Getting Data In

Thread Info

servers time validation

good morning Is there a way to validate the time of the current splunk servers? Let me explain, during these days t...

by Path Finder in

How to collect Azure container log to splunk?

Hi, I need to collect Azure container log into splunk. I will utilize azure monitor app for splunk. It is pulling log...

by Path Finder in

How to reconfigure syslog-ng when file is getting updated but data isn't getting into indexer (Universal Forwarder)?

Hi, We have configured syslog-ng to send data to indexers, Sometimes, the syslog file is getting updated but data ...

by Explorer in

Windows Event Logs & Sysmon

What's everyone doing for collecting both Windows Event Logs & Sysmon? Are you collecting all Even IDs or only a sm...

by Communicator in

Change Splunk management port for single Linux host

Hello!I'm new to Splunk, and I would like to change the management port for only a single host from 8089 to 9089 due ...

by Explorer in

Is "RecordNumber" a unique identifier?

I'm dealing with a lot of duplicate event logs at the exact same millisecond. From what I can tell, everytime this ha...

by Communicator in

script input running "splunk cmd openssl"

Hello, I have a script to index enddate from certificats #!/bin/sh echo debug enddate date=`date "+%d/%m/...

by Path Finder in

App local files updated in indexer cluster

I have an app which included a custom command which in turn has to cache some information on the indexer it runs. Wha...

by Path Finder in

Need to Disable A Process Name with Event ID

We are collecting Wineventlog data from Security, Application & System. In Security we want to disable a particular...

by Contributor in

Ingesting Word document

Hello all, My latest challenge is to ingest a Word doc into our environment. According to everything I have read s...

by Communicator in

Excessive Windows Event Logs

I don't have much experience with Splunk but am starting to use it in a new role and have done a lot of research befo...

by Communicator in

Migration of event data from RSA Netwitness to Splunk

Hello, I am looking to see if it is possible to migrate data (around 20TB) from RSA Netwitness MongoDB to Splunk.Wo...

by Builder in

mvfind output as spath input?

I'm looking to get some json data from our anomaly detection system into the Intrusion Detection data model and thus ...

by Path Finder in

Events are not getting filtered using props.conf & transforms.conf

I was wondering why all of the filters implemented are not working. Below is my props.conf & transforms.conf file p...

by Explorer in

HEC to aws(dynamodb)

Hello, I am using HEC to send data from aws(dynamodb) to splunk. I am getting error called"ECONNREFUSED","errno":"ECO...

by Loves-to-Learn Lots in

CSV multipul time events in header

I have a CSV file where the header contains the time of each subset of data. I need Splunk to split the columns into ...

by Path Finder in

Windows IIS logs not formatting correctly / hostname problem

So bringing in some IIS logs from a few windows servers... seemed pretty simple. Installed the add-on for Micrsoft II...

by Path Finder in

DateParserVerbose Warnings

HI, I see lot of DateParserverbose warnings in splunkd.log on my indexers. The errors goes as follows: WARN Dat...

by Path Finder in

Syslog vs TA apps to parse network traffic sourcetypes

We are trying to ingest some logs for events from different network appliances such as F5 load balancers. Can you pl...

by Splunk Employee in

Timestamp to date conversion

I struggle with converting a time stamp into a date. In my data EMPTY_DATE looks like this: 2020-08-27 00:00:00.0 ...

by Engager in

Splunk cloud Dashboard - how to add a static image

Hello, I need to place static images in one of my dashboard in splunk cloud. Where should i place the image file i...

by Communicator in

Why does /opt/splunk/var/run/searchpeers fill up?

On two indexers /opt/splunk/var/run/searchpeers is at 20 GBs of files with delta files and bundle file. Is it safe to...

by Ultra Champion in

Splunk Forwarder Connection Refused from Splunk Indexer

Ever since we added a few more Splunk Forwarders to our environment, the Splunk Server (search head, indexer, deploym...

by Builder in

Splunk Add-on for ServiceNow: Collect from RITM Table?

Can't seem to find inputs-config for ServiceNow's RITM / Requested Item / table: sc_req_item --> is this correct? Or ...

by Builder in

Data is not being imported into the assigned index after migrating from Oracle to PostgreSQL.

Until now I was importing data to Splunk from Oracle. I have migrated from Oracle to Postgresql so I will no longer u...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

servers time validation

How to collect Azure container log to splunk?

How to reconfigure syslog-ng when file is getting updated but data isn't getting into indexer (Universal Forwarder)?

Windows Event Logs & Sysmon

Change Splunk management port for single Linux host

Is "RecordNumber" a unique identifier?

script input running "splunk cmd openssl"

App local files updated in indexer cluster

Need to Disable A Process Name with Event ID

Ingesting Word document

Excessive Windows Event Logs

Migration of event data from RSA Netwitness to Splunk

mvfind output as spath input?

Events are not getting filtered using props.conf & transforms.conf

HEC to aws(dynamodb)

CSV multipul time events in header

Windows IIS logs not formatting correctly / hostname problem

DateParserVerbose Warnings

Syslog vs TA apps to parse network traffic sourcetypes

Timestamp to date conversion

Splunk cloud Dashboard - how to add a static image

Why does /opt/splunk/var/run/searchpeers fill up?

Splunk Forwarder Connection Refused from Splunk Indexer

Splunk Add-on for ServiceNow: Collect from RITM Table?

Data is not being imported into the assigned index after migrating from Oracle to PostgreSQL.

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions