Getting Data In

Thread Info

Symantec Cloud Scripted Input

Evaluating Symantec EndPoint Protection Cloud product which has a technote for getting events into Splunk Enterprise ...

by Explorer in

how to ignore the first and last line in json file

Is there any way to ignore first and last line from my json files? { "hosts": { "sv-1000.local": [ { "Impact": "Th...

by Explorer in

parse csv content and header for fields

Hi @ All, i´ve got problems to parse the following file / content: "CreationTime","LastWriteTime","LastAccessTi...

by Path Finder in

Could someone help me find out whether i am getting data from universal forwarder to heavy forwarder?

Hello, Please could someone help me find out whether i am getting data from the universal forwarder to the heavy forw...

by Path Finder in

Data Ingestion into Phantom

How do i ingest data into Splunk Phantom ?

by Engager in

Help with props.conf for timestamp

Hello All , I have a json data format , which I am trying to import into splunk .I want to extract the timestamp f...

by Builder in

I've setup a forwarder on Windows. My receiver is enabled and running tcpdump shows connection. However, Splunk is not indexing data.

one of my team has installed the forwarder on a Windows client. running tcpdump on the backend of splunk enterprise s...

by Path Finder in

Log collection off network devices

Hey All, Just curious if anyone is collecting logs from off network endpoints (workstations) using a Splunk UF and ho...

by Builder in

SEDCMD not replacing comment lines during indexing

I'm monitoring hosts files on Windows machines, but I don't want the comment lines when I ingest the file. However, m...

by Explorer in

Splunk Universal Forwarder Upgrade

Hi , I am looking for some information on Splunk Universal forwarder upgrade. We have 3000 + forwarders that needs...

by Explorer in

Time Modifier "latest=@mon+20d" in REST API

Time modifier is not working with splunk rest API. Below is the query. curl -k -u 'xxxxxxxxx:xxxxxxxxx' https://ap...

by New Member in

Displaying which indexes/sourcetypes feed datamodels

Hi, is there an easy way to display which indexes (and/or) sourcetypes feed the data models that are configured? O...

by Motivator in

Set host for docker driver using HEC

I have my docker set up to send events via HEC, however id like to set the host as well since I have multiple service...

by Loves-to-Learn in

How to send Splunk events and alerts to SCOM 2012 without using a script?

I've reviewed every previous response to here and all are pretty old. The best two being: docs.splunk [dot] com/Do...

by New Member in

How can I use an epoch timestamp in my event messages over the internal, '_time' field for chart/timechart commands?

Expected Results I want to use a field that is present in my log message (field in the JSON response) to chart my dat...

by New Member in

VMware TA, SA-Hydra, and FIPS

Will the Splunk VMWare TA's run with Splunk running in FIPS mode?

by Explorer in

Powershell failed with exception=An item with the same key has already been added.

Hi, we are running several scheduled PS Scripts, somethimes data is missing and we found the following error in the s...

by Splunk Employee in

Best way to nullQueue DNS logs by source

Hey All, Was just curious if there was a more efficient way of dropping DNS events by the actual query source rath...

by Builder in

Multiple hosts with two interesting fields

Hi, I am trying to bring back two interesting fields from multiple hosts. My search looks like this. index=IIS (ho...

by New Member in

Windows eventid csv file for Splunk lookup?

Does anyone happen to have (or know where I can find) a csv file that contains the various Windows security eventids ...

by Splunk Employee in

User wants to retain data for 12 months

Following query diplays user logon events for the last 10 days. index=main sourcetype=WinEventLog (EventCode=4624 ...

by Explorer in

typing queue always full with indexer crash

Hi Once my indexer crashed with below error: kernel: splunkd[] general protection ip:xyz error:0 in splunkd[] A...

by Communicator in

How to monitor Microsoft CA logs on Server 2008 R2?

Has anyone been successful in monitoring Microsoft CA logs on Server 2008 R2? It looks as if they are being written t...

by Builder in

Why are we getting "Changing breaking behavior for event stream because MAX_EVENTS (256) was exceeded without a single event break"

Hi, We have started to experience line breaking issue for our csv source. As a result sometimes we have an attempt...

by Builder in

Header Coloring and coloring of cell using java script

Hi All, I am having table, whose cell coloring is done based on the condition . So i have a java script which brings ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Symantec Cloud Scripted Input

how to ignore the first and last line in json file

parse csv content and header for fields

Could someone help me find out whether i am getting data from universal forwarder to heavy forwarder?

Data Ingestion into Phantom

Help with props.conf for timestamp

I've setup a forwarder on Windows. My receiver is enabled and running tcpdump shows connection. However, Splunk is not indexing data.

Log collection off network devices

SEDCMD not replacing comment lines during indexing

Splunk Universal Forwarder Upgrade

Time Modifier "latest=@mon+20d" in REST API

Displaying which indexes/sourcetypes feed datamodels

Set host for docker driver using HEC

How to send Splunk events and alerts to SCOM 2012 without using a script?

How can I use an epoch timestamp in my event messages over the internal, '_time' field for chart/timechart commands?

VMware TA, SA-Hydra, and FIPS

Powershell failed with exception=An item with the same key has already been added.

Best way to nullQueue DNS logs by source

Multiple hosts with two interesting fields

Windows eventid csv file for Splunk lookup?

User wants to retain data for 12 months

typing queue always full with indexer crash

How to monitor Microsoft CA logs on Server 2008 R2?

Why are we getting "Changing breaking behavior for event stream because MAX_EVENTS (256) was exceeded without a single event break"

Header Coloring and coloring of cell using java script

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions