Getting Data In

Discussions

Thread Info

Configure different index time transformations for different outputs | Heavy Forwarder

Hello Splunker, I'm currently working on a new use case and need some helps I'm working on a HF receiving Micros...

by Path Finder in

How to draw a table that digests a field which varies differently

Hi, I wanna plot a table to indicate the scanner status of Gitlab repos in the dashboard, like below: (1 means enable...

by Engager in

Can a universal forwarder run a script? If yes, is there a way to control when it runs?

Hi, Can a UF run a script? If so, is there any way to control when it runs?

by Champion in

Universal forwarder doesn't have a default setting in inputs.conf for Microsoft-Windows-PowerShell/Operational

Splunkers, I want to get in Microsoft-Windows-PowerShell/Operational logs into Splunk. There is no default setting ...

by Explorer in

configuration_change.log is not enabled by default- Splunk not logging anything into that log?

Hello everyone, I have been reading about the way Splunk can audit the changes at the configuration files and I fo...

by Path Finder in

Why have monitored inputs stopped working?

Has anyone run into an issue where a Splunk HF, is not monioring files being written to it. This HF is also a syslog ...

by Communicator in

Testing sourcetype with sample data formats _time correctly, but when actually using it at index time, it does not work

I am using a HEC and configured a custom source type that sets _time based on a field in the JSON data and when using...

by Explorer in

Is the universal forwarder 8.0 supported on Windows 2012 R2?

The Forwarder Manual 8.0's mention of system requirements links to the Splunk Enterprise Installation Manual 8.0, whi...

by Engager in

How to query a List of Domain Controllers?

I'd like to pull a complete listing of all domain controllers in my environment and I'd like to do it through Splunk....

by Communicator in

Not receiving events after upgrading splunk to 8.1.10 from 7.2.3

Hi, After upgrading Splunk Enterprise, I am no longer able to see events coming in for a certain dashboard. How am ...

by Loves-to-Learn Lots in

Best practice when it comes to managing multiple firewall logs

Hey all, I'm looking for some advice. We currently have multiple ASAs which are sending logs to rsyslog. The logs...

by Loves-to-Learn Lots in

Can we monitor .accdb file in Splunk?

Hello Splunkers!! Can anyone please share your thoughts on whether we can monitor .accdb files via Splunk i.e. Int...

by Explorer in

Why can I not see logs in splunk

Hi All, I got a request to monitor a log files in splunk. below are the log file name pattern: abc_uat_cpe_2...

by Path Finder in

How to Monitor latest folder only?

Hi All, I have a set of folders which are created by the job which runs in the backend and the names of the folder...

by Path Finder in

WinEventLog:Security EventCode 4732 Name instead of SID in Splunk- How can I view the account or username?

Hello, I have all auditing enabled via GPO and I am getting WinEventLog:Security logs in Splunk. I am attempting ...

by Loves-to-Learn Lots in

Generate PDF from View in REST API

I am using Splunk 6.1.1 and currently have a form that takes an integer input (foo) and timerange. The URL for this v...

by Path Finder in

Sourcetype confusion over IIS logs- Help to find a cogent Spec and Select

I have been doing testing and planning out my Splunk deployment. I have set up a Universal Forwarder on one of our pr...

by Communicator in

How to monitor privileged commands in Windows?

Meow~!How to monitor privileged commands in Windows?For example, in Linux I can by AuditD but what about Windows?

by Builder in

Azure AD Add-on for MS Office 365 questions

I am in the process of trying to configure a Tenant in this add-on. Some of the required values are available in the...

by Path Finder in

How to compare json file and find the difference in log file?

How to compare difference in the json file. If there is no difference we are good. But in my case i need to find comp...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Configure different index time transformations for different outputs | Heavy Forwarder

How to draw a table that digests a field which varies differently

Can a universal forwarder run a script? If yes, is there a way to control when it runs?

Universal forwarder doesn't have a default setting in inputs.conf for Microsoft-Windows-PowerShell/Operational

configuration_change.log is not enabled by default- Splunk not logging anything into that log?

Why have monitored inputs stopped working?

Testing sourcetype with sample data formats _time correctly, but when actually using it at index time, it does not work

Is the universal forwarder 8.0 supported on Windows 2012 R2?

How to query a List of Domain Controllers?

Not receiving events after upgrading splunk to 8.1.10 from 7.2.3

Best practice when it comes to managing multiple firewall logs

Can we monitor .accdb file in Splunk?

Why can I not see logs in splunk

How to Monitor latest folder only?

WinEventLog:Security EventCode 4732 Name instead of SID in Splunk- How can I view the account or username?

Generate PDF from View in REST API

Sourcetype confusion over IIS logs- Help to find a cogent Spec and Select

How to monitor privileged commands in Windows?

Azure AD Add-on for MS Office 365 questions

How to compare json file and find the difference in log file?

How I Instrumented a Rust Application Without Knowing Rust

Splunk Community Platform Survey

Observability Highlights | November 2022 Newsletter

May I have sample code to query Splunk data using ...

How to add metadata to UF config files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

AWS S3 Input- Ingest .csv files that are not actua...

Increased CPU on Universal Forwarder since v9