Getting Data In

Thread Info

Transforms.conf issue

We're working with a 30 day trial as we wait for procurement to purchase a full license. While learning and configuri...

by Loves-to-Learn Lots in

What are the Unsupported Characters for HEC

Hi Splunk, It seems that sending log messages to Splunk HEC endpoints containing "\n", or "\r" or "\t" causes the H...

by Engager in

Data Anonimization - Multiple transforms not working for single _raw event

Hi Punters, I am facing issues with Data Anonimization. Below are my conf files. My transforms.conf anonimizes the...

by Builder in

when to use http event collector api to create vent and when to use services/receivers/simple to create event

I want to create vents but i found two ways to to that. When to use http event collector api and when to use receiver...

by Explorer in

.csv file input indexed and available in splunk but the data is invisible

I have a data input for .csv files on splunk, these files are created on a daily basis and named with the day's dates...

by Path Finder in

Creating a kvstore using API - kvstore not visible in Splunk

Hi. I'm trying to create a kvstore using this command (from this tutorial https://dev.splunk.com/enterprise/docs/deve...

by Communicator in

Splunk indexing zipped file without extracting or reading contents

I am trying to make a Splunk index a zipped file that is generated every hour. I use the batch method in order to d...

by Observer in

assign cron time to timestamp

Hi, I have a rest call that runs every 24hours, and the number of events that are returned are in the region of +5...

by Explorer in

docker splunk-url format error

With docker run cmd, I used: --log-opt splunk-url=https://mysplunkexample.com:8088/services/collector docker cmd: do...

by New Member in

WMI Input: best practice for field values with spaces

I have some powershell scripts scheduled on a windows server and want to track their memory and cpu utilization. And ...

by Path Finder in

go's time.RFC3339Nano format

Anyone having issues with nano second formatting from JSON logs. Currently it seems like times get rounded up or some...

by Explorer in

dSYM upload timing out

I'm trying to upload debugging symbols (dSYMs) for my iOS app but I keep getting time out errors regardless of the me...

by Engager in

Masking sensitive information from event

Hi,I am trying to remove some of the sensitive information to be indexed by Splunk. But these configurations are n...

by Explorer in

Splunk cloud and Microsoft Infrastructure

Hello All, It is only Tuesday and it has been quite the journey. I have a splunk cloud instance. I logged a call an...

by Observer in

Not able to make API call to splunk instance through IP address.

We have splunk enterprise trial version on machine. We are trying to call that instance through API by putting IP add...

by Explorer in

customized app origin is showing as uploaded instead of Splunk

Hi, I have uploaded customized app ,but App origin is showing as "Uploaded" ,we suppose to have "Splunk" How ...

by Explorer in

props.conf and transforms.conf does not work

Hi,i dont the content field to be forward to indexer, i configured props.conf and transforms.conf but it does not wor...

by Communicator in

Find unique values on all search rows separated by comma

Hi all,I need to count the unique values of each row i have in my search (maybe this sounds abstract to you), the dat...

by Explorer in

Use case SMB Traffic by bytes transfer

Hello, I need to create a use case that monitors the bytes transferred from one host to another, either by SMB or by ...

by Builder in

The TCP output processor has paused the data flow

The device sends the logs by means of syslog to the heavy forwarder who receives it, stores it and tries to send it t...

by Builder in

How to match join on certain conditions within the inner search?

I've got a specific requirement to fine tune a search. The search is something like.. <basesearch> | fields...

by Super Champion in

EVAL with REX with SPATH (props / transforms)

I have a JSON file with an embedded JSON field that I am trying to extract. I have been doing some searching and hav...

by Contributor in

Network Toolkit: Installation on Splunk Forwarders

Hi @LukeMurphey Is is possible to install the network toolkit app on a UF ? We have too many servers that we w...

by New Member in

Logs do not appear with current time when conducting searches

I have a firewall that is sending the logs using UTC time. Actually all of our Network devices send the data using UT...

by Loves-to-Learn in

Unable to whitelist only Error EventID's sent from UF to Indexer

Hi Team, From Windows Event Viewer logs we can onboard all Event ID's generated for "Application" and "System" ...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Transforms.conf issue

What are the Unsupported Characters for HEC

Data Anonimization - Multiple transforms not working for single _raw event

when to use http event collector api to create vent and when to use services/receivers/simple to create event

.csv file input indexed and available in splunk but the data is invisible

Creating a kvstore using API - kvstore not visible in Splunk

Splunk indexing zipped file without extracting or reading contents

assign cron time to timestamp

docker splunk-url format error

WMI Input: best practice for field values with spaces

go's time.RFC3339Nano format

dSYM upload timing out

Masking sensitive information from event

Splunk cloud and Microsoft Infrastructure

Not able to make API call to splunk instance through IP address.

customized app origin is showing as uploaded instead of Splunk

props.conf and transforms.conf does not work

Find unique values on all search rows separated by comma

Use case SMB Traffic by bytes transfer

The TCP output processor has paused the data flow

How to match join on certain conditions within the inner search?

EVAL with REX with SPATH (props / transforms)

Network Toolkit: Installation on Splunk Forwarders

Logs do not appear with current time when conducting searches

Unable to whitelist only Error EventID's sent from UF to Indexer

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions