Getting Data In

Discussions

Thread Info

Receiving error after restarting docker-splunk, proceeds to add forward-server

Hi, I am setting up a Splunk universal forwarder by pulling the universalforwarder docker image from docker-hub an...

by New Member in

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

I am trying to limit the input of iis logs to only 4xx and 5xx vaqlues in the sc_status field. In the etc\system\loca...

by New Member in

What are the best practices for assigning time zones in my Splunk platform deployment?

When setting up my Splunk deployment, I was asked about what timezone I want the servers to have. I just assumed I sh...

by Splunk Employee in

Session Duration in minutes

I have a search that returns the "Avg Session Duration" by USER_ID. The results are coming back in minutes as long as...

by Communicator in

Why does Splunk "Show Source" not match IIS log file?

Hi, At my company, we have noticed that for some records (1-2%), the data we see in Splunk does not match the data...

by Explorer in

UF is not sending few logs

Hi All, I have UF installed in my windows machine and its has IIS logs and App logs. In last few days, my forwarde...

by New Member in

JSON line breaking

I am trying to break one big json event into several events, eventually 1080, but in the example below there would be...

by Engager in

How to send data via UDP port to 2 indexers?

Hi Experts, I have a concern. I am aware that I can get data from UDP port and send it to an indexer. I have a con...

by Builder in

Does Splunk ingest files that existed before the remote folder monitor was created?

I have a client server with a universal forwarder configured to forward data to an index server. On the client server...

by Path Finder in

Will Splunk ingest the same data if it is sent to two different indexes?

I currently see the wineventlog:security as a source under my wineventlog index for the Splunk_TA_Windows app and al...

by New Member in

Why are events indexing with the wrong time stamp

Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days ...

by New Member in

Cisco IOS and TA not showing data in dashboards

I have a distributed environment: Splunk Enterprise 7.2.4 All infrastructure is RHEL 7.x Search head cluster (5 searc...

by Path Finder in

Not receiving all files present in the directory?

I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\ Below is my in...

by Path Finder in

HEC Posting Data Issue

Hi All, I am trying to post some data to splunk via QT's Network Module. Currently, I have the HEC setup to where ...

by New Member in

pushing data to new csv

I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitori...

by Explorer in

Importing Data From One index to my Splunk Enterprise

Hi guys, I am trying to import data from an index provided by the instructor of a Splunk training course. Follo...

by New Member in

Sending logs using Splunk HEC

Hello, We have a requirement to send the logs from one of our IoT devices in to the Splunk. As it doesnt have sysl...

by Path Finder in

timezone setting based on forwarder naming convention?

I'm sure Splunk'rs have ran across this already, so here's my issue. We have server naming conventions with "D" fo...

by Communicator in

Given log data, can I calculate accuracy and output it in a dashboard?

Hello, My events look like this: 2019-10-10T17:51:40+00:00 action="updateDate->saveDatesFromDataMining", 0={"urlu...

by Path Finder in

splunk fundamentals 1 learning module 5 lab not counting time spent or working - what do I do now?

Currently my Module 5 lab is launching, but not recording the time spent or checking off that I have completed the la...

by New Member in

how to remove multiple logs into single event

[tomcat] EXTRACT = \/u01\/logs-(?\w+)\/.* in source Adding the below to BREAK EVENTS only at timestamp and TRUNCAT...

by New Member in

Do we need to install same Splunk Apps in all Indexer Cluster servers?

Hi We are planning to have indexer cluster environment. For testing, we currently have single indexer which ha...

by Explorer in

Where does the mapping of Account Name to src happen for the WinEventLog data?

I'm not clear where and when the src field gets its value for the WinEventLog data.

by Motivator in

How to configure the universal forwarder to Heavy forwarder then to an Indexer?

Hi, Can someone help what are the step I need to do if I have below flow : Universal Forwarder ------- Heavy fo...

by Path Finder in

Timestamp matching outside of the acceptable window

getting below error after upgrade to latest splunk version: 10-11-2019 08:02:49.775 +0000 WARN DateParserVerbose - Th...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Receiving error after restarting docker-splunk, proceeds to add forward-server

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

What are the best practices for assigning time zones in my Splunk platform deployment?

Session Duration in minutes

Why does Splunk "Show Source" not match IIS log file?

UF is not sending few logs

JSON line breaking

How to send data via UDP port to 2 indexers?

Does Splunk ingest files that existed before the remote folder monitor was created?

Will Splunk ingest the same data if it is sent to two different indexes?

Why are events indexing with the wrong time stamp

Cisco IOS and TA not showing data in dashboards

Not receiving all files present in the directory?

HEC Posting Data Issue

pushing data to new csv

Importing Data From One index to my Splunk Enterprise

Sending logs using Splunk HEC

timezone setting based on forwarder naming convention?

Given log data, can I calculate accuracy and output it in a dashboard?

splunk fundamentals 1 learning module 5 lab not counting time spent or working - what do I do now?

how to remove multiple logs into single event

Do we need to install same Splunk Apps in all Indexer Cluster servers?

Where does the mapping of Account Name to src happen for the WinEventLog data?

How to configure the universal forwarder to Heavy forwarder then to an Indexer?

Timestamp matching outside of the acceptable window

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout