Getting Data In

Discussions

Thread Info

index based on first three characters of hostname

Hello, I am trying to implement setting a specific index based on part of the hostname. For ALL of my data that I...

by Path Finder in

Index only first Occurrence of string in events

I want to know if below things are possible in splunk and if YES then How it can be achieved- 1. Below is sample even...

by Builder in

using source in props.conf to break the below event based on realm .

I am trying to break the event based on the realm in the below example. My sourcetype "Iam_logs" is defined globally ...

by Observer in

HTTP Event Collector on Heavy forwared

I want to configure HTTP Event collector on one of the Heavy forwarder. initially i create the app with named splunk...

by Path Finder in

Python script error during installation of Splunk Forwarder Add-on for WAS

I see below error while running installation script of Splunk Forwarder Add-on for WAS. $ python was_log_inputs.py Fi...

by Engager in

How to break event 1 and 2 further?

Each Realm entry should be an event, JSON is the source. Event1: {"realm":"/humapp","transactionId":"d9d6ba4e-...

by Observer in

Timestamp from file name

I have file names like this "Patch-Data_2-1-2012.csv" How do I use the date in the file name for the datestamp fo...

by Motivator in

Splunk Website Monitoring stops working if I add more app URLS to be monitored!

Hello, I am trying to configure Splunk Website Monitoring app to probe new application URLS. It was working fine, ...

by Explorer in

How/where to tell a new data input to use this new index in a cluster?

I have a cluster environment, 3 indexers and one Master indexer/DMC/LM, a deployment server, syslog-ng Heavy Forwarde...

by Path Finder in

Format unicode characters in json input

We're trying to index json formatted logs from kubernetes pods by removing the json formatting and making the logs ap...

by Explorer in

"Brute Force Access Behavior Detected" from Microsoft domain controllers

Seeing lots of "Brute Force Access Behavior Detected" notable events coming from Microsoft domain controllers. The co...

by Engager in

inputs.conf segment setting

Not sure why the hostname for the monitor stanza below is not being parsed out... directory is as follows: /mnt/l...

by New Member in

Splunk Add-on for Microsoft Windows NOT CIM

I have installed the Splunk Add-on for Microsoft Windows App on the latest 6.0 Version on Splunk Enterprise 7.3 i am...

by Engager in

sum multiple value in a json

Hello, I have a raw like this: .success [{"importo":2,"tipologiaOperazione":"AAA"},{"importo":1.82,"tipologiaOpera...

by Engager in

I am not able to send logs to 2 different indexer

I have a setup, where I have one production indexer and another one is development indexer. I want all the data to be...

by Splunk Employee in

Why is the field extraction transformation not working in conjunction with data filtering transformation?

I'm trying to minimize the amount of data from Kubernetes JSON events that are being indexed into my Splunk instance....

by Path Finder in

Universal Forwarder invoke powershell script on-demand

How can I run a powershell script on a Universal Forwarder on-demand instead of scheduling it in the inputs.conf and ...

by New Member in

Extract Json and non-json data from single event

Hello Champions, Need your help in extracting mixed data. Below is my sample data. I indexed it as a single event ...

by Builder in

Filter and get count of kvstore records via REST API

I have a kvstore collection with ~50 000 records. I want to get count of records that satisfy some conditions, but I ...

by New Member in

Why isn't my transforms working?

\etc\system\local\transforms.conf [drop4768OK] REGEX = EventCode=4768(.|\t|\r|\n)*Result.*Code.*0x0 DEST_KEY = que...

by Builder in

manually run a scripted input?

I have a scripted input in Splunk that sends it's data to Splunk via STDOUT. Is there any way to run the script on-de...

by Contributor in

Splunk Webの動作について

お世話になっております。 Splunk Webについてご質問があります。現在インデックスサーバをスタンドアロンで構築し（OSはCentOS7） 設定のデータ入力→ファイルとディレクトリ→新しいローカルファイルとディレクトリから...

by Explorer in

Can I dynamically set the default host value using a Universal Forwarder?

I'm using host_regex on a Universal Forwarder. inputs.conf [monitor:///app/splunkforwarder/logs/container...

by Explorer in

Docker logs control in Splunk

Hi there, Is there anyway on Splunk search peer or Forwarder to filter the data. Like log messages that contain DEBUG...

by Path Finder in

Collecting Windows Logins Events - Specifically what server/workstation they were remoting into

I'm currently collecting windows security events. And it's been good for seeing failures. But I cannot see 'what' wor...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

index based on first three characters of hostname

Index only first Occurrence of string in events

using source in props.conf to break the below event based on realm .

HTTP Event Collector on Heavy forwared

Python script error during installation of Splunk Forwarder Add-on for WAS

How to break event 1 and 2 further?

Timestamp from file name

Splunk Website Monitoring stops working if I add more app URLS to be monitored!

How/where to tell a new data input to use this new index in a cluster?

Format unicode characters in json input

"Brute Force Access Behavior Detected" from Microsoft domain controllers

inputs.conf segment setting

Splunk Add-on for Microsoft Windows NOT CIM

sum multiple value in a json

I am not able to send logs to 2 different indexer

Why is the field extraction transformation not working in conjunction with data filtering transformation?

Universal Forwarder invoke powershell script on-demand

Extract Json and non-json data from single event

Filter and get count of kvstore records via REST API

Why isn't my transforms working?

manually run a scripted input?

Splunk Webの動作について

Can I dynamically set the default host value using a Universal Forwarder?

Docker logs control in Splunk

Collecting Windows Logins Events - Specifically what server/workstation they were remoting into

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions