Getting Data In

Discussions

Thread Info

How to calculate volume of syslog traffic on syslog-ng server

I want to calculate the volume of Syslog data coming into Syslog-ng server. For example, I am forwarding proxy logs ...

by Engager in

Why does outputlookup gives a different _time column compared to "export", in a .csv file?

Hi I used SPL to get the number of logins by the hour for 1 month. The goal is to later import them into python using...

by Communicator in

How to create a scheduled report for CSV export

Hi All! I have following query, I want to schedule a report for this for every night. When I export this to CSV aft...

by Explorer in

How to mask sensitive data at index time?

I am trying to mask PII data at index time. Here is an example of PII data I am trying to mask: RecipientSSNxxx-xx...

by Engager in

How to rename dynamic input results

Sorry, I am new to Splunk. Now I use a dynamic dropdown to generate all the results, like below: index=dev-app hos...

by Engager in

How to parse data for a table to display list

This is what I have when I tried my search query. INFO: Found installations for 8 accounts [scheduler] "acc...

by New Member in

Splunk Data Parse Verbose issue

Hi, Currently I am having below issues : A possible timestamp match (Fri Aug 16 11:09:15 2013) is outside of the a...

by Explorer in

Why are we unable to connect to Splunk Cloud from Mule?

Hi, I tried using HEC and configured log4j as mentioned below in Mule, but I'm getting a connection timed out err...

by New Member in

How to count the number of duplicates detected?

Hi, I want to know how many duplicates of a filename (in field Target_file) have been detected for events indexed ...

by New Member in

Regex to pull Account Creator and Account Created from Windows Event

From this Event log, I need to pull the Account Creator and Account Created as two separate tables. 6/6/19 9...

by New Member in

Is it possible to transform JSON events to be independent, then store them in another index?

Hello community, once again, I need your help. I have a training source in json format in which transactions with ...

by Explorer in

Why are metrics producing the wrong value for host field?

Hello, I deployed a Splunk APP that listens to TCP in port 7001, protocol starts with the following code: input...

by New Member in

Requests.Post CSV File contents into Splunk using HEC

Hi all, I'm having issues with using the requests library in python to send the contents of a csv file to Splunk. ...

by Explorer in

How to create Search via REST api in verbose mode ?

I'm firing search query via REST api to get notable events, but the search is not returning all fields available in t...

by New Member in

Does the Universal forwarder collect historical windows event logs?

I have installed the UF on a number of servers and I configured ti to monitor the winodws event logs (Application, Sy...

by Explorer in

When installing Splunk UF to Solaris OS, error message: couldn't set locale correctly

First time seeing this issue. Running: l locale -a l which whoami The result for this command would be as...

by New Member in

Extract timestamp in Epoch (milliseconds) to date

Hello, I am currently extracting a field from some event which looks like Start_Time_ms=1277221722297 My eve...

by Explorer in

How to forward logs by Index / SourceType, from Splunk to 3rd party?

Is there a way to forward logs from Splunk to a 3rd Party collector by Index / SourceType?

by Explorer in

Splunk Cooked Data

Hello, I am in the process of setting up a new TCP input to pull DNS/DHCP logs from a vendor product. This product ha...

by Explorer in

Filtering events from Docker

Hello, we are successfully logging events from Docker hosts via Splunk adapter (HEC) into splunk. Problems arise ...

by New Member in

When is old data deleted from indexes?How does frozenTimePeriodInSecs get applied

Hi I have an index that has its frozenTimePeriodInSecs set to 90 days. When inspect that index with the rest comma...

by Motivator in

Multiple Cloudwatch logs are coming into Splunk as one event

I have set up logging AWS cloudwatch to Splunk using the firehose method from this Blog: https://www.splunk.com/blog/...

by Explorer in

How to configure line breaks for status code

I am creating a sourcetype but my lines are not breaking properly here is my stanza : {"TimeStampString":"6/5/2019...

by Explorer in

Is there a list that contains all the possible values for "eai:type" field in the REST endpoint: services/data/inputs/all

Hi, When I go to :8089/services/data/inputs/all I get a list of all the inputs Splunk is listening to. In each inp...

by Path Finder in

how Splunk can be utilized to provide monitoring for Cisco ASA

Please help us for how Splunk can be utilized to provide monitoring for Cisco ASA.

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to calculate volume of syslog traffic on syslog-ng server

Why does outputlookup gives a different _time column compared to "export", in a .csv file?

How to create a scheduled report for CSV export

How to mask sensitive data at index time?

How to rename dynamic input results

How to parse data for a table to display list

Splunk Data Parse Verbose issue

Why are we unable to connect to Splunk Cloud from Mule?

How to count the number of duplicates detected?

Regex to pull Account Creator and Account Created from Windows Event

Is it possible to transform JSON events to be independent, then store them in another index?

Why are metrics producing the wrong value for host field?

Requests.Post CSV File contents into Splunk using HEC

How to create Search via REST api in verbose mode ?

Does the Universal forwarder collect historical windows event logs?

When installing Splunk UF to Solaris OS, error message: couldn't set locale correctly

Extract timestamp in Epoch (milliseconds) to date

How to forward logs by Index / SourceType, from Splunk to 3rd party?

Splunk Cooked Data

Filtering events from Docker

When is old data deleted from indexes?How does frozenTimePeriodInSecs get applied

Multiple Cloudwatch logs are coming into Splunk as one event

How to configure line breaks for status code

Is there a list that contains all the possible values for "eai:type" field in the REST endpoint: services/data/inputs/all

how Splunk can be utilized to provide monitoring for Cisco ASA

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions