Getting Data In

Discussions

Thread Info

How can I get a PowerShell script to run at startup and every day thereafter?

How can I set a PowerShell script to run on startup and every 24 hours thereafter on a UF? I have tried using interva...

by Explorer in

Is there a way to monitor the tcp write to Indexers and check the amount of data an Indexer receives on an average?

We have an environment where we directly write data to Splunk indexers via TCP inputs. The reason for this kind of se...

by Communicator in

How to externally trigger a universal forwarder to send data to an indexer using PowerShell modular input

I have server "X" on which is installed a universal forwarder. Typically, I'd use the universal forwarder's cron f...

by Path Finder in

how to collect data for network latency between sites??

Hello guys We would like to create some reports related of Atlassian tools response time and include in the calcul...

by Engager in

Can someone explain what "category" is used for in props.conf?

All, CAn someone provide me some examples and why I would use categories in my props.conf? category = * Fiel...

by Builder in

Splunk 7.2.3 Windows event 11707 user "NOT_TRANSLATED"

I'm trying to alert on software install events, but the events are showing the user as "NOT_TRANSLATED". I get a SID,...

by Explorer in

Why props.conf not getting picked up while ingesting data through HEC, /event endpoint?

by New Member in

Why are multiple host names being reported for the same host?

'Morning... I have a v6.5, clustered environment (deployment server), Universal Forwarder on all hosts. I am getti...

by Contributor in

Cannot see the data that is being forwarded/indexed in the Splunk web interface

Hi everyone, I am currently facing an issue which am not getting my head around it. I have installed the universal fo...

by New Member in

Where are the docs for the PowerShell Modular Input AddOn?

The readme file for the PowerShell Modular Input AddOn says docs are at https://docs.splunk.com/Documentation/AddOns....

by Path Finder in

Retrive only the key object from the json output

I have the following output and I want to extract only the key value of the JSON and those are addNewOrder,navigateRe...

by Path Finder in

Webhook app for Microsoft Teams

I am trying to integrate a webhook app to our Splunk Cloud instance to our Microsoft Teams. what other apps can i use...

by Observer in

How to freeze and recover older files in an index

I am fairly new to splunk and have been trying to piece together my understanding of things via the numerous answers ...

by Engager in

Types of Integration in Splunk

Hi, Can anyone help me with different methods of integration to splunk? 1. Universal forwarder method 2. Through H...

by Builder in

Need help with line-breaking app.log

Have a feed coming in from App.logs, which I can't get to line-break properly. Props.conf [mq_error_logs] CHARS...

by New Member in

Ingestion of etc/resolv.conf

Hi Team, We got an requirement to ingest /etc/resolv.conf file from all Linux & HP machines so I have created an a...

by Path Finder in

Retrieving logs from all hosts in Splunk cloud, instead of one

Hi, Tanium is sending logs to our only syslog server and we have created a folder in that server (let us say a) so...

by Builder in

TIMESTAMP_FIELDS for different sources and timestamps using same sourcetype _json

Hello guys, TIMESTAMP_FIELDS must be setup in props.conf on indexers side, therefore how to use TIMESTAMP_FIELDS f...

by Motivator in

Why is linemerging not working with Http Event Collector (HEC)?

Hey, We're trying to use Splunk HEC (+fluentd) and our existing linemerge rules aren't applied to events pushed us...

by Explorer in

queue are getting blocked

I have one Heavy forwarder and one indexer+search head. I am monitoring (high amount of) zip files in heavy forwarder...

by Builder in

HTTP 401 Error seen in splunk logs while connecting to SAP middleware application

Hello Experts, Please see the details below: Flow: Web Services partner interface (Client application) => invokes ...

by New Member in

What causes a forwarder to become inactive and stop forwarding logs?

We have set up "Splunk Forwarder Management" and apps are being successfully deployed to the clients that are polling...

by New Member in

could not use the strptime to parse timestamp from "[xx:xx:xx.xxx"

error message: Could not use strptime to parse timestamp from "[00:00:00.015". Event: [00:00:00.015] [DEBUG] [xxx...

by Communicator in

Transform field extraction work from default but not from local

I'm using the Splunk TA for Symantec Endpoint Protection 2.3.0 and for the latest version of SEP some of the log file...

by Communicator in

How to tell splunk to read log files only once, but keep monitoring the folder for new files?

I have an ActiveBatch setup that generates many files (tens of thousands) in a folder. I'd like to have Splunk read o...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How can I get a PowerShell script to run at startup and every day thereafter?

Is there a way to monitor the tcp write to Indexers and check the amount of data an Indexer receives on an average?

How to externally trigger a universal forwarder to send data to an indexer using PowerShell modular input

how to collect data for network latency between sites??

Can someone explain what "category" is used for in props.conf?

Splunk 7.2.3 Windows event 11707 user "NOT_TRANSLATED"

Why props.conf not getting picked up while ingesting data through HEC, /event endpoint?

Why are multiple host names being reported for the same host?

Cannot see the data that is being forwarded/indexed in the Splunk web interface

Where are the docs for the PowerShell Modular Input AddOn?

Retrive only the key object from the json output

Webhook app for Microsoft Teams

How to freeze and recover older files in an index

Types of Integration in Splunk

Need help with line-breaking app.log

Ingestion of etc/resolv.conf

Retrieving logs from all hosts in Splunk cloud, instead of one

TIMESTAMP_FIELDS for different sources and timestamps using same sourcetype _json

Why is linemerging not working with Http Event Collector (HEC)?

queue are getting blocked

HTTP 401 Error seen in splunk logs while connecting to SAP middleware application

What causes a forwarder to become inactive and stop forwarding logs?

could not use the strptime to parse timestamp from "[xx:xx:xx.xxx"

Transform field extraction work from default but not from local

How to tell splunk to read log files only once, but keep monitoring the folder for new files?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Multiple SC4S TLS port

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?

Discussions