Getting Data In

Discussions

Thread Info

Splunk datetime issue - does this affect Universal Forwarders forwarding to Splunk Cloud?

We use Splunk Cloud and have 3 Heavy Forwarders (which I updated yesterday with the new datetime.xml). We also have a...

by Explorer in

Why is Splunk_TA_nix not using default sourcetypes for /var/log/messages?

All, I have a relatively default setup for Splunk_TA_nix on centOS 7 and /var/log/messages is coming in as source...

by Builder in

Timestamp recognition issue

Dear All, We are getting notification of from splunk on time stamp recognition issue from jan 1 2010 it will be ef...

by New Member in

Access email settings via API

Hello team, In order to change the email settings from GUI I can go to Settings > Server Settings > Email Settings an...

by Explorer in

Getting metadata such as host, source, and source type when sendCookedData is set to false ?

Actually I need all the event changes from Splunk forwarders(Universal and Heavy both) into a third party system, so ...

by New Member in

When ingest archive data,what should be took care?

When ingest archive data(e.g. bz2,zip,tgz),What should be took care? I think that it's need more cpu time to ingest a...

by New Member in

Tuning my linux_secure sourcetype

All, I am seeing parsing queue slow downs when large sets of linux_secure data comes in. After talking with suppo...

by Builder in

Disabling Transparent Huge Pages on Splunk docker release

I recently learned, using SplunkAdmins app that I should disable Transparent Huge Pages on my Splunk Enterprise host....

by Explorer in

Logging Scanners & Digital Senders

Hello All, I recently set up Splunk logging for all networked printers. I thought the process would be the same fo...

by Engager in

Timestamp format with leading hash sign, #Fri Aug 31 14:37:21 2012

Any suggestions on the format that I could use to extract this timestamp? #Fri Aug 31 14:37:21 2012 thanks, ...

by New Member in

Line breaking : problem with blank lines ?

Hi experts, I'm collecting logs wich look like this : 2019-12-18_09:51:42.982 [] [req-] INFO ParGideBS.getByCl...

by Explorer in

Index By host OR Sourcetype by host

Hello, I have 2 questions I am hoping someone can help me with. I am trying to figure out how to categorize data b...

by Engager in

How to call $SPLUNK_HOME or %SPLUNK_HOME% from a .bat file for Windows Scripted input?

I have a working scripted input using the first method below, however I'm wanting to get rid of the hard coding of SP...

by Motivator in

syslog-ng props and transforms conf for ingesting data

Hi! I'm trying to ingest metric data from a Virtual Machine Linux box, using syslog-ng and Splunk Universal Forwar...

by New Member in

Run universal forwarder in Docker as unprivileged account

I am trying to run the universal forwarder in OpenShift which by default doesn't allow containers to run with a privi...

by Engager in

How find index-time field extractions.

Hello all, Our environment has some custom index-time field extractions we find to be very useful (yes, I know Spl...

by Communicator in

Problem with my search (activity log on of 3 users , Active directory)

Hello everybody, (Sorry for my english) splunk version 7.0.0 I have two problems on my search I am searching the a...

by Engager in

How do I copy forwarder inputs from one indexer to another indexer?

I'm working on load balancing the universal forwarder and want to make sure the additional indexer that will now rece...

by Explorer in

Hostname macro in inputs.conf

Hi, I have a Linux based application server that exists in two copies on xhostA and xhostB. I am getting their syslog...

by Contributor in

how to configure splunk forwarder to monitor a file whose name changes on daily basis

Hi All, I am trying to monitor a logfile which is generated in a path every day at 23:55 from a python script. My ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk datetime issue - does this affect Universal Forwarders forwarding to Splunk Cloud?

Why is Splunk_TA_nix not using default sourcetypes for /var/log/messages?

Timestamp recognition issue

Access email settings via API

Getting metadata such as host, source, and source type when sendCookedData is set to false ?

When ingest archive data,what should be took care?

Tuning my linux_secure sourcetype

Disabling Transparent Huge Pages on Splunk docker release

Logging Scanners & Digital Senders

Timestamp format with leading hash sign, #Fri Aug 31 14:37:21 2012

Line breaking : problem with blank lines ?

Index By host OR Sourcetype by host

How to call $SPLUNK_HOME or %SPLUNK_HOME% from a .bat file for Windows Scripted input?

syslog-ng props and transforms conf for ingesting data

Run universal forwarder in Docker as unprivileged account

How find index-time field extractions.

Problem with my search (activity log on of 3 users , Active directory)

How do I copy forwarder inputs from one indexer to another indexer?

Hostname macro in inputs.conf

how to configure splunk forwarder to monitor a file whose name changes on daily basis

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

AWX and HEC not working

source/host/sourcetype fields dropped through HEC

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...