain events in these logs have dates in certain tags below such as <BeginDateTime> and <EndDateTime> . They are cr...

by New Member in

Variable string processing in variable string in map command

IF the _raw is the same as above, I want to search with the query below. Index=_internal sourcetype=splunkd I...

by Loves-to-Learn Lots in

Index events with timestamp of previous day

We have a report from a system that needs to be indexed into splunk on monthly basis. This report is generated on 1st...

by Path Finder in

Does indexer discovery also apply to heavy forwarder to Splunk enterprise?

by Explorer in

SSL Forwarding: Why does a Splunk forwarder need its own certificate?

outputs.conf on forwarder gets its own cert. E.g. something like [tcpout-server://192.168.1.100:9997] sslRootCAPat...

by Path Finder in

How to index Json array into metric index?

Hi All, My question is the same as the title. How am I able to index Json array into metric index? I would appreciate...

by Path Finder in

How to remove a group of characters for each value from list/multivalue.

String of variable alert_type:|detail.action=blocked|detail.devicename=hd03|detail.virus=fec_virus_macro_sic_1|detail...

by Explorer in

field extraction working with rex but not props.conf

I am trying to extract a portion of the source as a field. Here's what the source looks like: D:\Host Logs\...

by Path Finder in

Splunk Add-on for AWS ARN Format Mismatch

Hello In setting up the add on for AWS(4.6.1) in the IAM role setup it expects a role ARNin the format of : arn:a...

by Communicator in

UK dates recognised as US until 10th of the month

Hi All I am trying to index some log files that have been converted to tab delimited text files. These are being pi...

by Explorer in

Splunk logging driver logs not parsed by indexer

Hi Splunkers, I have start using Splunk Logging Driver to get my docker logs into Splunk. I am using Splunk Enterpr...

by Explorer in

index data retention

Hello there. Within splunk cloud, I go to Settings < Indexes. I am looking at my main index. It has a current si...

by Path Finder in

data retention of sourcetype

Two questions regarding Dynamic Data Storage: 1) Within an Index, can I archive a specific sourcetype only or c...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Issue with Monitoring files in Splunk

Transforms working intermittently on index cluster for AWS Kinesis to HEC

Forwarding Cisco Finesse logs into Splunk Cloud

isReadOnly is

micro focus Service Manager logs parsing

Universal Forwarder send syslog to a thrid party

Splunk not recognizing nested json

Selective indexing of events from UF on Heavy Forwarder

Load Balancing UF to 3rd third party receivers

Eventgen: is it possible to create events taking pair values from a file?

How to upload wevtutil generated xml file of Security log into Splunk?

Monitoring File Directories but not indexing file contents

Issue with timestamps creating extra events

Variable string processing in variable string in map command

Index events with timestamp of previous day

Does indexer discovery also apply to heavy forwarder to Splunk enterprise?

SSL Forwarding: Why does a Splunk forwarder need its own certificate?

How to index Json array into metric index?

How to remove a group of characters for each value from list/multivalue.

field extraction working with rex but not props.conf

Splunk Add-on for AWS ARN Format Mismatch

UK dates recognised as US until 10th of the month

Splunk logging driver logs not parsed by indexer

index data retention

data retention of sourcetype

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

multivalue field extraction using props and transf...

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions