Getting Data In

Community Activity

Pushing Powershell Scripts out via Universal Forwarder - Specifying specific hosts I would like to run powershell scripts and commands out to my endpoints via the Universal Forwarder, but based on the... by kjehth93 New Member in Getting Data In 02-27-2025 0 1	0	1
Why is my sourcetype configuration for JSON events with INDEXED_EXTRACTIONS making each extracted field multivalue with duplicate values? I have a Python script configured as a data input that generates one JSON object per line containing events. This is ... by asieira Path Finder in Getting Data In 02-27-2025 10 13	10	13
How to configure HTTP Event collector to log client/source IP? My team has a growing interest in looking at geo location as a function of client IP address. I've installed a plugi... by mbintz Explorer in Getting Data In 02-26-2025 2 5	2	5
Splunk-winevtlog event missing in Splunk Hi I have the following conf for Application events: [WinEventLog://Application] _TCP_ROUTING = sample current_only =... by Singh10 Explorer in Getting Data In 02-26-2025 0 1	0	1
strange timechart effect Hello I have xml messages in search. row like this <log><local_time>2025-02-25T15:02:59:955059+05:00</local_time><b... by alexeysharkov Path Finder in Getting Data In 02-26-2025 0 12	0	12
Not able to parse json with spath ,something wrong but not json Hi,I need to ingest some logs into splunk, so file&dirs data input its my choice.Also new index was created , _json a... by ekmek4 Explorer in Getting Data In 02-26-2025 0 5	0	5
Field extraction unsuccessful while index time I am trying to extract field at index time. Hence I have given following in my cluster master and pushing to indexers... by Karthikeya Communicator in Getting Data In 02-26-2025 0 12	0	12
Discard long messages? I have an errant application that is sending too much data to my Splunk Enterprise instance.This is causing licensing... by BogeyMan Loves-to-Learn Lots in Getting Data In 02-25-2025 0 2	0	2
Change index name of metrics data Hi All,I have a challenge, which i after many considerations have made a decision to, which indeed also have some con... by BTrust Path Finder in Getting Data In 02-25-2025 0 4	0	4
Is there a way to force UF to phone home to DS? Hi All, I just want to ask if there's a way to force UF to phone home to DS, we want to initiate a force phone home ... by mjlsnombrado Communicator in Getting Data In 02-25-2025 0 3	0	3
Lastchance index troubleshooting by ayomotukoya Explorer in Getting Data In 02-24-2025 0 4	0	4
How to rename indexname which is already on-boarded and data is coming. How to rename index name? We have already an index created which is receiving data. Now we want to change that index ... by Karthikeya Communicator in Getting Data In 02-24-2025 0 1	0	1
Meraki TA - Could not identify datetime field for input Hello, I have a fresh install of splunk and Meraki TA App. I have configured several inputs in the App, however I am ... by Space_Crawler Observer in Getting Data In 02-23-2025 0 2	0	2
Intermediate Forwarder Limited to 1000 connections I have an installation where I am trying to leverage an intermediate forwarder (IF) to send logs to my indexers. I ha... by MichaelM1 Explorer in Getting Data In 02-22-2025 0 11	0	11
Zero bytes in the indexed events Hi! This is my first time using Splunk and I am on the free tiral version. I setup an HEC token and ran a test on Win... by swlf Explorer in Getting Data In 02-21-2025 0 5	0	5
Trying to filter and route logs/events using a Splunk Heavy Forwarder Hi Everyone,I've installed and configured a Splunk Heavy Forwarder on an EC2 instance in AWS and configured two Splun... by shashank9 Explorer in Getting Data In 02-21-2025 0 5	0	5
Re-arranging Json fields while indexing the data This is how our normal raw event looks --Feb 7 23:59:32 128.160.82.26 [local0.warning] <132>1 2025-02-07T23:59:32.033... by Karthikeya Communicator in Getting Data In 02-21-2025 0 6	0	6
Unable to override host value with event data Hello, I am trying to replace the host value that is the UF with event data as the value. ACME-001 PROD-MFS-003: sta... by boknows Explorer in Getting Data In 02-21-2025 0 2	0	2
Different apps for different groups currently we are on-boarded applications like 1,2,3,4..... 100 into default search and reporting app.But we they belo... by splunklearner Communicator in Getting Data In 02-21-2025 0 3	0	3
Deleting datas on one index after routing them to another index Hello,My use case :Context : On azure, datas from several applications are pushed in a Azure EventHubI need to separa... by Nicolas2203 Path Finder in Getting Data In 02-21-2025 0 2	0	2
Splunk do not store data from Data input script Hi all,I have configured a new script in 'Data inputs' to feed my index with data from a Rest API.The script has been... by Ciccius Explorer in Getting Data In 02-21-2025 0 5	0	5
Help to find daily indexed data size by each index Need your help, Can you please tell us, how to find daily indexed data size by each index? by dhavamanis Builder in Getting Data In 02-20-2025 1 5	1	5
Only 1 User got "Waiting for queued job to start Manage jobs." Hi Everyone, In my Splunk environment, I have about 15 users, but the one responsible for creating correlation search... by zksvc Contributor in Getting Data In 02-19-2025 0 4	0	4
SEDCMD usage or any alternative We have a requirement to remove few strings from the events while indexing the data. Here is my raw event sample - {... by Karthikeya Communicator in Getting Data In 02-19-2025 0 1	0	1
Extract field in indexing time I want to extract value from the following field while indexing the data to use it to map it with index.vs_name=v-jup... by splunklearner Communicator in Getting Data In 02-19-2025 0 3	0	3