Getting Data In

Community Activity

"Brute Force Access Behavior Detected" from Microsoft domain controllers Seeing lots of "Brute Force Access Behavior Detected" notable events coming from Microsoft domain controllers. The c... by dsuddu Engager in Getting Data In 07-18-2019 6 4	6	4
inputs.conf segment setting Not sure why the hostname for the monitor stanza below is not being parsed out... directory is as follows: /mnt/log... by plumainwfs New Member in Getting Data In 07-18-2019 0 2	0	2
Splunk Add-on for Microsoft Windows NOT CIM I have installed the Splunk Add-on for Microsoft Windows App on the latest 6.0 Version on Splunk Enterprise 7.3 i am... by omri_p Engager in Getting Data In 07-18-2019 0 0	0	0
sum multiple value in a json Hello, I have a raw like this: .success [{"importo":2,"tipologiaOperazione":"AAA"},{"importo":1.82,"tipologiaOperazi... by 3vi Engager in Getting Data In 07-18-2019 0 2	0	2
I am not able to send logs to 2 different indexer I have a setup, where I have one production indexer and another one is development indexer. I want all the data to be... by saramamurthy_sp Splunk Employee in Getting Data In 07-18-2019 0 2	0	2
Why is the field extraction transformation not working in conjunction with data filtering transformation? I'm trying to minimize the amount of data from Kubernetes JSON events that are being indexed into my Splunk instance.... by alanzchan Path Finder in Getting Data In 07-17-2019 0 21	0	21
Universal Forwarder invoke powershell script on-demand How can I run a powershell script on a Universal Forwarder on-demand instead of scheduling it in the inputs.conf and ... by kevinbullock New Member in Getting Data In 07-17-2019 0 0	0	0
Extract Json and non-json data from single event Hello Champions, Need your help in extracting mixed data. Below is my sample data. I indexed it as a single event wi... by nareshinsvu Builder in Getting Data In 07-17-2019 0 3	0	3
Filter and get count of kvstore records via REST API I have a kvstore collection with ~50 000 records. I want to get count of records that satisfy some conditions, but I ... by asnegina New Member in Getting Data In 07-17-2019 0 1	0	1
Why isn't my transforms working? \etc\system\local\transforms.conf [drop4768OK] REGEX = EventCode=4768(.\|\t\|\r\|\n)Result.Code.*0x0 DEST_KEY = queue... by tmontney Builder in Getting Data In 07-17-2019 0 12	0	12
manually run a scripted input? I have a scripted input in Splunk that sends it's data to Splunk via STDOUT. Is there any way to run the script on-de... by jeff Contributor in Getting Data In 07-17-2019 0 5	0	5
Splunk Webの動作についてお世話になっております。 Splunk Webについてご質問があります。現在インデックスサーバをスタンドアロンで構築し（OSはCentOS7）設定のデータ入力→ファイルとディレクトリ→新しいローカルファイルとディレクトリからファ... by alffsadm Explorer in Getting Data In 07-17-2019 1 5	1	5
Can I dynamically set the default host value using a Universal Forwarder? I'm using host_regex on a Universal Forwarder. inputs.conf [monitor:///app/splunkforwarder/logs/containername/*.lo... by psyched4splunk Explorer in Getting Data In 07-17-2019 0 6	0	6
Docker logs control in Splunk Hi there, Is there anyway on Splunk search peer or Forwarder to filter the data. Like log messages that contain DEBUG... by rashi83 Path Finder in Getting Data In 07-16-2019 0 2	0	2
Collecting Windows Logins Events - Specifically what server/workstation they were remoting into I'm currently collecting windows security events. And it's been good for seeing failures. But I cannot see 'what' w... by TitanAE New Member in Getting Data In 07-16-2019 0 0	0	0
What is the best analogy for explaining 'sourcetypes'? When I talk to folks who are new to Splunk, I often struggle to explain the concept of a sourcetype to them. Other ba... by sloshburch Ultra Champion in Getting Data In 07-16-2019 1 20	1	20
What is the best practice for avoiding irrelevant date in Cisco log being taken as time stamp? Hi, what would be the best practice for avoiding that a recent log line like the following one would be wrongly tagge... by bkatzlin Explorer in Getting Data In 07-16-2019 0 3	0	3
help parsing mixed unstructured/JSON events coming from DBX Hello, I'm having trouble parsing this events for a client. here is the data route: 1 the data is stored into some D... by 3DGjos Communicator in Getting Data In 07-16-2019 0 12	0	12
Python Rest API script After connecting to the splunk Rest API, I would like to run a search query built like this and stored in a variable.... by travismonta New Member in Getting Data In 07-16-2019 0 0	0	0
Monitoring files from SPLUNK Enterprise server I just need some help in understanding what is possible. I have a powershell script that I use to gather data from a... by willadams Contributor in Getting Data In 07-16-2019 0 1	0	1
Does the HTTP Event Collector API support events with arbitrary metadata? (2019 edition) 3 years ago, someone asked my exact question: "Does the HTTP Event Collector API support events with arbitrary metad... by olivercole New Member in Getting Data In 07-16-2019 0 1	0	1
monitor specific window services I want to monitor specific windows services. Say example "abcd" & "xyz". I was able to create a visualization but it ... by ajit2548 New Member in Getting Data In 07-16-2019 0 0	0	0
Json Parse I am doing JSON parse and I suppose to get correctly extracted field. This below gives me correct illustration numbe... by jayeshmehta1989 New Member in Getting Data In 07-16-2019 0 0	0	0
sourcetypes not displaying on Summary screen When looking at the Summary screen Splunk is not displaying any sourcetypes. Sometimes it will appear after awhile. by wildbill4 Path Finder in Getting Data In 07-16-2019 0 2	0	2
How can I parse all the syslog data from our Barracuda Email Security Gateway? The the syslog data from our barracuda EMSG is being ingested into Splunk, but I'm having trouble extracting fields f... by lawlzsloth Engager in Getting Data In 07-15-2019 0 5	0	5