Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

PII In Splunk

Hi, I wonder whether someone could help me please. Firstly forgive me for what may a stupid question. But could...

by Motivator in

Windows Folder Monitoring

How to monitor Windows folder path, send alert if no data is written to the said shared folder or windows path?

by New Member in

how to set field type as string when upload local csv file

when upload local csv file, i can't found a way to set field from number type to string type. By default splunk set t...

by New Member in

How do I calculate the difference between these two dates that are not in _time ?

Hi splunkers! I have tried to calculate the difference between these two dates (Date Closed) - (Date Created) usin...

by New Member in

I need help parsing my json events

Hello, I'm parsing new json events from a webpage, and none of my prior props worked, I don't know why, it cant recog...

by Communicator in

How to configure a universal forwarder on centos 7?

Hello, My problem is that the data I send with the forwarder does not reach splunk. Here is how I configured th...

by Engager in

Collect command to index in JSON format

Hello! I'm trying to generate some summarized data by using the collect command in my SPL queries. The event fo...

by Path Finder in

Index cluster question

i configured index cluster with 3 peers. ( rf=2 sf=1) i see that only new data is getting replicated , the older or e...

by Builder in

Why am I seeing data from a heavy forwarder, but nothing in _internal index?

I'm seeing some curious behavior our of two of my heavy forwarders. They aren't reporting data into _internal, but I ...

by Path Finder in

Using REST API to review tag=suppress, updated field not updated with last change date/time

Using this SPL: | rest servicesNS/-/-/search/tags/suppress splunk_server=local I get a list of all of the sear...

by Engager in

Install Splunk Universal Forwarder into OpenShift platform

I tried googling it but without any luck, also I tried searching official mailing lists, but also without any informa...

by Explorer in

Is there a way to list the incoming data feeds?

Hello, I'm rather new to Splunk and have taken over an existing system we use for very base level SysLog monitoring (...

by New Member in

How can I get a list of data inputs using the REST API?

I'd like to get a list of the data inputs and - ideally - the actual search behind each input. Is it possible to d...

by Explorer in

Mask partial value in Splunk _raw Data using SED

Hi, I have the below event in my splunk logs and i want to partially mask few things - 1. I want to just remove the ...

by Explorer in

Splunk date going backwards?

Splunk noobie here - basic install on Centos 7, forwarding syslog from security device and the reported date seems to...

by Path Finder in

Automatic lookup on a fieldalias field -- Is it possible?

My automatic lookup is not working on fields that were created via FIELDALIAS's. I have automatic lookups in my "...

by Builder in

Is there a way to add a CRC salt via the CLI?

I'm using splunk 4.3.2 on windows (azure). I configure the universal forwarder on a windows server to monitor a direc...

by Explorer in

New and old indexers, how can I ingest old data on the new indexer?

Hi, We've set up a new index cluster and is currently cloning the data between the existing and new indexers. http...

by Communicator in

Sourcetype alias

Hi, We have been using a custom method to get cloudtrail to Splunk by using log files on a server that has the Clo...

by Path Finder in

Truncate events in props.conf to reduce the license cost

Hello, I have the following stanza in my props.conf for the relevant sourcetype: [BWP_hanatraces] TRUNCATE = 0 ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

PII In Splunk

Windows Folder Monitoring

how to set field type as string when upload local csv file

How do I calculate the difference between these two dates that are not in _time ?

I need help parsing my json events

How to configure a universal forwarder on centos 7?

Collect command to index in JSON format

Index cluster question

Why am I seeing data from a heavy forwarder, but nothing in _internal index?

Using REST API to review tag=suppress, updated field not updated with last change date/time

Install Splunk Universal Forwarder into OpenShift platform

Is there a way to list the incoming data feeds?

How can I get a list of data inputs using the REST API?

Mask partial value in Splunk _raw Data using SED

Splunk date going backwards?

Automatic lookup on a fieldalias field -- Is it possible?

Is there a way to add a CRC salt via the CLI?

New and old indexers, how can I ingest old data on the new indexer?

Sourcetype alias

Truncate events in props.conf to reduce the license cost

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

Unable to receive data from Splunk add-on for Micr...

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...

Why do I receive SSL alert number 40 with selfsign...