Getting Data In

Community Activity

Configured .sh scripts not being run/reporting data I created .sh scripts that do the following: #!/bin/bash # Name of the service to monitor SERVICE_NAME="tomcat9" # ... by joewetzel63 Loves-to-Learn in Getting Data In 01-24-2025 0 2	0	2
blacklist event codes - Splunk Enterprise v9.0.5 Afternoon, I've been beating my head against the keyboard the last few days trying to get this to work. I want to exc... by SRHunter Explorer in Getting Data In 01-23-2025 0 11	0	11
What does currentDBsizeMB represent? What does currentDBsizeMB actually represent? Seeing some discrepancies in the actual file system consumption betwee... by mindtheraft Loves-to-Learn Lots in Getting Data In 01-23-2025 0 1	0	1
windows evtx logs to splunk linux deployment using a universal forwarder i am trying to forward logs from a windows server to a linux splunk enterprise using the universal forwarder. the app... by d4rk_sp1d3r Loves-to-Learn Lots in Getting Data In 01-23-2025 0 5	0	5
Ingesting offline Windows Event logs from different systems I am trying to use a Universal Forwarder to get a load of windows event logs that I need to analyse into Splunk. The ... by KP3 Engager in Getting Data In 01-22-2025 0 3	0	3
Missed data from SOPHOS I am encountering an issue regarding the synchronization of update logs between Sophos and Splunk for a specific host... by zksvc Contributor in Getting Data In 01-22-2025 0 0	0	0
Search Head Deployer and Search Head Cluster Sync Missing so cant deploy Apps Hello, I have a question about sh deployer and search heads. We have three search heads within a cluster and for some... by arunsoni Explorer in Getting Data In 01-22-2025 0 4	0	4
Capture data from single index and differentiate logs based on sourcetype We have big application which contains small applications data coming onto Splunk. Currently we are mapping FQDNs to ... by splunklearner Communicator in Getting Data In 01-22-2025 0 1	0	1
Assign to missing timestamp event previous event timestamp Hi,By default, if no timestamp exist in a field, Splunk defaulting timestamp of previous eventOn one hand, I do want ... by michael_vi Path Finder in Getting Data In 01-22-2025 0 1	0	1
Send TLS from Trend Micro's Deep Security to Splunk HiTo transfer TLS from Deep Security to SplunkI think Privatekey, Certificate, and Certificatechain should be created... by KwonTaeHoon Path Finder in Getting Data In 01-22-2025 0 2	0	2
Indexing data through TLS certificate Hi,So I wanted to check some possibilities of indexing data using TLS/SSL certificates.1. I configured TLS only on th... by abhijeetbandre Engager in Getting Data In 01-21-2025 0 1	0	1
Why is syslog-ng dropping events sent to SC4S's destination d_hec_fmt? Searching _internal for source=sc4s shows: srlssydr01 syslog-ng 174 - [meta sequenceId="32595295"] Message(s) dropp... by gf13579 Communicator in Getting Data In 01-21-2025 0 4	0	4
[Cohesity Add-on] Extension with “Protection Runs” statistics hi.Would it be possible for us to regularly read the statistics from the Protection Group Runs via Splunk Add-on?Thes... by lari New Member in Getting Data In 01-21-2025 0 0	0	0
Different applications need to access all Splunk logs Hello all,Consider we have X application requested on-boarding on to Splunk. Created index for this X application, a ... by splunklearner Communicator in Getting Data In 01-21-2025 0 1	0	1
Using HEC with JavaScript Hi Team,Version: Splunk Enterprise v9.2.1We are trying to capture user generated data so we have created forms with C... by oO0NeoN0Oo Loves-to-Learn Lots in Getting Data In 01-21-2025 0 5	0	5
In an event with two timestamps, automatically choose the good one I have an event like this: ~01~20241009-100922;899~19700101-000029;578~ASDF~QWER~YXCV There are two timestamps in thi... by zapping575 Path Finder in Getting Data In 01-20-2025 0 5	0	5
Per Index Configuration Hello All,I am trying to clean up our indexes and their sizes to ensure that we are keeping the correct amount of dat... by edwardrose Contributor in Getting Data In 01-20-2025 0 9	0	9
Force inclusion of space character as a first character in FORMAT string in transforms.conf Hello everyone!I am experimenting with the SC4S transforms that are posted here:https://splunk.github.io/splunk-conne... by wowbaggerHU Path Finder in Getting Data In 01-20-2025 0 6	0	6
conditional whitespace in transform Hello everyone!I am experimenting with the SC4S transforms that are posted here:https://splunk.github.io/splunk-conne... by wowbaggerHU Path Finder in Getting Data In 01-19-2025 0 10	0	10
Nit getting the data into splunk indexer Iam not able to see the file content in indexer, After restarting the universal Forwarder what can be the reason by loknath Loves-to-Learn in Getting Data In 01-17-2025 0 4	0	4
Splunk Cloud Trial HEC Not Working Hi all,I just started a trial for Splunk Cloud , my URL looks similar to this:https://prd-p-s8qvw.splunkcloud.com/en-... by Klaverblad Explorer in Getting Data In 01-16-2025 0 2	0	2
Is the following scenario possible? to have a more cost effective solution to onboard sysmon I would like to understand if the following scenario would be possible:1. Security detection queries/analytics relyin... by charlottelimcl Explorer in Getting Data In 01-16-2025 0 5	0	5
Splunk VMware OVA for ITSI vs Splunk OVA for VMware What's the difference between "Splunk VMware OVA for ITSI" and "Splunk OVA for VMware"? The Splunk OVA for VMware app... by ericg_splunk Splunk Employee in Getting Data In 01-15-2025 0 0	0	0
Why would INDEXED_EXTRACTIONS=JSON in props.conf be resulting in duplicate values? Using Splunk to analyze bro network transaction data in JSON format. I noticed the stats command and field summary s... by pumphreyaw Explorer in Getting Data In 01-15-2025 3 11	3	11
Is changing Class can affect indexing and Fishbucket CRC Hi all,A general question that I couldn't find an answer to...If I change for the certain app class from one to anoth... by michael_vi Path Finder in Getting Data In 01-15-2025 0 3	0	3