Getting Data In

Community Activity

Parsing Forcepoint CASB CEF logs in Splunk I need some help with parsing Forcepoint CASB CEF logs in Splunk. The data does not seem to parse the epoch time stam... by geoffmoraes Path Finder in Getting Data In 09-24-2020 0 5	0	5
How can I filter the contents of an eventID without blacklisting it? I am currently trying to filter EventCode 4703. I wanted to do this via blacklist but not fully block the EventCode b... by splunktrainingu Communicator in Getting Data In 09-23-2020 0 2	0	2
CarbonBlack/Splunk Integration I am having difficulty configuring the Cb Defense Add-On for Splunk on a heavy forwarder, which is forwarding to my S... by fdarrigo Path Finder in Getting Data In 09-23-2020 0 0	0	0
DB Connect App template Hi All, I'm using DB Connect 3.x - I want to create a template for future MS-SQL connections to speed the process up... by putnamblake Path Finder in Getting Data In 09-23-2020 1 1	1	1
TA MS defender not working I have this add-on "TA Microsoft Windows Defender" installed in our UFs using a deployment server, all configuration ... by titoluna07 Explorer in Getting Data In 09-23-2020 1 0	1	0
Monitoring WEC .evtx files on another drive I am after some help to debug why Splunk is not monitoring my external .evtx files.Currently have the following: %Spl... by Blackmagician Engager in Getting Data In 09-23-2020 1 1	1	1
DB query to fetch logs from McAfee ePO 5.10 We upgraded the McAfee ePO from 5.9 to 5.10 after that splunk integration was broken, so i checked some articles and ... by krvamsireddy Explorer in Getting Data In 09-23-2020 0 0	0	0
Suggest best way to onboard Default Reports available in "Airwatch - Worspace one UEM" to splunk Hi Team, I am trying to onboard Reports data to splunk available under "Airwatch Workspace one UEM">Monitor>Reports &... by sneha New Member in Getting Data In 09-23-2020 0 0	0	0
Change the time stamp in the log data by adding 2+ Hours hi All,IN the AWS inputs logs we are getting timestamps behind 2 hours and we need to adjust it to UTC + 02:00 . I ha... by datamine Loves-to-Learn Lots in Getting Data In 09-23-2020 0 1	0	1
unable to push waf logs through HEC- error says HEC is not reachable I have a splunk trial version and i am trying pushing aws waf logs through HEC- I have enabled the token perfectly an... by rajiv_r Explorer in Getting Data In 09-23-2020 0 1	0	1
How do forwarders handle rolling logs when an indexer is down? Hello,I would like to know how forwarders handle rolling logs when their target indexers become unavailable. Here is... by andrewtrobec Motivator in Getting Data In 09-22-2020 0 2	0	2
How to set default file ownership to admin and get Splunk to read files created by the ciscoftp user? Hey all, Long story short, I have a Windows IIS FTP server on a Heavy forwarder that receives logs from Cisco proxy s... by trevor_dunstan8 Explorer in Getting Data In 09-22-2020 1 0	1	0
Quarantine or peer removal Hi,Is there a way to remove or quarantine multiple search peers (indexers) at the same time? It's not practical enoug... by 7aurelius Loves-to-Learn in Getting Data In 09-22-2020 0 3	0	3
Update Splunk server certificate on Splunk Universal Forwarders Dear Splunkers, Splunk server certificates on servers with splunk forwarder is expiring. is there a way to upgrade th... by sahabhi606 Path Finder in Getting Data In 09-22-2020 0 0	0	0
ingesting custom device/application logs from AWS S3 to Splunk with multiple sourcetypes Hello Splunkers,We have all the log collection at s3 . What would be best option to send logs from s3 to Splunk .I k... by spl_unker Explorer in Getting Data In 09-22-2020 0 0	0	0
TcpOutputProc - The TCP output processor has paused the data flow I open a new thread because in the previous one I was reviewing several errors at the same timefor this specific erro... by splunkcol Builder in Getting Data In 09-22-2020 0 1	0	1
Is there any chunk size applied while reading the data on the connections? Is there any chunk size applied while reading the data on the connections? chunk size like 2kb,4kb,8kb ? is there a w... by chair56 New Member in Getting Data In 09-21-2020 0 1	0	1
Splunk Add-on for Microsoft IIS - ms:iis:auto - No Fields Extracted Hi All,I've followed the instructions here (https://docs.splunk.com/Documentation/AddOns/latest/MSIIS/About) to inges... by iamperson347 Explorer in Getting Data In 09-21-2020 0 3	0	3
Sophos Anti-Virus for Linux with Splunk Has anybody installed Sophos Anti-Virus for Linux on the same machines as their Splunk Head and Splunk Indexer? If s... by diptij Path Finder in Getting Data In 09-21-2020 0 1	0	1
Can logs form a forwarder be restricted to be viewed by a set of users only? Hi All, I am looking to configure a sox app on splunk, so wanted to know if it is possible to restrict a user/s to o... by rgadepal New Member in Getting Data In 09-21-2020 0 1	0	1
Splunk sourcetype naming convention I am dynamically extracting a sourctype using props.conf and tranform.conf file. But the extraction is not working as... by gauravmsharma Path Finder in Getting Data In 09-21-2020 1 5	1	5
Is there a way to transfer data from Splunk Search Head via Scheduled Search to third party system through syslog? Requirement is to send data from Splunk to PTA tool using Scheduled Search on Search Head.The Data should be filtered... by potnuru Path Finder in Getting Data In 09-21-2020 0 3	0	3
Ingest whole file in a single event. I'm reading a file that is being overridden by a PowerShell script. (no append in the file)The PowerShell script is u... by VatsalJagani SplunkTrust in Getting Data In 09-21-2020 1 2	1	2
Need help extracting fields from an XML dataset. Afternoon all, I have an XML dataset that I am struggling to extract fields from. What I need is for the <key> value ... by adzeh Engager in Getting Data In 09-21-2020 0 5	0	5
Timestamp containing newline Hi. I have just been presented with a very curious timestamp format. 18-08-2020 15:41:00,07 No running service ins... by las Contributor in Getting Data In 09-21-2020 0 2	0	2