Getting Data In

Discussions

Thread Info

Problem with timestamp extraction and props.conf

I have the following props which works fine in the "Add Data" GUI and a test file of logs: EVENT_BREAKER = ([\r...

by Explorer in

Just in time admin access

Does Splunk on Prem or cloud have a solution that allows users to be an Analyst when doing that role and sign in or e...

by New Member in

Splunk not ingesting all logs with xml ... Only ingesting 1 out of every 3

Hi, I am dealing with an issue where I am ingesting some logs that contains a few regular line then followed by xml d...

by Path Finder in

Moving indexers from centos to redhat8

Hi Folks, currently we have 4 physical indexers running on CentOS but since CentOS is EOL , plan it to migrate ...

by Path Finder in

How to send OpenCTI data to Splunk

Hi there, i got issue when setting connector Splunk in OpenCTI When i check logs, it says terminated i fol...

by Contributor in

How to filter specific logs and send it as syslog to a third-party host

Hi all, I want to send logs (which are part from our sourcetype [kube_audit]) from my HeavyForwarder to a third-par...

by Engager in

Splunk HTTP Event Collector support for custom metadata(tags) fields/routing fields.

Splunk version 9.0.8/9.1.3/9.2.x and above has added capability to process key value pairs that will be added at inde...

by Splunk Employee in

UF in AIX stops after some time.

Hi, a few days ago, I installed the UF in an AIX server but it had some details, such as the service running, but the...

by Explorer in

Logs truncated in Splunk despite line being under the 10000 bytes threshold

Hi community,I have observed an issue with the ingestion of the first line in a log file that, at first glance, seeme...

by Path Finder in

Why are Splunk some logs missing from kiwi syslog?

Hello everyone I am running into an issue that may be either Splunk or my Kiwi Syslog server, and I am not really sur...

by Engager in

How to get a list of all hosts installed with Universal Forwarder

I have a bunch of agents(hosts) in Appdynamics, I wanted to figure out that the Universal Forwarder is installed or n...

by New Member in

How could I specifit someday for splunk oneshot to Splunk Indexer?

Hi guys, I have a set of data in the following format: This is a manually exported list, and my requiremen...

by Explorer in

Splunk - How to convert Logs to Metrics (SQL Add on)?

Hi, I am trying to get SQL Performance monitoring logs into our environment for one of our ITSI use cases The ...

by Engager in

Does Splunk Windows installer generates any logs during the install process?

Splunk Windows installer, the msi package, is used to install new Splunk instances or upgrade/update existing Splunk ...

by Splunk Employee in

Is there any timezone conversion function in splunk to convert timezone in search string?

by New Member in

504 Gateway Time-out

We are hosting Splunk enterprise on AWS EC2 instances, the flow goes as follows: ALB>Apache Reverse proxies>ALB>SHC...

by Observer in

Issue with accepting splunk_hec as exporter for OpenTelemetry Collector

Hello. I'm trying to transfer metric collected from Prometheus to my cloud instance. According to https://docs.s...

by Path Finder in

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded

Splunk has warning log: WARN AggregatorMiningProcessor [10530 merging] - Breaking event because limit of 256 has be...

by Engager in

dealing with UF user change (linux)

I haven't upgraded UF in a while, and I'm having some trouble figuring out how I should proceed with bringing it up t...

by Path Finder in

Filter Logs

I have XML input logs in Splunk. I have already extracted the required fields, totaling 10 fields. I need to ensu...

by Explorer in

How to connect Apigee Edge to Splunk

Need help configuring a secure connection between Google Apigee Edge and Splunk. What parameters need to be set on t...

by Splunk Employee in

Syslog forwarding

I have an appliance that can only forward syslog via UDP. Is there a way for me to forward the udp syslog to a machin...

by New Member in

How to find which Data Source an event is originating from

Hello, I'm having a hard time trying to find what data source events from a search are originating from, the Search...

by Path Finder in

Why UTC events suddenly started displaying as PST instead of Eastern Time?

Hi, We have data from Change Auditor coming via HEC setup on a Heavy Forwarder. This HF instance was upgraded to Ve...

by Builder in

Dual Forwarding | INGEST_EVAL for new index names.

I'm working on an environment with a mature clustered Splunk instance. The client wishes to start dual-forwarding to ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Problem with timestamp extraction and props.conf

Just in time admin access

Splunk not ingesting all logs with xml ... Only ingesting 1 out of every 3

Moving indexers from centos to redhat8

How to send OpenCTI data to Splunk

How to filter specific logs and send it as syslog to a third-party host

Splunk HTTP Event Collector support for custom metadata(tags) fields/routing fields.

UF in AIX stops after some time.

Logs truncated in Splunk despite line being under the 10000 bytes threshold

Why are Splunk some logs missing from kiwi syslog?

How to get a list of all hosts installed with Universal Forwarder

How could I specifit someday for splunk oneshot to Splunk Indexer?

Splunk - How to convert Logs to Metrics (SQL Add on)?

Does Splunk Windows installer generates any logs during the install process?

Is there any timezone conversion function in splunk to convert timezone in search string?

504 Gateway Time-out

Issue with accepting splunk_hec as exporter for OpenTelemetry Collector

AggregatorMiningProcessor - Breaking event because limit of 256 has been exceeded

dealing with UF user change (linux)

Filter Logs

How to connect Apigee Edge to Splunk

Syslog forwarding

How to find which Data Source an event is originating from

Why UTC events suddenly started displaying as PST instead of Eastern Time?

Dual Forwarding | INGEST_EVAL for new index names.

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?

Discussions