Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Getting List of the Universal forwarders

Hi There, I wanted to get a list of forwarders from the metric logs. The base logs have confused me a lot. Below ...

by Loves-to-Learn in

Integrity Check of Installed Files datetime.xml

Hello, After updating (replacing) the datetime.xml file in my Splunk, the following health check message appears. ...

by Explorer in

Windows Defender ATP

I have followed the various sets of instructions for sending Microsoft Defender ATP logs to Splunk, however I am gett...

by Contributor in

json events not breaking properly

trying to break events before incidentTicket event, but not breaking properly with BREAK_ONLY_BEFORE. props: [prd...

by Contributor in

Splunk API output

When I try the api endpoint curl -k -u username:passwd https://localhost:8089/servicesNS/admin/search/search/jobs/exp...

by New Member in

Python script to upgrade forwarder

Hi, Please give me the python script to upgrade rpm file of forwarder. Steps to upgrade 1) Get the rpm file ...

by Builder in

Capture data from scripted input

I'm trying to so a simple ps for ssh connections from a specific user. I have created a python script ! /usr/bin/p...

by Communicator in

log file not parsing properly - multiple lines per event

Hello, I have a file monitor for a log file where I am getting indexed data with multiple lines. Example of one e...

by Path Finder in

How to get the SID (via rest api) for a single scheduled report previously created from the Web UI

I have a number of scheduled reports previously created via the WEB UI following a template similar to the ones shown...

by New Member in

How to parse nested Json so I can extract parent process information that lines up attributes together?

The am having some issues with extracting what I want out of the json that goes into splunk from Tanium for signal al...

by Engager in

Sending logs to splunk using python script

Hi, Is there a way to send logs to splunk using python script? Can you please send me the sample script?

by Builder in

can Splunk HF run multiple Python scripts and forward it to multiple indexer

I am having 2 scheduled python scripts running in HF. First script is scheduled for 2 mins and get SNMP data and forw...

by Explorer in

json gets truncated

Valid json gets truncated for some reason. Below is the props.conf file: TRUNCATE = 0 KV_MODE = json NO_BINARY_CHE...

by Explorer in

Combine 3 csv reports and send it in one Email

Hi, I am stuck into a weird problem. I have 3 queries from 3 different source producing a table with a service name a...

by Explorer in

pull search terms from a single column csv file (for scheduled reports / dashboard)

I have several search queries that i then save as reports (and schedule them), they ultimately are displayed on a das...

by Path Finder in

A location where Splunk stores and searches for event data

A location where Splunk stores and searches for event data. My answer is Index, Quizlet answer is Indexer. Please con...

by Communicator in

Should I delete "/etc/init.d/splunk" when I update to 7.2.3 from before 7.2.2?

When I update Splunk to ver 7.2.3 from before ver 7.2.2(like 6.6.x) and enable boot-start, unit file is created under...

by Builder in

After upgrading forwarder to 7.2.6 why is it not getting controlled by splunk user while restarting service?

after upgrading forwarder to 7.2.6 it's not getting controlled by Splunk user(specifically aligned to Splunk only (no...

by Explorer in

How can I create a historical search to see if a sourcetype didn't come in for certain hosts?

Hello all, I currently have a search that checks to see if a sourcetype is coming for specific hosts tagged with a...

by Path Finder in

How can I check whether the script has indeed run

A script is defined in the inputs.conf file [script:///opt/splunkforwarder/bin/scripts/top.sh] interval = 0 0 * * ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Getting List of the Universal forwarders

Integrity Check of Installed Files datetime.xml

Windows Defender ATP

json events not breaking properly

Splunk API output

Python script to upgrade forwarder

Capture data from scripted input

log file not parsing properly - multiple lines per event

How to get the SID (via rest api) for a single scheduled report previously created from the Web UI

How to parse nested Json so I can extract parent process information that lines up attributes together?

Sending logs to splunk using python script

can Splunk HF run multiple Python scripts and forward it to multiple indexer

json gets truncated

Combine 3 csv reports and send it in one Email

pull search terms from a single column csv file (for scheduled reports / dashboard)

A location where Splunk stores and searches for event data

Should I delete "/etc/init.d/splunk" when I update to 7.2.3 from before 7.2.2?

After upgrading forwarder to 7.2.6 why is it not getting controlled by splunk user while restarting service?

How can I create a historical search to see if a sourcetype didn't come in for certain hosts?

How can I check whether the script has indeed run

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Issue filtering events with regex and props.conf

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...