Getting Data In

Ask a Question

Discussions

Thread Info

TA for Dell Unity storage

Hi, Is there any Splunk Technology Add-on (TA) for Dell Unity storage? suggestions pls. I see Dell PowerMax and Del...

by Explorer in

Splunk add-on for Google Cloud Platform How to add logs/new Input to have Kubernetes Pod Status?

Splunk add-on for Google Cloud Platform How to add logs/new Input to have Kubernetes Pod Status? What ar...

by Communicator in

Minimum files and Directories for Custom TA

Hello Splunkers, I'm trying to push data to indexers from HF's where I have a syslog-ng receiving the logs. This is...

by Path Finder in

Source types in /var/log

I would like to retrieve the data in /var/log as correctly as possible. Currently I am simply monitoring the entire...

by Path Finder in

SA-ldapsearch ldapgroup error

We migrated our Splunk indexer from Ubuntu to RHEL recently. Everything appeared to go fine except for this one add-o...

by Explorer in

Routing of events located at Indexers / Search Heads to another Cluster and vice-versa

Hi Community!i have a (kind of ) special problem with my data routing.Topology:We have 2 different Clusters, one for...

by Path Finder in

Forward Data to a third-party system

Hi, I am using SplunkForwarder to forward data to a non-splunk system by adding the stanza below in outputs.conf. ...

by Builder in

NiFi GetSplunk import events

I'm trying to import a csv file generated by the NiFi GetSplunk component. It retrieves events from a Splunk Instance...

by Observer in

How to forward splunkd.log to a foreign syslog server

Dear community,it might be an odd question but i need to forward the splunkd.log to a foreign syslog server,therefore...

by Explorer in

Is it possible to ingest data related specifically from Microsoft Defender Safe Links?

Is it possible to ingest data related specifically from Microsoft Defender Safe Links? We have tried both Microsoft ...

by New Member in

Decomissioning indexers

I am working to decommission some indexers from my cluster. I am using splunk offline --enforce-counts and letting th...

by Builder in

Zscaler log filtering

Hello guys,I am quite new on the topic so I really need tyour help ^_^.I am ingesting Zscaler logs in a Splunk Cloud ...

by Loves-to-Learn Lots in

Event does not break right

Hi folks.. I have an issue where I can't get an event to break right. The event looks like this ******...

by Explorer in

line break to different entries

I have logs indexed like this. How to break entries based on each lines . i need each line as a seperate entry. ...

by Explorer in

401 Unauthorized when trying to use REST API

Hello, i am trying to intergrate the Splunk Ui Toolkit into my own Splunk instace that is running on localhost.I am ...

by Explorer in

URL error for HEC - Cloud

Hi all, I am a bit of a newbie here, and am trying to setup HEC on splink cloud, however the URL I have created fo...

by Loves-to-Learn Lots in

"splunk add oneshot" not working

Hello. Trying to test a sourcetype using "oneshot". Although we were able to add raw data using "oneshot" the firs...

by Path Finder in

Can I test SECCMD from command line using oneshot?

I am attempting to test a SEDCMD for event manipulation and it does not appear this is possible via oneshot? When I t...

by Path Finder in

Help with oneshot json: Why is | kvmode incorrect?

I'm using a distributed Splunk Enterprise environment with over 15 peers at the Indexer Tier. I have some JSON data ...

by Path Finder in

How to blacklist the .gz files in input.conf?

Hi Folks, I am trying to backlist the gz files in input.conf. But somehow the blacklist doesn't work properly. ...

by Explorer in

How does Splunk handle gzip'd logs?

Suppose I have `/var/log/nginx/access.log` and then a dozen files in the same directory named like `access.log-<date>...

by Engager in

How do I debug syslog that dont get into splunk whereas I can see the log when I use tcpdump

Hi everyone, I’m currently sending vCenter logs via syslog to Splunk and have ensured that the syslog configuration...

by Engager in

Change Splunk user from root to Splunk user

Hi, The Splunk Heavy Forwarders and Deployment Servers were running under Splunk user. Unfortunately, during th...

by Loves-to-Learn in

VMware Hosts logs do not show up in new Splunk server

We have been using Splunk on a Windows server without issue. It ingested logs from Vmware hosts, networking hardware...

by Explorer in

Splunk Windows Events to Third Party System

Hello all, implementing some routing at the moment in order to forward a subset of data to a third party syslog syste...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

TA for Dell Unity storage

Splunk add-on for Google Cloud Platform How to add logs/new Input to have Kubernetes Pod Status?

Minimum files and Directories for Custom TA

Source types in /var/log

SA-ldapsearch ldapgroup error

Routing of events located at Indexers / Search Heads to another Cluster and vice-versa

Forward Data to a third-party system

NiFi GetSplunk import events

How to forward splunkd.log to a foreign syslog server

Is it possible to ingest data related specifically from Microsoft Defender Safe Links?

Decomissioning indexers

Zscaler log filtering

Event does not break right

line break to different entries

401 Unauthorized when trying to use REST API

URL error for HEC - Cloud

"splunk add oneshot" not working

Can I test SECCMD from command line using oneshot?

Help with oneshot json: Why is | kvmode incorrect?

How to blacklist the .gz files in input.conf?

How does Splunk handle gzip'd logs?

How do I debug syslog that dont get into splunk whereas I can see the log when I use tcpdump

Change Splunk user from root to Splunk user

VMware Hosts logs do not show up in new Splunk server

Splunk Windows Events to Third Party System

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions