Getting Data In

Thread Info

Prefential Load Balancing from Universal Forwarders to HF/EPs

We are looking to deploy Edge Processors (EP) in a high availability configuration - with 2 EP systems per site and m...

by Engager in

Splunk for Cisco Identity Services (ISE) and IPv6

Does Splunk for Cisco Identity Services (ISE) support data containing IPv6 addresses?

by New Member in

How to update outputs.conf on univeral forwarders from Deployment Server

I would like to update my universal forwarders to send data to 2 separate endpoints for 2 separate splunk environment...

by Explorer in

sc4s failed unauthorized access

Hi Everyone, I am not Splunk engineer but I have task to do. sc4s.service is failed. Can't get the logs. It was wor...

by Loves-to-Learn Lots in

Extract parent folder and sub folder path from windows and nix format

Need some assistance with creating a query where I am trying to capture the parent folder and the 1st child folder re...

by Path Finder in

Time extraction using props.conf

We have some events coming in to Splunk that show as following: time="09/10/2024 11:41:15" URL="[Redacted Stri...

by New Member in

Parsing TSV with variable header names

Hi, I've an eventhub that receives data from multiple application, with different number and values of columns. Th...

by Explorer in

SNMPv2 WMI Input Error Splunk 8.2.5/Windows 2019

Hello! Wanted to ask if anyone has experience with receiving SNMPv2 trap alerts in Splunk 8.2.5 (Win 2019)? Backgro...

by Observer in

disable learned sourcetype

I am using Splunk universal forwarder 8.1.1 on a linux server configured as a log aggregator. I have 7 well defined ...

by New Member in

Capturing Metrics over TCP using JSON

Hi, We are trying to get metrics into Splunk using TCP, so far we have tried the following: inputs.conf ...

by New Member in

Splunk Connect 4 Syslog (SC4S) with HEC in a Clustered Environment

Hello, I'm figuring out the best way to address the above situation. We do have a huge multisite cluster with 10 in...

by Communicator in

How to properly split fields from syslog events that were split to different sourcetypes?

This is a followup question to the solution on this thread: https://community.splunk.com/t5/Getting-Data-In/create-...

by Explorer in

create multiple sourcetypes from single syslog source

Hi I'm looking to create events for syslog data from a wireless controller - and the syslog data also contains data f...

by Builder in

Cisco Security Cloud

Hi guys, Is there any documentation available out there to setup the Cisco Security Cloud app? Specific requireme...

by Explorer in

Time based retention time, without a thawed path

I'm trying to configure the indexes.conf in such a way that its data retention is exactly 180 days and then does NOT ...

by Communicator in

Why does my Splunk universal forwarder crashe : Crashing thread: parsing

I have splunk universal forwarder version-6.5.2 after few days it crashes and gives error as- Received fatal signa...

by Builder in

UNC Path to Network Print Server

Trying to monitor a separate print server folder outside where Splunk is hosted with print logs that has a UNC path. ...

by Path Finder in

ingest json logs - no extractions

First time ingesting JSON logs, so need assistance on figuring out why my JSON log ingestion is not auto extracting.E...

by Explorer in

Enable MySQL Community 8.0.37 audit logging in a Windows environment

Our MySQL server was upgraded from 5.7 to 8.0.37, and the MariaDB plugin no longer supports exporting audit log files...

by Explorer in

Splunk UF Windows Security Event logs just seem to randomly stop sending

Experiencing an issue on a few random servers, some Domain Controllers and some Member Servers. Windows Security Even...

by Path Finder in

SSL module is not available?

Hi, When trying to call some rest API's in a custom script using the request package, if the URL is https Splunk t...

by Engager in

How to reindex data from a forwarder

I have a Storm project and I want to clean all and reindex only the last days, and some specific files. I have Splunk...

by Communicator in

Parsing Multi Line Timestamp

I have to parse the timestamp of JSON logs and I would like to include subsecond precision. My JSON-Events start like...

by Path Finder in

How do I integrate Zabbix with Splunk?

I need to integrate zabbix v. 3.4 and Splunk v. 7.2.6 somehow, with Splunk receiving data from Zabbix, I have each on...

by Explorer in

FIPS mode Support for Splunk Add-on for Salesforce on IDM

Could the Splunk Add-on for Salesforce team clarify whether FIPS mode is supported? Per https://docs.splunk.com/Doc...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Prefential Load Balancing from Universal Forwarders to HF/EPs

Splunk for Cisco Identity Services (ISE) and IPv6

How to update outputs.conf on univeral forwarders from Deployment Server

sc4s failed unauthorized access

Extract parent folder and sub folder path from windows and nix format

Time extraction using props.conf

Parsing TSV with variable header names

SNMPv2 WMI Input Error Splunk 8.2.5/Windows 2019

disable learned sourcetype

Capturing Metrics over TCP using JSON

Splunk Connect 4 Syslog (SC4S) with HEC in a Clustered Environment

How to properly split fields from syslog events that were split to different sourcetypes?

create multiple sourcetypes from single syslog source

Cisco Security Cloud

Time based retention time, without a thawed path

Why does my Splunk universal forwarder crashe : Crashing thread: parsing

UNC Path to Network Print Server

ingest json logs - no extractions

Enable MySQL Community 8.0.37 audit logging in a Windows environment

Splunk UF Windows Security Event logs just seem to randomly stop sending

SSL module is not available?

How to reindex data from a forwarder

Parsing Multi Line Timestamp

How do I integrate Zabbix with Splunk?

FIPS mode Support for Splunk Add-on for Salesforce on IDM

Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and ...

It's Customer Success Time at .conf25

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions