Getting Data In

Discussions

Thread Info

Splunk is truncating the last key/value pair on line if the value contains a space

We are ingesting Aruba CearPass logs. The ClearPass Appliances send their syslog to a syslog server that writes the l...

by Path Finder in

Add a lookup file without the GUI

I currently have a distributed splunk setup, with one search head a cluster master and three indexers and am trying t...

by Path Finder in

How do I get splunk to forward logs from a docker file?

Hi, I currently was testing my splunk forwarder through a RedHat Centos7 virtualbox. It was originally reading from a...

by New Member in

splunk inputs.conf

Hi , I am pretty much new to splunk and i have splunk forwarder configured in one of my linux server . Now i w...

by New Member in

Extract Json string from log event

I have below log format using search query I want to extract json string starting from category field and want automa...

by Communicator in

Events with RSYSLOG_ForwardFormat time not parsing and normalizing to UTC

Hello I have some rsyslog data coming from an rsyslog server configured with RSYSLOG_ForwardFormat to tcp port 514...

by New Member in

Input data as cron schedule version 6.4

I would like to input data into splunk at a specific time every day (e.g interval = 45 0 * * *), but I find it is tot...

by Path Finder in

How to validate data which is uploaded to Splunk is as per CIM model

Hi, In our application we have data in a specific format. We are converting this data to CIM model (say IntrusionD...

by Explorer in

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Hello, I am using the Optiv Threat Intel app, but my Splunk install is on a different drive. Found one .py file I...

by Communicator in

Syslog server "host" field question

The Splunk documentation defines “host” as being “an event host value is typically the hostname, IP address, or fully...

by Path Finder in

how to consolidate 200/500 error counts in access.log?

I have access.log data in index access_index. How can I draw a graph counting 200's and 500's. If I draw for last 1 h...

by New Member in

Collect logfiles

I want to collect logfiles in Splunk through the Universal Forwarder. I've set up a forward for the logs of the event...

by New Member in

How to troubleshoot why I'm missing log data in Splunk for one day?

Hi, I have logs coming into Splunk from our Mainframe server for a long time. I noticed that Splunk is suddenly no...

by Explorer in

Where to find an example to log directly into Splunk via log4j?

Could anybody please point me to an example of how to log directly into Splunk via log4j. I did search extensively on...

by Engager in

Splunk OPEN SSL: unable to load library files.

Hi Splunker, Unable to open the Splunk open ssl. Error is, #echo $SPLUNK_HOME /opt/splunk # /opt/splunk/...

by Motivator in

Splunk Enterprise in a VM environment

i have virtual environments 70 VMs i install trail version of Splunk to use it as SIEM also i have DC to connect all ...

by New Member in

How to re-ingest data between two independent Indexers ?

We have a Splunk setup with HF, Indexers in Cluster with one search head (SH). **We do not have control on Indexer...

by New Member in

Getting Cisco Ironport ESA data into the Common Information Model

I am having a tough time understanding how anyone is getting Cisco Ironport ESA data to map to the CIM for use in thi...

by Explorer in

New and started to input data

So this is the first time I was trying to input the TCP data port to my monitoring. I am behind a NAT as it is with a...

by Path Finder in

Is it possible to use inputlookup inside mvfind?

I have a multivalue field which I am trying to search for a list which is coming from an inputlookup (in lieu of hard...

by Builder in

Getting Data In

Discussions

Splunk is truncating the last key/value pair on line if the value contains a space

Add a lookup file without the GUI

How do I get splunk to forward logs from a docker file?

splunk inputs.conf

Extract Json string from log event

Events with RSYSLOG_ForwardFormat time not parsing and normalizing to UTC

Input data as cron schedule version 6.4

How to validate data which is uploaded to Splunk is as per CIM model

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Syslog server "host" field question

how to consolidate 200/500 error counts in access.log?

Collect logfiles

How to troubleshoot why I'm missing log data in Splunk for one day?

Where to find an example to log directly into Splunk via log4j?

Splunk OPEN SSL: unable to load library files.

Splunk Enterprise in a VM environment

How to re-ingest data between two independent Indexers ?

Getting Cisco Ironport ESA data into the Common Information Model

New and started to input data

Is it possible to use inputlookup inside mvfind?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Pulsar vs Kafka

Specific DNS queries from Splunk Stream to nullQue...

How is WinHostMon data gathered?

how to configure log4net with nested JSON?

Splunk Add-on Builder: Global Account settings

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >