Getting Data In

Thread Info

how to hide "ALL" from selecting in dashboards page?

Hi I am not sure how to put up this question but all I am trying to do is basically hide the below "All" optio...

by Builder in

Specifiy input stanzas by host

Hi,I've created an app to be able to monitor some directories for two hosts. The stanzas are completely identical exc...

by Explorer in

Troubleshoot the Splunk Add-on for Microsoft Cloud Services

Hi , I am trying to troubleshoot the splunk Add-on for Microsoft Cloud Services.I checked at the following location...

by Path Finder in

CSV field header/label based on a value in column.

So I have a csv file that is generated while a program runs. The 1st 4 columns are same headers. DATE,TIME, LOCATION,...

by Loves-to-Learn Lots in

Salesforce Add-on - Lost my server and trying to restore configuration files for app

I had lost my search-head and cluster-master and when I tried to restore the files I already had backed up. The app ...

by Observer in

multiple outputs.conf and inputs.conf on the same forwarder

Hello, I have the case that I am sharing the UFs with the Splunk SIEM solution, however I work for another project ...

by Builder in

Nullqueue not working

Here is a link the dataset and the regex. It is working on regexr but not in transforms.conf. I have tested by usin...

by Explorer in

How split outputs in splunk

Hello, Running Splunk Universal Forwarder 7.3.6 (build 47d8552a4d84) on CentOS 7. I am sending two logs -- surica...

by Explorer in

db connect event time mismatch

Hello, I have a query regarding getting data in using DB Connect App. I am using Splunk cloud instance and DB Conne...

by Contributor in

How to filter data from a single file and write to two different indexes?

I am trying to filter a set of data from a single file with the below conditions and send the filtered data to differ...

by Path Finder in

Configure Azure Storage Blob Modular Input for Splunk Add-on for Microsoft Cloud Services

Hi @gcusello , Need your help on this,trying to configure Azure Storage Blob Modular Input for Splunk Add-on fo...

by Path Finder in

epoch time

I want the difference between two timestamps in epoch. My fields are like: target.received.end.timestamp159711525...

by Explorer in

Unable to search data unless all time is specified

Hi I am unable to search my data unless I specify all time.

by Explorer in

Data Onboarding Strategy

I would like to hear from other admins on how they are keeping up with high demand of data onboarding requests into t...

by Influencer in

External Forwarder sending to DMZ Heavy Forwarder (9997)

All, I am trying to send to from an external forwarder to a DMZ Heavy Forwarder that is behind a firewall w/ 9997 o...

by Path Finder in

VMware addon in unable to collect data from vcenter in distributerd environment

Hi Everyone,I am suppose to configure a VMware add-on in my environment to collect data from Vcenters.I have been con...

by Observer in

rsyslog configuration and receiving results on different port

Hi, I have rsyslog configured and receive different syslog data on different ports. but is there a log file wher...

by Communicator in

Splunk_TA_aws duplicated events

Hi I have Splunk_TA_aws installed on the heave forwarder the input are [aws_s3://aws_dome9_logs_amdocsdome9l...

by Contributor in

Unable to index Windows registry monitoring (Certain Registry values)

Hi I have a requirement where I need to monitor certain registry key values on Windows server 2016. I am using the ...

by Path Finder in

WinRegMon - Inputs.conf works on localhost but not on universal forwarder.

Hi Team,The following inputs.conf works on localhost to monitor a registry key, but not working on the universal forw...

by Explorer in

How do you troubleshoot missing windows event logs?

I have been noticing that some windows event logs are not appearing in the Splunk search. For example the event code ...

by Observer in

Onboard logs from McAfee EPO Cloud

I want to onboard McAfee EPO Cloud data. While there is an add-on available for on-prem solution of McAfee EPO, it do...

by Explorer in

Module 4 data upload fail without errors

I have followed module 4 instructions twice (once I manually found the data add section) to upload data. All data u...

by Engager in

Same data input two apps?

Is it possible to share a sourcetype'd data between two apps? I have pfsense sending both firewall logs and Suricat...

by Path Finder in

TA-pfsense + Suricata + Barnyard2 gone + eve json = oh fun

TL:DR- How do I specify in the props.conf that for "pfsense:suricata" to then use Splunk's json extraction? Situati...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

how to hide "ALL" from selecting in dashboards page?

Specifiy input stanzas by host

Troubleshoot the Splunk Add-on for Microsoft Cloud Services

CSV field header/label based on a value in column.

Salesforce Add-on - Lost my server and trying to restore configuration files for app

multiple outputs.conf and inputs.conf on the same forwarder

Nullqueue not working

How split outputs in splunk

db connect event time mismatch

How to filter data from a single file and write to two different indexes?

Configure Azure Storage Blob Modular Input for Splunk Add-on for Microsoft Cloud Services

epoch time

Unable to search data unless all time is specified

Data Onboarding Strategy

External Forwarder sending to DMZ Heavy Forwarder (9997)

VMware addon in unable to collect data from vcenter in distributerd environment

rsyslog configuration and receiving results on different port

Splunk_TA_aws duplicated events

Unable to index Windows registry monitoring (Certain Registry values)

WinRegMon - Inputs.conf works on localhost but not on universal forwarder.

How do you troubleshoot missing windows event logs?

Onboard logs from McAfee EPO Cloud

Module 4 data upload fail without errors

Same data input two apps?

TA-pfsense + Suricata + Barnyard2 gone + eve json = oh fun

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

How to handle multiline events from k8s via opente...

Power Platform audit logs

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Getting Data In

Are you a member of the Splunk Community?

Discussions