Getting Data In

Thread Info

Universal Forwarder

Can we detect following from UFs internal logs: Is TCP connection failed between UF and indexer/HF. If UF dropped...

by Communicator in

crushed logs master

Bonjour si le maître écrase une configuration qui n'était pas dans son fichier lors d'un push Par exemple, il écrase ...

by Loves-to-Learn in

Events on Heavy Forwarder not available on Search Head - IMAP Mailbox

This issue is primarily related to events ingested via the IMAP Mailbox App We are running a distributed environmen...

by Communicator in

Parsing Forcepoint CASB CEF logs in Splunk

I need some help with parsing Forcepoint CASB CEF logs in Splunk. The data does not seem to parse the epoch time stam...

by Path Finder in

How can I filter the contents of an eventID without blacklisting it?

I am currently trying to filter EventCode 4703. I wanted to do this via blacklist but not fully block the EventCode b...

by Communicator in

CarbonBlack/Splunk Integration

I am having difficulty configuring the Cb Defense Add-On for Splunk on a heavy forwarder, which is forwarding to my S...

by Path Finder in

DB Connect App template

Hi All, I'm using DB Connect 3.x - I want to create a template for future MS-SQL connections to speed the process...

by Path Finder in

TA MS defender not working

I have this add-on "TA Microsoft Windows Defender" installed in our UFs using a deployment server, all configuration ...

by Explorer in

Monitoring WEC .evtx files on another drive

I am after some help to debug why Splunk is not monitoring my external .evtx files.Currently have the following: %...

by Engager in

DB query to fetch logs from McAfee ePO 5.10

We upgraded the McAfee ePO from 5.9 to 5.10 after that splunk integration was broken, so i checked some articles and ...

by Explorer in

Suggest best way to onboard Default Reports available in "Airwatch - Worspace one UEM" to splunk

Hi Team, I am trying to onboard Reports data to splunk available under "Airwatch Workspace one UEM">Monitor>Reports &...

by New Member in

Change the time stamp in the log data by adding 2+ Hours

hi All,IN the AWS inputs logs we are getting timestamps behind 2 hours and we need to adjust it to UTC + 02:00 . I ha...

by Loves-to-Learn Lots in

unable to push waf logs through HEC- error says HEC is not reachable

I have a splunk trial version and i am trying pushing aws waf logs through HEC- I have enabled the token perfectly an...

by Explorer in

How do forwarders handle rolling logs when an indexer is down?

Hello, I would like to know how forwarders handle rolling logs when their target indexers become unavailable. Here...

by Motivator in

How to set default file ownership to admin and get Splunk to read files created by the ciscoftp user?

Hey all, Long story short, I have a Windows IIS FTP server on a Heavy forwarder that receives logs from Cisco prox...

by Explorer in

Quarantine or peer removal

Hi, Is there a way to remove or quarantine multiple search peers (indexers) at the same time? It's not practical en...

by Loves-to-Learn in

Update Splunk server certificate on Splunk Universal Forwarders

Dear Splunkers, Splunk server certificates on servers with splunk forwarder is expiring. is there a way to upgrade...

by Path Finder in

ingesting custom device/application logs from AWS S3 to Splunk with multiple sourcetypes

Hello Splunkers, We have all the log collection at s3 . What would be best option to send logs from s3 to Splunk ....

by Explorer in

TcpOutputProc - The TCP output processor has paused the data flow

I open a new thread because in the previous one I was reviewing several errors at the same time for this specific e...

by Builder in

Is there any chunk size applied while reading the data on the connections?

Is there any chunk size applied while reading the data on the connections? chunk size like 2kb,4kb,8kb ? is there a w...

by New Member in

Splunk Add-on for Microsoft IIS - ms:iis:auto - No Fields Extracted

Hi All, I've followed the instructions here (https://docs.splunk.com/Documentation/AddOns/latest/MSIIS/About) to in...

by Explorer in

Sophos Anti-Virus for Linux with Splunk

Has anybody installed Sophos Anti-Virus for Linux on the same machines as their Splunk Head and Splunk Indexer? If s...

by Path Finder in

Can logs form a forwarder be restricted to be viewed by a set of users only?

Hi All, I am looking to configure a sox app on splunk, so wanted to know if it is possible to restrict a user/...

by New Member in

Splunk sourcetype naming convention

I am dynamically extracting a sourctype using props.conf and tranform.conf file. But the extraction is not working as...

by Path Finder in

Is there a way to transfer data from Splunk Search Head via Scheduled Search to third party system through syslog?

Requirement is to send data from Splunk to PTA tool using Scheduled Search on Search Head. The Data should be filte...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Universal Forwarder

crushed logs master

Events on Heavy Forwarder not available on Search Head - IMAP Mailbox

Parsing Forcepoint CASB CEF logs in Splunk

How can I filter the contents of an eventID without blacklisting it?

CarbonBlack/Splunk Integration

DB Connect App template

TA MS defender not working

Monitoring WEC .evtx files on another drive

DB query to fetch logs from McAfee ePO 5.10

Suggest best way to onboard Default Reports available in "Airwatch - Worspace one UEM" to splunk

Change the time stamp in the log data by adding 2+ Hours

unable to push waf logs through HEC- error says HEC is not reachable

How do forwarders handle rolling logs when an indexer is down?

How to set default file ownership to admin and get Splunk to read files created by the ciscoftp user?

Quarantine or peer removal

Update Splunk server certificate on Splunk Universal Forwarders

ingesting custom device/application logs from AWS S3 to Splunk with multiple sourcetypes

TcpOutputProc - The TCP output processor has paused the data flow

Is there any chunk size applied while reading the data on the connections?

Splunk Add-on for Microsoft IIS - ms:iis:auto - No Fields Extracted

Sophos Anti-Virus for Linux with Splunk

Can logs form a forwarder be restricted to be viewed by a set of users only?

Splunk sourcetype naming convention

Is there a way to transfer data from Splunk Search Head via Scheduled Search to third party system through syslog?

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions