Getting Data In

Community Activity

Sourcetype by Forwarder GUID Hi there,I have 2 forwarders on a single box - one HF one UF. I want to switch off the UF. Im looking for a list of s... by mwdbhyat Builder in Getting Data In 11-05-2020 0 3	0	3
field extraction Hi All,what should be the regex while doing event extraction for srcip eventtime=1604591829395228259 appid=41 srcip=1... by pavanbmishra Path Finder in Getting Data In 11-05-2020 0 3	0	3
Change a sourcetypes 'host' field to read from the 'shost' field instead. I have a feed that has the host field defaulting to what is essentially the sourcetype, but in the shost field I have... by robnewman666 Path Finder in Getting Data In 11-05-2020 0 2	0	2
Index has empty data when using HEC Hello I need an urgent help.I created HEC data inputs. I did follow these guidelines.https://docs.splunk.com/Document... by malikperang Loves-to-Learn Everything in Getting Data In 11-05-2020 0 4	0	4
Issue with Monitoring files in Splunk i m trying to monitor a json file with custom sourcetype for line breaking that i have build but not getting events ... by sdivya Observer in Getting Data In 11-05-2020 0 0	0	0
Transforms working intermittently on index cluster for AWS Kinesis to HEC Hello Splunkers,We are receiving config notifications, CloudTrail and others from AWS through Kinesis - the general p... by johnansett Communicator in Getting Data In 11-04-2020 1 1	1	1
Forwarding Cisco Finesse logs into Splunk Cloud Has anyone forwarded Cisco Finesse logs to Splunk Cloud? If yes, it would be great if they can share the steps to do ... by akriti Explorer in Getting Data In 11-04-2020 0 1	0	1
isReadOnly is Hi, In smart store splunk clusters with smart store enabled on all indexes with remotePath in [default} stanza, Is t... by bsrikanthreddy5 Path Finder in Getting Data In 11-04-2020 0 0	0	0
micro focus Service Manager logs parsing SpoilerHi Everyone,i want to parse the below custom Application logs, Need your help and advises.12084( 14140) 11/02/... by splunking4me Explorer in Getting Data In 11-04-2020 1 4	1	4
Universal Forwarder send syslog to a thrid party First of all, can UF's send syslog to a third party? The documentation says, "You can configure a forwarder" but does... by I-Man Communicator in Getting Data In 11-04-2020 1 7	1	7
Splunk not recognizing nested json I've searched quite some time, but I'm not able to find why Splunk is not recognizing a nested JSON.Here's how my dat... by dstoev Path Finder in Getting Data In 11-04-2020 0 0	0	0
Selective indexing of events from UF on Heavy Forwarder Hello,I have read the documentation on routing and filtering events (https://docs.splunk.com/Documentation/Splunk/8.1... by performancemoni Path Finder in Getting Data In 11-04-2020 0 2	0	2
Load Balancing UF to 3rd third party receivers Hi,I have some troubles setting up the following topology. There is 1 UF which needs to forward unCooked raw data to ... by jknulst Explorer in Getting Data In 11-03-2020 1 6	1	6
Eventgen: is it possible to create events taking pair values from a file? Hi at all,I have to use eventgen to populate a demo I prepared.I'm able to populate events starting from a template a... by gcusello SplunkTrust in Getting Data In 11-03-2020 1 1	1	1
How to upload wevtutil generated xml file of Security log into Splunk? I have a situation when I need to dump a remote Security log with wevtutil and subseqently upload it into Splunk to c... by ageld2020 New Member in Getting Data In 11-03-2020 0 0	0	0
Monitoring File Directories but not indexing file contents Hi all,Sorry for the really newb question (because I am one).I have Splunk Enterprise running on my standalone PC to ... by Highlander22 Engager in Getting Data In 11-03-2020 0 3	0	3
Issue with timestamps creating extra events Certain events in these logs have dates in certain tags below such as <BeginDateTime> and <EndDateTime> . They are cr... by bnichols024 New Member in Getting Data In 11-03-2020 0 2	0	2
Variable string processing in variable string in map command IF the _raw is the same as above, I want to search with the query below.Index=_internal sourcetype=splunkd I want to ... by litmuspaper Loves-to-Learn Lots in Getting Data In 11-03-2020 0 1	0	1
Index events with timestamp of previous day We have a report from a system that needs to be indexed into splunk on monthly basis. This report is generated on 1st... by rajeshjlnt Path Finder in Getting Data In 11-03-2020 0 5	0	5
Does indexer discovery also apply to heavy forwarder to Splunk enterprise? by phil_wong Explorer in Getting Data In 11-02-2020 0 1	0	1
SSL Forwarding: Why does a Splunk forwarder need its own certificate? outputs.conf on forwarder gets its own cert. E.g. something like [tcpout-server://192.168.1.100:9997] sslRootCAPath ... by mlorch Path Finder in Getting Data In 11-02-2020 1 7	1	7
How to index Json array into metric index? Hi All, My question is the same as the title. How am I able to index Json array into metric index? I would appreciate... by brandy81 Path Finder in Getting Data In 11-02-2020 0 0	0	0
How to remove a group of characters for each value from list/multivalue. String of variable alert_type:\|detail.action=blocked\|detail.devicename=hd03\|detail.virus=fec_virus_macro_sic_1\|detail... by dashield Explorer in Getting Data In 11-02-2020 0 6	0	6
field extraction working with rex but not props.conf I am trying to extract a portion of the source as a field. Here's what the source looks like: D:\Host Logs\info.serve... by jdmclemore Path Finder in Getting Data In 11-02-2020 0 7	0	7
Splunk Add-on for AWS ARN Format Mismatch HelloIn setting up the add on for AWS(4.6.1) in the IAM role setup it expects a role ARNin the format of :arn:aws-us-... by tkw03 Communicator in Getting Data In 11-02-2020 0 0	0	0