Getting Data In

Thread Info

Splunk Server logs to 3rd party using an Indexer

We have installed Splunk in windows and we want to send windows logs from Search Head, LM and CM to 3rd party using a...

by Loves-to-Learn Everything in

Splunk Slowness

What are the reasons for the slowness observed in the Splunk Mission Control incident review dashboard?

by Path Finder in

Unique universal forwarder to multiple destinations

Hello, Is it possible to have only 1 Universal Forwarder installed on a Windows server and this UF sends data to 2 ...

by Explorer in

Loosing logs for a specific host in several hours.

Hi All. Using Splunk for collecting logs from different devices. But logs from on devices on the network , is not...

by Observer in

Why is my log file sometimes ignored?

Self-answered question follows. Perhaps it will help someone else in the same boat. I have a file called portal-se...

by Influencer in

Extract key=value into field

[cmd_data=list cm device recusive] splunk auto extracts just [cmd_data=list] End result - be able to filter on cm...

by New Member in

ESXi and vSphere logs

Hello all, I am reviewing the Splunk add-on for vCenter Log and the Splunk add-on for VMware ESXi logs guides and h...

by Path Finder in

UF not in CMC

Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwa...

by Path Finder in

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Hi Splunkers!!, We have recently configured SSO in Splunk using Keycloak, and it's working fine — users are able to...

by Motivator in

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

Hi, we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk (https://sp...

by Observer in

SourceTypes being changed by GUI

Hi All, Help please. Can I get people to agree with me that the following is a bug/design flaw - as my splunk cas...

by Path Finder in

Ingest-time lookup

Hello, has anyone worked with ingest-time lookup and familiar with it? https://docs.splunk.com/Documentation/Splunk...

by Path Finder in

Does props.conf support wildcards?

All, I found myself writing this props.conf today. Say I have this: [tomcat:src:server] EXTRACT-springapp_...

by Builder in

Can I send windows security logs using UF over HTTP to Logstash ?

Hello Experts , I am trying to send windows security logs to logstash(http) receiver . Below is what I have based ...

by Builder in

Splunk with CUCM

Hi Team,Greetings !! This is Srinivasa, Could you please provide Splunk with Unified Applications (CUCM) On-prem , ...

by Observer in

Delay during log ingestion from Azure

Hello, have a question regarding log ingestion from Azure. At the moment, im using REST API to onboard logs to the on...

by New Member in

OpenText NetIQ Logs onboarding via syslog

Hi All, Anyone who has worked with OpenText NetIQ Logs before? We are receiving the NetIQ logs via syslog, but th...

by Path Finder in

Target data from specific Active Directory OU's

Hi, I am trying to gather data from a specific organisation unit in Active Directory and ignore everything els...

by New Member in

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

I have a field with the system's IP in it and am trying to add additional fields during ingest. It works if the IP f...

by Explorer in

Why to use syslog or tcp output?

Hello Splunkers,I have a small question, what is the best practice (or for what reasons) should I use Syslog or TCP c...

by Contributor in

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the foll...

by Engager in

Microsoft-AzureADPasswordProtection-DCAgent

I ma trying to onboard the %SystemRoot%\System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx ...

by Loves-to-Learn Lots in

ingest_eval lookup not working

I have the following transforms.conf file: [pan_src_user]INGEST_EVAL=src_user_idx=json_extract(lookup("user_ip_mapp...

by Explorer in

Ingest time lookup to add fields does not work

I need to use federated search which does not support search time lookup at this time in splunk 8.2.2.1. I came acr...

by Explorer in

ingest_eval works on AIO instance but different results when applied at the HF tier

I have syslog events being written to a HF locally via syslog-ng - these events are then consumed via file reader and...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk Server logs to 3rd party using an Indexer

Splunk Slowness

Unique universal forwarder to multiple destinations

Loosing logs for a specific host in several hours.

Why is my log file sometimes ignored?

Extract key=value into field

ESXi and vSphere logs

UF not in CMC

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

SourceTypes being changed by GUI

Ingest-time lookup

Does props.conf support wildcards?

Can I send windows security logs using UF over HTTP to Logstash ?

Splunk with CUCM

Delay during log ingestion from Azure

OpenText NetIQ Logs onboarding via syslog

Target data from specific Active Directory OU's

Is there a way to have INGEST_EVAL process the multivalue field and return the same JSON value as the EVAL lookup?

Why to use syslog or tcp output?

Help configuring Inputs.conf to take non-default Windows Event Log from multiple domain controllers

Microsoft-AzureADPasswordProtection-DCAgent

ingest_eval lookup not working

Ingest time lookup to add fields does not work

ingest_eval works on AIO instance but different results when applied at the HF tier

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions