Getting Data In

Discussions

Thread Info

Can I send Windows Event Forwarded events direct to Splunk?

I heard a rumour that there was a Splunk Add-On that allowed it to act as a 'Windows Event Collector' Server, and so ...

by Explorer in

Access splunk Rest API using OAuth?

Specially using https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07 How do use device authentication flow for...

by New Member in

Splunk Forwarder 6.1.4 - no site defined in server.conf, Could not bind to Port 8090

Hello, Please move if in wrong forum, I have seen many responses to these questions, but looking for others that h...

by Explorer in

Filter data on indexer or heavy forwarder?

Hello, actually we don't have heavy forwarder instance. Is it possible filter events in indexer when recieve data ...

by Path Finder in

How SPLUNK can index external application's REST API which is having token based Authentication

Hi All, We are able to successfully index REST API in SPLUNK by both ADD ON Builder and Rest Modular Input(REST_TA...

by New Member in

install splunk by local user to monitor remote server logs windows os

I have data stored on one windows os server now I want to install splunk heavy forwarder on another windows server by...

by Builder in

how to solve Time difference issue?

Hi Guys, I'm getting the time difference of events in splunk SH. I've also tried to put TZ = UTC in props.conf of an...

by Explorer in

Filtering data before indexing with script

Hi all, I have a very longs logs that I would like to filter before indexing/ I have some patterns that interesting m...

by New Member in

Where to define sourcetypes with Splunk Cloud?

I'm having issues ingesting data correctly as custom sourcetype defined in Splunk Cloud are completely ignored when s...

by Path Finder in

How to upload a .csv file onto a Splunk remote server using Python?

Hi all, I am trying to upload a .csv file onto a remote Splunk server through the use of a Python script and I am ...

by Explorer in

Need a help in writing correct parsing stanza specific to application log type.

Hi All, Need a help on the list of parsing stanza on props.conf based on the raw log taken from the source applicatio...

by Motivator in

Easiest method to extend pretrained sourcetype access_common to support X-forward-for?

The events indexed via Syslog and stripped for the prefixed date/time using SEDCMD is finally indexed by Splunk like ...

by Contributor in

How to customise value of _time from event data at index-time field extraction?

I am trying to extract following data, and I want the date which is in EVENT tab as default TIME field which is extra...

by Splunk Employee in

Has anyone setup a data input for Samanage API calls?

We're using Samanage to get inventory data from our dispersed workforce. Samanage has an API and I wanted to pull tha...

by Path Finder in

Why am I unable to connect my forwarder to an indexer cluster with error "failed to extract FwdTarget from json node..."?

I'm trying to get my forwarder to connect to an indexer cluster. I've tried changing every possible instance of pass4...

by Explorer in

Has anyone come across the error "The SplunkForwarder service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."?

Has any one come across the following error and if any fix worked without reinstalling the forwarder..? The S...

by Path Finder in

Join a year and month to create a date

Good morning! I have a field for a year and a field for a month. Can I join these two together to create a date th...

by New Member in

How to break event logs

In our Splunk enterprise event logs are not breaking. Two events are coming as one event.

by Loves-to-Learn in

How to predict event increase/license usage by sourcetype

Hi, I'm currently ingesting Sysmon logs from 100 hosts, event are currently stable. Though I'm looking to be sendi...

by Explorer in

How to send data to a custom index which is currently being sent to main index?

Am trying to solve a problem here. The inputs.conf for one of the monitoring stanza on the forwarder had index = main...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can I send Windows Event Forwarded events direct to Splunk?

Access splunk Rest API using OAuth?

Splunk Forwarder 6.1.4 - no site defined in server.conf, Could not bind to Port 8090

Filter data on indexer or heavy forwarder?

How SPLUNK can index external application's REST API which is having token based Authentication

install splunk by local user to monitor remote server logs windows os

how to solve Time difference issue?

Filtering data before indexing with script

Where to define sourcetypes with Splunk Cloud?

How to upload a .csv file onto a Splunk remote server using Python?

Need a help in writing correct parsing stanza specific to application log type.

Easiest method to extend pretrained sourcetype access_common to support X-forward-for?

How to customise value of _time from event data at index-time field extraction?

Has anyone setup a data input for Samanage API calls?

Why am I unable to connect my forwarder to an indexer cluster with error "failed to extract FwdTarget from json node..."?

Has anyone come across the error "The SplunkForwarder service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."?

Join a year and month to create a date

How to break event logs

How to predict event increase/license usage by sourcetype

How to send data to a custom index which is currently being sent to main index?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?