Getting Data In

Ask a Question

Discussions

Thread Info

Getting metrics timestamp in future

Hello, I am trying to get metrics from RouterOS using scripting (logs are forwarded using UDP) I end up with all ti...

by Loves-to-Learn in

Receiving error message while starting Splunk on AIX7.2

Dear Splunkers, I am trying to install Splunk 7.0.7 version universal forwarder on an AIX7.2 machine. While doing ...

by Engager in

How to see a list of files that Splunk is currently monitoring?

I want to list out the current data inputs, I ran the following command: C:\Program Files\SplunkUniversalForwar...

by Path Finder in

Fixup Tasks - Pending - Streaming Failure

Have Indexer Cluster. Have settings set to Search Factor 2, Replication Factor 3. I have 5 Indexer Peers at the momen...

by New Member in

Can Palo Alto logs be sent directly to Splunk, or do they initially need to be sent first to a syslog server ?

I'm wondering if it's possible to configure the Palo Alto log forwarding profile so that the PA logs are directly sen...

by Communicator in

How to add _meta to all entries from forwarder?

We have couple development environments that have Windows servers with same names (i.e. HOSTNAME1) and would like to ...

by Engager in

DB Connect - Query timed out Issue

Im setting up a new DB connect. While creating inputs i could execute the SQL query and get results in Batch Mode. Wh...

by Explorer in

Install Universal forwarder from Splunk Deployment Server?

Hi, Want to monitor many devices on my local site and on remote, can I deploy installation of universal forwarder age...

by New Member in

Certain Defender ATP alerts are being onboarded multiple times

Hello, I am trying to onboard Defender ATP alerts using Microsoft Defender ATP Add-on for Splunk (https://splunkbas...

by New Member in

How to add timezone recognition on WinPrintMon logs?

I've sat up monitoring of WinPrintMon on some Windows servers. The input using the WinPrintMon stanza, as described h...

by Builder in

Splunk DB connect Integration

Splunk DB Connect 3.3.1 - New database connection to MS SQL Server fails JRE version - 8 JDBC Driver - 7.2.2 T...

by Explorer in

FluentD to Splunk

Hi There,I'm trying to get the logs forwarded from containers in Kubernetes over to Splunk using HEC. Fluentd has bee...

by Explorer in

rsyslog no send logs in specific ip range

Hi, I have 2 indexers with the command I confirm that port 9997 is open. In one of the two indexers all the inc...

by Builder in

How to make a POST request to Splunk API in a SimpleXML javascript dashboard?

How can I use the splunkjs "Service" class to make POST changes to .conf files via the REST API in a Splunk SimpleXML...

by New Member in

Can I use the Splunk Supporting Add-on for Active Directory (SA-ldapsearch) to enumerate group membership for a specified user?

I have seen how the Splunk Supporting Add-on for Active Directory (SA-ldapsearch) can give me a list of all groups, a...

by Path Finder in

Heavy Forwarder can not preview SQL server data

Hello Splunk community, We had the splunk heavy forwarder set up on one machine, and SQL server database on the oth...

by Engager in

Why is my oneshot command not working

I have a oneshot command thats returning strange error message. I have everything in [-paramteter value] format. Here...

by Communicator in

Duplicated Events: Local Log4net_xml Monitor

I've got an issue where a significant portion of my ingested Log4Net_xml sourcetype logs have duplicate events. I'm c...

by Explorer in

IIS logs :Need to mask cs_cookie,cs_Referer and cs_uri_path but headers still showing values after using SEDCMD

Need to mask cs_cookie,cs_Referer and cs_uri_path but headers still showing values after using SEDCMD.i need to mask ...

by Explorer in

Universal Forwarder to Intermediate Forwarding to Splunk Enterprise Instance,Indexer Cluster & Heavy Forwarder

I've a scenario where I've got around 250 servers where UF has to be installed. These data would be forwarded to Inde...

by Communicator in

Extracting JSON object from JSON array, if value matches

I've stuck in a scenario, where I want to extract complete JSON object from an JSON array collection on behalf of my ...

by Engager in

TIME_FORMAT in props is not working

I have configured the TIME_FORMAT in props.conf as mentioned below. [mySourceType] INDEXED_EXTRACTIONS = csv FIELD...

by Path Finder in

Distributed Search

Looking for answers on the following (with regards to the distributed search): 1.) An explanation on how the distri...

by Path Finder in

How do we enable a forwarder boot-start?

We are running the following - /opt/splunk/splunkforwarder/bin/splunk enable boot-start -user splnkfwd The ge...

by Ultra Champion in

Splunk - how to filter json search results

My splunk search returns one event as below: notice agent data is in a nested json format. agentName and agentSwitch...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Getting metrics timestamp in future

Receiving error message while starting Splunk on AIX7.2

How to see a list of files that Splunk is currently monitoring?

Fixup Tasks - Pending - Streaming Failure

Can Palo Alto logs be sent directly to Splunk, or do they initially need to be sent first to a syslog server ?

How to add _meta to all entries from forwarder?

DB Connect - Query timed out Issue

Install Universal forwarder from Splunk Deployment Server?

Certain Defender ATP alerts are being onboarded multiple times

How to add timezone recognition on WinPrintMon logs?

Splunk DB connect Integration

FluentD to Splunk

rsyslog no send logs in specific ip range

How to make a POST request to Splunk API in a SimpleXML javascript dashboard?

Can I use the Splunk Supporting Add-on for Active Directory (SA-ldapsearch) to enumerate group membership for a specified user?

Heavy Forwarder can not preview SQL server data

Why is my oneshot command not working

Duplicated Events: Local Log4net_xml Monitor

IIS logs :Need to mask cs_cookie,cs_Referer and cs_uri_path but headers still showing values after using SEDCMD

Universal Forwarder to Intermediate Forwarding to Splunk Enterprise Instance,Indexer Cluster & Heavy Forwarder

Extracting JSON object from JSON array, if value matches

TIME_FORMAT in props is not working

Distributed Search

How do we enable a forwarder boot-start?

Splunk - how to filter json search results

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions