Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can a Heavy Forwarder both be a receiver and a forwarder?

We currently use nxlog on our Windows domain controllers to forward logs one destination. With nxlog I can forwar...

by Motivator in

How to edit inputs.conf to prevent WinNetMon from using up all my license?

I enabled WinNetMon and need to throttle it back. Here is my inputs.conf: ###### Network monitoring ###### [WinNet...

by Builder in

What is the difference between splunk forwarder and syslog diversion to index?

Hi , I would like to know the difference between Splunk forwarder and syslog diversion to indexer . I use Linux...

by New Member in

Why am I unable to receive logs after a new index is configured in my environment?

A new index is configured in our environment and all required settings are being made. But we are still not receiving...

by New Member in

Props/transforms issue with host extraction and Line breaking

Transforms.conf [forcehostfortestdata] DESTKEY = MetaData:Host REGEX = server:([^\]+) FORMAT = host::$1 [forceh...

by Path Finder in

Configure SYSLog on a Windows Server

Hello, my question might be dumb but it is worth to ask, On a Windows Servers, how do i configure to send the aut...

by Explorer in

How to pass Auth Key in Threat Intelligence Download URL?

I created a 'Threat Intelligence Download' mod input and I am needing to pass Auth Key as I was getting an error as "...

by Communicator in

Why a specific sourcetype is not forwarding on a server while everything else is?

Permissions are there for the log file and no errors in the splunkd.log. Everything seems to be working fine and ever...

by New Member in

How to send data from Splunk to "TheHive"(ticketing tool)?

Hello Everyone, I am working to integrate "TheHive" i.e. ticketing tool like Demisto with Splunk. I searched in S...

by Path Finder in

The Common Information Model, Syslog logs, and unsure where to go from here.

Hey splunk>answers, As the title suggests I'm not sure what or how I should go about any of this. The long story s...

by New Member in

SEDCMD not executing

I am trying to clean up some log data at index time using SEDCMD. I have a custom sourcetype (cloudfront_htt...

by Path Finder in

How to use Splunk to check a directory to see if it exceeds 200 files to send an alert?

Using Windows version of Splunk to check a directory and if it exceeds 200 files, send an alert. Thank you for you...

by New Member in

How do we assign each JSON document to a distinct event?

We have a case in which multiple json documents are being clamped together into one Splunk event. How do we untangle ...

by Ultra Champion in

Monitoring large amounts of SCADA type data and producing reports

Hi, I'd like to use Splunk to be able to monitor a large amount of SCADA type data e.g. a sensor which updates ...

by Explorer in

Refresh Transform

Hi I am trying to define a new transform.conf in SPLUNK 7 so that a lookup can take a wild character. The ini...

by Motivator in

Why does search via REST API only outputs internal debug data?

Hi, we have a Splunk 5 system running. When we try to do a search via the REST API, we get debug output information b...

by Contributor in

File Monitor: Avoid indexing files during the copy process

Hello, I have a problem with the file monitor. I guess it's not the right way using it, but I don't know any other...

by Path Finder in

Why is the event line breaking not working properly for JSON format?

I tried a few solutions but none worked for me so far: answer-614348 I have an application that writes in some ...

by Engager in

What happens when indexer encounters an event with timestamp older than configured retention period

I had this particular scenario where I was not able to assert Splunk indexer behavior. Retention period for a index i...

by Path Finder in

Can we send an HTTP request to a tcp port?

We opened a tcp connections and the client is sending an HTTP request. Is it "legal"? We see within Splunk - ...

by Ultra Champion in

Getting Data In

Discussions

Can a Heavy Forwarder both be a receiver and a forwarder?

How to edit inputs.conf to prevent WinNetMon from using up all my license?

What is the difference between splunk forwarder and syslog diversion to index?

Why am I unable to receive logs after a new index is configured in my environment?

Props/transforms issue with host extraction and Line breaking

Configure SYSLog on a Windows Server

How to pass Auth Key in Threat Intelligence Download URL?

Why a specific sourcetype is not forwarding on a server while everything else is?

How to send data from Splunk to "TheHive"(ticketing tool)?

The Common Information Model, Syslog logs, and unsure where to go from here.

SEDCMD not executing

How to use Splunk to check a directory to see if it exceeds 200 files to send an alert?

How do we assign each JSON document to a distinct event?

Monitoring large amounts of SCADA type data and producing reports

Refresh Transform

Why does search via REST API only outputs internal debug data?

File Monitor: Avoid indexing files during the copy process

Why is the event line breaking not working properly for JSON format?

What happens when indexer encounters an event with timestamp older than configured retention period

Can we send an HTTP request to a tcp port?

TA MS defender not working

DB Connect App template

DB query to fetch logs from McAfee ePO 5.10

Suggest best way to onboard Default Reports availa...

Splunk HF monitoring a file