Getting Data In

Discussions

Thread Info

Inline field extracted vs Transformation?

I am walking through the Cisco app and I noticed that there are a lot different ways fields are being extracted. It l...

by Explorer in

data from blobs of azure not coming in format

Data from blobs csv coming from azure into splunk not coming into format only few scattered words. please suggest. ...

by Explorer in

Getting IP address of Splunk server instead of particular PC in logs.

I am forwarding logs from several windows PCs to Splunk with Heavy forwarders. And the Splunk is forwarding those log...

by New Member in

Why is field ingestion not working when ingesting custom CSV data?

Hello, I am trying to ingest some custom CSV data that I have created. In some of the data it extracts the correc...

by New Member in

Which port can I use to send Syslog traffict to splunk for a Cisco Nexus device?

I am trying to send syslog traffic from some nexus devices to Splunk, but I have not been able to find which port sho...

by New Member in

Where can I find a good video on field extraction (parsing) ?

Hi All, Can any one share me a good video link explaining about Field Extraction concept on both Index time /Search t...

by Motivator in

Lines starting with semicolon(;) needs to discarded completely from indexing . My props and transforms not working

I would like to remove any lines that start with semicolon(;) from indexing. Below are my config files and sample dat...

by Path Finder in

About obtaining log of virus buster

I am always grateful for your help. It is necessary to capture the log of the ”Trend Micro virus buster” transferr...

by Champion in

Unable data of table and resource of azure to splunk

Hello, I have integrated azure and splunk , getting data for blob storage and audit . But Unable data of table and...

by Explorer in

webhook: unable to read POST data

Hello Splunk users, I'm sorry for this trivial question, but I can't understand. How can I read the HTTP POST data...

by Path Finder in

syslog-ng to HEC data persistence

How would we ensure data persistence/queuing when using Ryan Faircloth's (or a similar script) method to batch the sy...

by Builder in

Splunk forwarder delays only Concurrently generated logs

After reviewing splund.log, metrics.log in several attempts and adding check on storage etc. on splunk servers, we ha...

by New Member in

How to index .evt(x) files exported from a Windows system for Forensics/Root Cause Analysis/Incident Response etc when the system is no longer operational?

Problem statement: Windows .evt(x) files need to be indexed but the system the files originated from is no longer ope...

by SplunkTrust in

SEDCMD a field

I'm hoping what I want to do exists. I've reviewed props.conf.spec and https://docs.splunk.com/Documentation/Splun...

by Builder in

Need SEDCMD Help.

I have a csv that is coming in and we want to replace anything in the name section with "XXXX" Sample events "2...

by Builder in

Proper way to mount configs in Splunk Docker Container

Hello, currently working on Spinning up Splunk Containers using the splunk latest image. Works great when using all d...

by New Member in

Need to export Splunk data (our application logs) to CSV using API

Our application has over 3 million records every 24 hours that we need to export using Splunk. When we tried using Re...

by New Member in

Monitor files perfomance

Hello, I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for f...

by Explorer in

Why are we unable to run splunk forwarder image as non root user?

Hi, I want to run splunk-universalforwarder with non-root user. I created my own docker image and tried to run it...

by New Member in

kvmode=json and field aliases

When using kvmode=json to carve fields, when I try to create a field alias to make the fields CIM compliant, they don...

by Communicator in

How to mask emails and credit card numbers in logs?

According to the link below, it looks possible to mask data in splunk. https://docs.splunk.com/Documentation/Splunk/6...

by Explorer in

Getting JSON-data in Splunk (preferably with Streamsets)

Hi all, I am new to Splunk and am struggling to get this to work. I use Streamsets to add data to my streams. F...

by Explorer in

Send Mainframe logs to Splunk?

Dear, I ask you guys for help on how to send Mainframe logs to Splunk? What events are more important collect the ...

by Path Finder in

New install of UF windows, splunkd.log says "sock_error = 10054. SSL Error = No error"

I just installed a new UF on a Windows VM, and I'm getting an error that connection to the host failed, with "sock_er...

by Communicator in

How do I capture the output of a script from a scripted input?

All, I have a script which I'd like to capture the output from. I assumed that as long as I had it started by my ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Inline field extracted vs Transformation?

data from blobs of azure not coming in format

Getting IP address of Splunk server instead of particular PC in logs.

Why is field ingestion not working when ingesting custom CSV data?

Which port can I use to send Syslog traffict to splunk for a Cisco Nexus device?

Where can I find a good video on field extraction (parsing) ?

Lines starting with semicolon(;) needs to discarded completely from indexing . My props and transforms not working

About obtaining log of virus buster

Unable data of table and resource of azure to splunk

webhook: unable to read POST data

syslog-ng to HEC data persistence

Splunk forwarder delays only Concurrently generated logs

How to index .evt(x) files exported from a Windows system for Forensics/Root Cause Analysis/Incident Response etc when the system is no longer operational?

SEDCMD a field

Need SEDCMD Help.

Proper way to mount configs in Splunk Docker Container

Need to export Splunk data (our application logs) to CSV using API

Monitor files perfomance

Why are we unable to run splunk forwarder image as non root user?

kvmode=json and field aliases

How to mask emails and credit card numbers in logs?

Getting JSON-data in Splunk (preferably with Streamsets)

Send Mainframe logs to Splunk?

New install of UF windows, splunkd.log says "sock_error = 10054. SSL Error = No error"

How do I capture the output of a script from a scripted input?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions