Getting Data In

Thread Info

Routing Sourcetype

We are collecting the sourtype of the data we are currently receiving by changing it as follows. [A_syslog]TRANSFOR...

by Explorer in

HEC configuration for AWS logs

We have a architecture of 3 site multi cluster which contains 6 indexers (2 in each site), 3 search heads (one in eac...

by Communicator in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Splunk DB Connect Addon

Dear Splunk Community, I need some advice on how to get DB Connect configured. I'm hitting a brick wall trying to g...

by New Member in

"Akamai Security Incident Event Manager API" not found

Upon installing the Akamai SIEM I am not seeing the data input option for "Akamai Security Incident Event Manager AP...

by Explorer in

Critical Bucket size and range

Hi There, I have noticed that the cloud monitoring console is reporting a critical bucket. I only have one and have...

by Communicator in

change timestamp for extra data

We are collecting various data from security equipment.The data is being stored in index=sec_A and received as sourty...

by Explorer in

Good example of a working custom REST endpoint (but not an admin:* one)

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note...

by SplunkTrust in

Netskope onboarding

Hi, I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Spl...

by Explorer in

cloudwatch logs tagging

Expert advice needed. I was able to ingest cloudwatch logs for ecs and lambda with data manager Now i need to add...

by Loves-to-Learn in

pull Azure event hub logs to Splunk

How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh...

by Communicator in

Why doesn't my Ingest Action work?

I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi...

by Explorer in

How do I set up a KV Store lookup?

I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku...

by Motivator in

Splunk and Cisco Firepower Audit Logs

Hello folks, My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've be...

by Explorer in

Splunkforwarder Startup Error in Docker containers

Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUN...

by Explorer in

Turning off chunked encoding in Universal Forwarder

Hi, We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is ...

by Explorer in

Creating service account in splunk to re-assign the orphaned knowledge object

Hi, I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I...

by Communicator in

AWS logging to our Splunk

AWS logs to Splunk We need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk ins...

by Communicator in

Regex for multiline events where skipping lines is required.

I have multiline events where it is required to capture the error messages. The events are separated by "FAILED". ...

by Communicator in

Splunk Data Retention

we got a requirement to on-board new platform logs to Splunk. They will have 1.8 TB/day data to be ingested. As of no...

by Communicator in

Splunk data retention

I was newly aligned into a project and didn't have proper KT from the left ones. I have queries regarding my current ...

by Communicator in

Integration document for Cisco Cyber Vision with Splunk

I am looking for a document to integrate Cisco cyber vision integration with Splunk.

by Splunk Employee in

Change index based on source and index from different environments

Hello, we have Windows servers from two environments, we want WinEventLog source (Windows Events logs) to go in "wi...

by Motivator in

Can I bring the logs to see if a user on Azure has MFA enabled?

HI everyone, I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azu...

by Explorer in

Splunk UF version 9.4.1 install issue

OS Version: Server 2019 I'm trying to install Splunk UF in my test lab. Using the GUI install, I put all the necess...

by Observer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Routing Sourcetype

HEC configuration for AWS logs

Ask Questions, Get Help about Data Manager for Splunk Cloud

Splunk DB Connect Addon

"Akamai Security Incident Event Manager API" not found

Critical Bucket size and range

change timestamp for extra data

Good example of a working custom REST endpoint (but not an admin:* one)

Netskope onboarding

cloudwatch logs tagging

pull Azure event hub logs to Splunk

Why doesn't my Ingest Action work?

How do I set up a KV Store lookup?

Splunk and Cisco Firepower Audit Logs

Splunkforwarder Startup Error in Docker containers

Turning off chunked encoding in Universal Forwarder

Creating service account in splunk to re-assign the orphaned knowledge object

AWS logging to our Splunk

Regex for multiline events where skipping lines is required.

Splunk Data Retention

Splunk data retention

Integration document for Cisco Cyber Vision with Splunk

Change index based on source and index from different environments

Can I bring the logs to see if a user on Azure has MFA enabled?

Splunk UF version 9.4.1 install issue

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

Getting Data In

Are you a member of the Splunk Community?

Discussions