Getting Data In

Ask a Question

Discussions

Thread Info

How to change props.conf based on input/sourcetype

I have a couple .txt files that I want to parse differently than the rest of my data coming in from my forwarders. ...

by Path Finder in

Universal Forwarder doesn't forward specific log

Hello! It's my first time writing here so forgive me if my question may lack information. What I want to do: I...

by Explorer in

Sending MacOS logs to Splunk without involving another tool or agent

Trying to figure out a successful method for sending MacOS logs to Splunk without involving another tool or agent. We...

by Splunk Employee in

Splunk query output formating to Jason format

I have ingested some logs to Splunk which now looks like below when searching from search header. ...

by Engager in

Restart a UF via CLI / other remote means

Hi Is there a way to remotely restart a UF forwarder in splunk directly from within splunk e.g. using splunk cli ...

by Communicator in

Deployment of Universal Forwarder to Apple Mac fleet

Our company operates a fleet of Apple Macs. We would like to automate the deployment and configuration of the Univers...

by Explorer in

Indexer - Indexes not retaining logs for as long as they should

Hello, I have an issue with the Indexer not retaining logs for the expected period, and I'm really scratching my he...

by Engager in

Is there a way to migrate indexed data from a legacy standalone indexer to a new indexer cluster?

I've read through quite a few pages and there are mixed partial solutions. Is there a way to migrate indexed data...

by Contributor in

AWS Add on AWS-- Issue with SQS-Based S3 and cloudwatch -Errors

HiCan anyone help me in understanding the errors im getting in the application aws addon, i have configured the input...

by Engager in

Splunk DB Connect - data formating

Hey everyone! Lately we had an unfortunate incident were most of our logs were deleted from splunk. Luckily we save...

by Observer in

How to resolve latency between event time and index time?

My index time is 7/6/20 3:37:42.210 PM My event time is 07/06/20 10:37:42.210 CDT My TIME_FORMAT=%x %H:%M:%S.%...

by Motivator in

Error while setting up connection using MongoDB Driver

Hi,I have installed MongoDB drive from unityjdbc http://unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk_dbconnect_...

by Observer in

How to change saved search permissions via python SDK?

Hey, I am looking for a way to change permissions to a saved search via splunk python SDK. I tried using the s...

by Path Finder in

Dashboard: Include $job.message$ information

Hello,I have a dashboard which populates the results of a query in a table form.The results of this table is sometime...

by Explorer in

change index for some events

Hello splunkers. I am new to splunk and have a question on how to change index for events that e.g. have status 404 o...

by Explorer in

splunk-bunyan-logger logs in impractical format

I'm using splunk-bunyan-logger to log to splunk. The example on https://github.com/splunk/splunk-bunyan-logger sugges...

by Engager in

timestamp extraction issue

Hi , My timestamp in data looks like: 2020-07-02T18:00:18+02:00 with name log_modified_date which i want to be extr...

by Loves-to-Learn Lots in

Security questions about how Splunk handles session

Hi can you help with these security questions about how Splunk handles sessions? (Either On-Premise Enterprise Splunk...

by Engager in

MonitorNoHandle and Indexed_Extractions

Hi All, We been having issues with a CSV that is open for a long period of time while a script writes to it no my i...

by Path Finder in

Sourcetype Override

I have a deployed a scripted input with source=perfmon_script that gets server and workstation data. in pro...

by Builder in

Can't access my learning profile/add new course to cart

Good morning, I have been having trouble accessing my learning profile to complete the free fundamentals 1 training. ...

by New Member in

Can reports be scheduled on Indexers ?

Hi, In general , I want to understand pros and cons of scheduling reports on Indexers ? If the reports are on I...

by Path Finder in

How to create a live up or down dashboard view?

Good day is it possible to get above visualization on Splunk? im kinda new and lost, I designed this myself using Pow...

by Contributor in

Unable to connect to Mongodb with SSL Certificate using MongoClient in Node Js Script

Hi Team, I'm trying to connect to MongoClient using Node Js Script. While i'm passing the same certificate wh...

by New Member in

Unable to connect to Mongodb with SSL Certificate using MongoClient in Node Js Script

Hi Team, I'm trying to connect to MongoClient using Node Js Script. While i'm passing the same certi...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to change props.conf based on input/sourcetype

Universal Forwarder doesn't forward specific log

Sending MacOS logs to Splunk without involving another tool or agent

Splunk query output formating to Jason format

Restart a UF via CLI / other remote means

Deployment of Universal Forwarder to Apple Mac fleet

Indexer - Indexes not retaining logs for as long as they should

Is there a way to migrate indexed data from a legacy standalone indexer to a new indexer cluster?

AWS Add on AWS-- Issue with SQS-Based S3 and cloudwatch -Errors

Splunk DB Connect - data formating

How to resolve latency between event time and index time?

Error while setting up connection using MongoDB Driver

How to change saved search permissions via python SDK?

Dashboard: Include $job.message$ information

change index for some events

splunk-bunyan-logger logs in impractical format

timestamp extraction issue

Security questions about how Splunk handles session

MonitorNoHandle and Indexed_Extractions

Sourcetype Override

Can't access my learning profile/add new course to cart

Can reports be scheduled on Indexers ?

How to create a live up or down dashboard view?

Unable to connect to Mongodb with SSL Certificate using MongoClient in Node Js Script

Unable to connect to Mongodb with SSL Certificate using MongoClient in Node Js Script

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout