Getting Data In

Discussions

Thread Info

Sourcetype with incorrect /unknown field

Hello Team, I am new in Splunking , I need to understand few thing ,could anyone please answer the questions : ...

by Explorer in

How to get data from an external source machine

What would be a way to get data from an external machine which is not part of our environment .Correct me if I am wro...

by Builder in

Filtering data from lookup csv file based on time difference

I have a lookup csv file which has the following data. Day Messages 12/02/2020 1571 12/02/2020 302 12/02/2020 1 Wh...

by Path Finder in

Heavy Forwarders stopped receiving some logs

Hi, I have a new HF once accepted logs for about a week, then stopped receiving on almost all logs at a same time....

by Contributor in

HF upgrade from v6.6 to v 7.3.3

Hi All, I am planning to upgrade a heavy forwarder from v6.6.6 to v 7.3.3 What should be my approach to upgrade...

by Path Finder in

Logs not picking sourcetype from props.conf in apps/local folder on heavy forwarder

Hi, we want to parse the logs on HF before logs are forwarded to indexers. logs are forwarded from universal forward...

by Engager in

Multiple Indexes from single Firepower Management Center

Hi Currently we have up to 20 eStreamer client/event indexes configured, one per FMC. We are looking at moving...

by New Member in

¿How can I configure the UF to take the hostname of the server from another path and not from the default?

I have two manageable linux servers with universal forwarder, both have the same host name, when you check the "forwa...

by New Member in

Filtering out data (from a forwarder) on Indexer?

hi, i have several universal forwarders deployed, and im getting lots of events i want to filter out. I understand...

by Path Finder in

Is it possible to regex a sourcetype on a per file basis

One of our 3rd party apps has some pretty unfriendly logging. The app itself carries out somewhere between 20-30 jobs...

by New Member in

Installing the Java logging JAR

I want to write some Scala that writes out to the Splunk logging API, so I went here to get started. It links here to...

by New Member in

Heavy Forwarder not receiving logs

Hi, After migrated Splunk Enterprise to a new hardware, my HFs stop receiving logs over port 514/1514. It's verified ...

by Contributor in

match_type wildcard not working for automatic lookup

Please any help will be appreciated. We have a lookup test_pci_asset.csv with a field nt_host values of nt_host are ...

by Explorer in

Should we use heavy forwarders as an intermediate layer between the forwarders and the indexers?

We had this severe issue last week - What can be done when the parsing and aggregation queues are filled up? Since...

by Motivator in

Sending uncooked data from indexer level

Hi all, I am sending data from intermediate forwarder to indexer and during indexing, I would like to send raw "un...

by Path Finder in

How to log whole site content whilst excluding specific file extensions and file types

(I am an absolute novice at this, the answer maybe obvious but I am still learning the trade please bear with me) ...

by Explorer in

How to configure non domain account for WMI access

Hello Everyone, I have a service account that I need to configure to collect WMI data from domain controllers. Thi...

by Explorer in

Does Universal Forwarded supports Server Name Indication (SNI)?

Hi there folks, I would like to ask if Universal Forwarder can support Server Name Indication (SNI)? That is exten...

by New Member in

RHL version on all the UF

HI All , Could you please help me in getting the query to get red hat linux version on the all UF , i have checke...

by Explorer in

HTTP Event Collector and curl: How to pass the hostname variable in Chef? (BOUNTY!)

Hi, (Not Splunk questions per say...) I'm setting up the HTTP Event Collector, so that our chef recipes can log...

by Champion in

Heavy Forwarder Slow to Start Forwarding Syslog

Hello- My current setup: Device Syslog --> Syslog Server w/ Splunk HvyFwd --> Splunk Indexer When I restart my ...

by Communicator in

How to input data via "TA for Nutanix Prism" add-on?

As I read the guide from "TA for Nutanix Prism" on Splunk Base. There's some description of data input as below: "...

by New Member in

Why is SSL on Universal Forwarder failing with error "WARN SSLCommon - Received fatal SSL3 alert"?

Hi, I just followed the answer in the below post to configure SSL between my UF and the indexer: answers.splunk...

by Path Finder in

WinEvent whitelist not working

I'm trying to do whitelist on windows eventcode on my test environment before applying on production. after apply and...

by Loves-to-Learn Lots in

DB Connect not able to process results

I am able to test the connection in datalab using splunk db connect app. I am able to fetch results when I run the qu...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Sourcetype with incorrect /unknown field

How to get data from an external source machine

Filtering data from lookup csv file based on time difference

Heavy Forwarders stopped receiving some logs

HF upgrade from v6.6 to v 7.3.3

Logs not picking sourcetype from props.conf in apps/local folder on heavy forwarder

Multiple Indexes from single Firepower Management Center

¿How can I configure the UF to take the hostname of the server from another path and not from the default?

Filtering out data (from a forwarder) on Indexer?

Is it possible to regex a sourcetype on a per file basis

Installing the Java logging JAR

Heavy Forwarder not receiving logs

match_type wildcard not working for automatic lookup

Should we use heavy forwarders as an intermediate layer between the forwarders and the indexers?

Sending uncooked data from indexer level

How to log whole site content whilst excluding specific file extensions and file types

How to configure non domain account for WMI access

Does Universal Forwarded supports Server Name Indication (SNI)?

RHL version on all the UF

HTTP Event Collector and curl: How to pass the hostname variable in Chef? (BOUNTY!)

Heavy Forwarder Slow to Start Forwarding Syslog

How to input data via "TA for Nutanix Prism" add-on?

Why is SSL on Universal Forwarder failing with error "WARN SSLCommon - Received fatal SSL3 alert"?

WinEvent whitelist not working

DB Connect not able to process results

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!