Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Custom datetime.xml for x12 format

Trying to get datetime.xml configured to recognize a timestamp in x12 file format with no success... Here are the ...

by Path Finder in

Looking to find all group changes for a specific user

I'm relatively new to splunk, and am working to do some auditing of sensitive groups within our active directory. ...

by New Member in

Show results only when EventCodes occur in a specific sequence

I'm attempting to find events when EventCodes occur in 1, 3, 13, then 4689. (Detection of psexec via windows logs). H...

by Communicator in

Squid proxy & universal forwarder

Hello, I'm trying to send data from a directory on a server to Splunk Cloud using the universal forwarder. This tr...

by Communicator in

send to nullqueue events which have more than 100 lines

I have an XML file which has events made by many rows. I would like to send to null queue the events which have more ...

by Path Finder in

How to configure Splunk Monitor and KEPServerEX?

Hi all, I have beginning with Splunk. I want comunicate my asset (PLC Rockwell) with Splunk through of TCP prot...

by New Member in

snmp trap to CA spectrum

Hi, I have the following information captured in splunk rule=epm-rogue-mac-ep-epmacrogue subject=oper-state-...

by Communicator in

change data upon indexing Admin-0, Admin-1, Admin-2 --> Admin

Hi, I'm reading data from a JMeter test. One field is either named Admin or Admin-0, Admin-1 or Admin-2. The field...

by Path Finder in

Does useACK=true in inputs.conf [batch://] stanza ensure that the file will be indexed BEFORE being deleted?

I have an application which writes .json files into a directory. I would like to be able to monitor the directory and...

by Contributor in

Windows Blacklist Pattern Match Issue

I can't think of a better way to phrase my question without it being a sentence. The issue I'm having is my blacklist...

by Path Finder in

After moving Windows Event Logs to a non-default location, what edits to inputs.conf are needed for logs to be forwarded?

I'm using the Splunk Universal Forwarders on our Citrix XenApp servers to forward logs to Splunk Enterprise. Besides ...

by Engager in

how much performance affect filter events in indexer?

Hello, how much performance affect filter events in indexer?

by Path Finder in

Blob Storage as Cold Storage: Index Validation on Splunk service start

Hey All, Our Splunk environment is deployed in the Azure cloud as an "on-prem" installation and we are trying to u...

by Builder in

Syslog forwarding and rewrite of host

I am forwarding events from a group of servers to an Indexer by way of a Splunk light forwarder. I have forwarding tu...

by Path Finder in

How does Splunk handle end of file?

Good evening fellow Splunkthiasts, can anyone explain in detail, how Splunk breaks the events when it finds the end o...

by Path Finder in

Ping a list of IP address based on search results

Hi all, I have a search that run a query to a database and as a results i have several IP address. I would like to pi...

by Path Finder in

Filebeat to Splunk Http Event Collector?

All, Has anyone ever setup Filebeat to send data to Splunk's HEC? If so mind sharing your config? Thanks -Dan...

by Builder in

Why are we not receiving any logging with transforms.conf?

All, I have a 3 part TRANSFORMS.conf in my props.conf, when enable I receive no logging at all. How ever I am not...

by Builder in

Can I send Windows Event Forwarded events direct to Splunk?

I heard a rumour that there was a Splunk Add-On that allowed it to act as a 'Windows Event Collector' Server, and so ...

by Explorer in

Access splunk Rest API using OAuth?

Specially using https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07 How do use device authentication flow for...

by New Member in

Getting Data In

Discussions

Custom datetime.xml for x12 format

Looking to find all group changes for a specific user

Show results only when EventCodes occur in a specific sequence

Squid proxy & universal forwarder

send to nullqueue events which have more than 100 lines

How to configure Splunk Monitor and KEPServerEX?

snmp trap to CA spectrum

change data upon indexing Admin-0, Admin-1, Admin-2 --> Admin

Does useACK=true in inputs.conf [batch://] stanza ensure that the file will be indexed BEFORE being deleted?

Windows Blacklist Pattern Match Issue

After moving Windows Event Logs to a non-default location, what edits to inputs.conf are needed for logs to be forwarded?

how much performance affect filter events in indexer?

Blob Storage as Cold Storage: Index Validation on Splunk service start

Syslog forwarding and rewrite of host

How does Splunk handle end of file?

Ping a list of IP address based on search results

Filebeat to Splunk Http Event Collector?

Why are we not receiving any logging with transforms.conf?

Can I send Windows Event Forwarded events direct to Splunk?

Access splunk Rest API using OAuth?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Java error from within DBConnect

unique sourcetype appends a -2

Download dashboard in PNG using CLI

WMI input and whitelisting

Syslog forwarding/routing with Heavy Forwarder is ...

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >