Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to forward to Splunk cloud from AWS and on prem?

Hi, Our setup is as follows: Managed Splunk Cloud instanceHeavy Forwader (on-prem)Syslog server (on-prem) Ou...

by Path Finder in

Are there any negative ramifications when adding a field to existing database input?

I have an existing database input that is reading from an Oracle database. Existing Dashboard A uses that database i...

by Explorer in

Why is Splunk Add-on for Google Workspace inputs getting 401 response?

I have configured the Splunk Add-on for Google Workspace on a Heavy Forwarder that is performing data collection and ...

by Explorer in

Is it possible to rename an index along with moving data from the old index to new index name?

We are trying to standardize our nomenclature on indexes. Is it possible to rename an index along with moving data fr...

by Path Finder in

Why is the Duo Splunk Connector indexing very few events and throwing some python errors?

Hey folks, I just installed the Duo Splunk Connector (v1.1.7) on a heavy forwarder running Splunk Enterprise v7...

by Explorer in

What is the best way to get last login value from DC (we have ~60 DCs )?

What is the best way to get last login value from DC (we have ~60 DCs )

by Contributor in

What is the role capability required to view all the indexes in splunk cloud settings?

What is the role capability required to view all the indexes in splunk cloud settings? We have below capabilities ...

by Explorer in

How to fix date format to extracted eval field?

index="indnewwrapper" | search rfq_id: | join [ search index="indnewwrapper" | search rfq_id: | eval validateEmailMes...

by Explorer in

Why can't I see FortiAP logs?

Hello team, I have a Fortigate v7.2.0 connected to a FortiAP (FP221E-v7.2) . After i configured Splunk as a syslog...

by New Member in

What is the best approach to use Data Inputs in a distributed environment (SHC)?

Dear Splunkers, We are using Splunk in a distributed environment with an SHC; now, what is the best approach...

by Explorer in

Why am I having this issue with HEC guid?

I have ack enabled for a HEC input. I can successfully send data into splunk with guid #1. With the same curl but a d...

by Path Finder in

Controlling the hot bucket size in Splunk - indexes.conf

1. Controlling the size of a hot bucket : maxDataSize = auto | auto_high_volume auto = 750 mbauto_high_volume...

by Motivator in

How to ping Federate cloud logs on splunk?

Hi, We have onboarded ping federate logs in splunk but we are getting multiple logs getting clubbed in one. C...

by New Member in

Why is .swp file getting monitored along with the actual file?

I have added directory path in inputs.conf to monitor all the files of that directory. A .swp file got created once a...

by Path Finder in

How to send rest API data to Splunk?

(New splunk user)I want to use the Cyberark Rest Api login event for Splunk. So is there a way to access Rest API dat...

by Path Finder in

Why doesn't my SplunkCloud tenant's HEC work?

i tried with : https://prd-p-xxxxxx.splunkcloud.com:8088/services/collector/event and also with : https://ht...

by Observer in

How to get Splunk UF versions in Intermediate forwarder set up?

Hi can anyone think of a way to get Splunk versions reported from universal forwarders when in a Intermediate forward...

by Explorer in

How to anonymize credit card numbers using props.conf and transforms .conf?

hi im trying to replace credit card number (16 digits) in a csv file with xxxx when i input below text, full event...

by Observer in

How to create new column with percentage?

Hi, My search is giving below output, Month FieldA FieldBJan 285 1410Feb 247 1934...

by Path Finder in

How to write simple search of key words or numbers?

Say I'm just trying to find if anything in Splunk is showing number "12345678". Isn't there a way to query a simple s...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to forward to Splunk cloud from AWS and on prem?

Are there any negative ramifications when adding a field to existing database input?

Why is Splunk Add-on for Google Workspace inputs getting 401 response?

Is it possible to rename an index along with moving data from the old index to new index name?

Why is the Duo Splunk Connector indexing very few events and throwing some python errors?

What is the best way to get last login value from DC (we have ~60 DCs )?

What is the role capability required to view all the indexes in splunk cloud settings?

How to fix date format to extracted eval field?

Why can't I see FortiAP logs?

What is the best approach to use Data Inputs in a distributed environment (SHC)?

Why am I having this issue with HEC guid?

Controlling the hot bucket size in Splunk - indexes.conf

How to ping Federate cloud logs on splunk?

Why is .swp file getting monitored along with the actual file?

How to send rest API data to Splunk?

Why doesn't my SplunkCloud tenant's HEC work?

How to get Splunk UF versions in Intermediate forwarder set up?

How to anonymize credit card numbers using props.conf and transforms .conf?

How to create new column with percentage?

How to write simple search of key words or numbers?

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

How to check for artifacts found during playbook e...

Why are we missing Windows "WinEventLog:Security...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...