Getting Data In

Community Activity

Aruba Edgeconnect - Logging COnfiguration Hello, There is an app for Aruba Edgeconnect - https://splunkbase.splunk.com/app/6302 Is there any documentation on h... by raptraj2 Loves-to-Learn Lots in Getting Data In 11-15-2024 0 1	0	1
SplunForwarder Windows strange CPU usage grow on some servers Hello,I am facing strange issue with a Splunk Forwarder where on some servers of the same role is CPU usage 0-3% and ... by Peter95 New Member in Getting Data In 11-15-2024 0 1	0	1
SQL audit log not working when using event_time as indexing Hi,I am using the Db connect 3.18.1 to collect sql audit logs FROM sys.fn_get_audit_file function. When I use event_... by fl66 Observer in Getting Data In 11-15-2024 0 3	0	3
Sourcetype restricted access Hi all,We have specific AD group for specific application and we create index for that app and restrict access to tha... by splunklearner Communicator in Getting Data In 11-15-2024 0 5	0	5
Best practice to restrict access to view events by sourcetype? Is there a best practice to restrict access to events in Splunk by index and sourcetype? I have tested using the ... by myandow Path Finder in Getting Data In 11-14-2024 0 4	0	4
Props and Transforms doubt I am pretty new to Splunk and my project is also new. Can someone please explain the configurations given in our clus... by splunklearner Communicator in Getting Data In 11-14-2024 0 2	0	2
How to stop powershell running when the UF is restarted? Has anyone figured out how to run powershell only at scheduled time? In addition to scheduled time, it is running eve... by cpaulraj New Member in Getting Data In 11-14-2024 0 3	0	3
Powershell script input on a schedule Not sure if this is a bug or just weird behaviour, I don't seem to be able to work around it. I have loads of powers... by gavsdavs_GR Path Finder in Getting Data In 11-14-2024 1 8	1	8
What is the disadvantage of having a lot of small buckets and rotating them frequently? So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instea... by ltrand Contributor in Getting Data In 11-13-2024 0 11	0	11
Drop Windows Event Logs with EventID 5156 and not RFC 1918 HI All, So i wrote this in attempt to reject all RFC1918 TO RFC1918 logs for windows event logs with WID 5156. ba... by rtalcik Path Finder in Getting Data In 11-13-2024 0 4	0	4
Solution : index renaming not working when using _TCP_ROUTING Hello, if you are using _TCP_ROUTING and index rename on target platform, logs may go to "last chance index" by splunkreal Motivator in Getting Data In 11-13-2024 0 1	0	1
WEF - Universal Forwarder multiple Windows TA's / performance issues Hi, We currently have a centralized WEF collection server that collects all windows logs across the environment.This ... by ljo4497 Explorer in Getting Data In 11-12-2024 0 6	0	6
Configuring Splunk OTel Collector for Linux/Windows Log Collection (Splunk Cloud/Enterprise) As you may know, the Splunk OTel Collector can collect logs from Kubernetes and send them into Splunk Cloud/Enterpris... by jthurston Splunk Employee in Getting Data In 11-12-2024 0 0	0	0
TA for HP Storage Hei,We have onboarded data from HP Storage and I am not sure if there is any TA for this technology or how to extrac... by MadalinaT Engager in Getting Data In 11-12-2024 0 1	0	1
interval as a data input parameter I want my customer to be able to set the "interval" and control how frequent the module runs.I started with this:defa... by shai Explorer in Getting Data In 11-12-2024 0 4	0	4
Troubleshooting Slow Search Performance in Splunk with Large Datasets How can I troubleshoot slow search performance in Splunk when searching across large datasets?" by sajjadali1122 New Member in Getting Data In 11-11-2024 0 1	0	1
How can I find a listing of all universal forwarders that I have in my Splunk environment? Hello , Can you help me out How can I find a listing of all universal forwarders that I have in my Splunk environment... by Paramy Loves-to-Learn Lots in Getting Data In 11-11-2024 0 2	0	2
Upload failed with ERROR: Read Timeout I tried to upload a zip file. It showed "Upload failed ERROR: Read Timeout." I am using Windows. The file size is 191... by helpmesplunk Observer in Getting Data In 11-11-2024 0 0	0	0
Windows event log XML not parsing with KV_MODE = xml I have made the following change to a forwarder to send JUST applocker data as XML: [WinEventLog://Microsoft-Windows... by jpolcari Communicator in Getting Data In 11-09-2024 1 4	1	4
Timestamp fixing Hello Splunkers!!I want to extract the _time and match it to the events fields' timestamp while ingesting to Splunk. ... by uagraw01 Motivator in Getting Data In 11-09-2024 0 13	0	13
Syslog server configuration load balancer Hi, I am new to Splunk admin. We have a syslog server in our environment to collect logs from our network device. Our... by Karthikeya Communicator in Getting Data In 11-09-2024 0 5	0	5
Splunk HEC closes connection instead of re-using it Our apps send data to the Splunk HEC via HTTP POSTS. The apps are configured to use a connection pool, but after send... by onlineops Explorer in Getting Data In 11-08-2024 0 5	0	5
Syslog -- UF -- Indexer Hi all,We want to configure F5 WAF logs to Splunk. WAF team sending logs to our syslog server. In our syslog server U... by splunklearner Communicator in Getting Data In 11-08-2024 0 12	0	12
Sysmon events not getting indexed Hi,I am deploying sysmon all acrros our company but for some reason the sysmon events are not getting indexedOur depl... by corti77 Contributor in Getting Data In 11-08-2024 1 12	1	12
Why did ingestion slow way down after I added thousands of new forwarders and/or sources and sourcetypes? My Splunk environment was humming right along until I had a need to very quickly add several thousand new FWDs and a ... by davidpaper Contributor in Getting Data In 11-07-2024 3 3	3	3