Getting Data In

Community Activity

Forward Data to a third-party system Hi, I am using SplunkForwarder to forward data to a non-splunk system by adding the stanza below in outputs.conf. ... by shangshin Builder in Getting Data In 09-11-2024 2 20	2	20
NiFi GetSplunk import events I'm trying to import a csv file generated by the NiFi GetSplunk component. It retrieves events from a Splunk Instance... by hanseMand Observer in Getting Data In 09-11-2024 0 0	0	0
How to forward splunkd.log to a foreign syslog server Dear community,it might be an odd question but i need to forward the splunkd.log to a foreign syslog server,therefore... by MattKr Explorer in Getting Data In 09-10-2024 0 1	0	1
Is it possible to ingest data related specifically from Microsoft Defender Safe Links? Is it possible to ingest data related specifically from Microsoft Defender Safe Links? We have tried both Microsoft ... by rg0nzalez New Member in Getting Data In 09-10-2024 0 1	0	1
Decomissioning indexers I am working to decommission some indexers from my cluster. I am using splunk offline --enforce-counts and letting th... by brent_weaver Builder in Getting Data In 09-10-2024 0 2	0	2
Zscaler log filtering Hello guys,I am quite new on the topic so I really need tyour help ^_^.I am ingesting Zscaler logs in a Splunk Cloud ... by Iana_R Loves-to-Learn Lots in Getting Data In 09-10-2024 0 1	0	1
Event does not break right Hi folks..I have an issue where I can't get an event to break right.The event looks like this **********************... by jesperbassoe Explorer in Getting Data In 09-09-2024 0 4	0	4
line break to different entries I have logs indexed like this. How to break entries based on each lines . i need each line as a seperate entry. I tr... by arunkuriakose Explorer in Getting Data In 09-09-2024 0 7	0	7
401 Unauthorized when trying to use REST API Hello, i am trying to intergrate the Splunk Ui Toolkit into my own Splunk instace that is running on localhost.I am ... by yallami Explorer in Getting Data In 09-09-2024 0 3	0	3
URL error for HEC - Cloud Hi all, I am a bit of a newbie here, and am trying to setup HEC on splink cloud, however the URL I have created follo... by Redwood Loves-to-Learn Lots in Getting Data In 09-08-2024 0 2	0	2
"splunk add oneshot" not working Hello.Trying to test a sourcetype using "oneshot". Although we were able to add raw data using "oneshot" the first t... by vpsmax Path Finder in Getting Data In 09-07-2024 0 3	0	3
Can I test SECCMD from command line using oneshot? I am attempting to test a SEDCMD for event manipulation and it does not appear this is possible via oneshot? When I t... by markconlin Path Finder in Getting Data In 09-07-2024 0 2	0	2
Help with oneshot json: Why is \| kvmode incorrect? I'm using a distributed Splunk Enterprise environment with over 15 peers at the Indexer Tier. I have some JSON data ... by NullZero Path Finder in Getting Data In 09-07-2024 0 4	0	4
How to blacklist the .gz files in input.conf? Hi Folks, I am trying to backlist the gz files in input.conf. But somehow the blacklist doesn't work properly. Files ... by sagar_shubham23 Explorer in Getting Data In 09-06-2024 0 3	0	3
How does Splunk handle gzip'd logs? Suppose I have `/var/log/nginx/access.log` and then a dozen files in the same directory named like `access.log-<date>... by jm_tesla Engager in Getting Data In 09-05-2024 0 5	0	5
How do I debug syslog that dont get into splunk whereas I can see the log when I use tcpdump Hi everyone,I’m currently sending vCenter logs via syslog to Splunk and have ensured that the syslog configuration an... by ryanf Engager in Getting Data In 09-05-2024 0 1	0	1
Change Splunk user from root to Splunk user Hi, The Splunk Heavy Forwarders and Deployment Servers were running under Splunk user. Unfortunately, during the upgr... by Ricco19 Loves-to-Learn in Getting Data In 09-05-2024 0 1	0	1
VMware Hosts logs do not show up in new Splunk server We have been using Splunk on a Windows server without issue. It ingested logs from Vmware hosts, networking hardware... by rweales Explorer in Getting Data In 09-04-2024 0 9	0	9
Splunk Windows Events to Third Party System Hello all, implementing some routing at the moment in order to forward a subset of data to a third party syslog syste... by solman07 New Member in Getting Data In 09-04-2024 0 1	0	1
Federated Search -How do I create lookup file with results? We are working with several remote datasets that are combined to give our end user a specific result. Federated Sear... by discenzadoe Explorer in Getting Data In 09-04-2024 0 3	0	3
Checkpoint events are not being parsed properly Hello, We are ingesting Checkpoint logs through an Edge Processor to our SCP. We have deployed Splunk Add-on for Chec... by adrifesa95 Engager in Getting Data In 09-04-2024 0 2	0	2
How to call a Rest/Json service on HTML button click action from dashboard search Hi,I have a splunk search which give back the testcase_id's.I need a button which call a rest API request.Rest API in... by kig121 Loves-to-Learn Lots in Getting Data In 09-03-2024 0 5	0	5
Routing Metric events to null queue I am trying to route metric type events to a null queue to avoid indexing them but they are still coming through. An... by markhvesta Path Finder in Getting Data In 09-03-2024 0 6	0	6
issue for _time I have events from Trellix Hx appliance and i need to adjust _time of the log events because it coming as 9/3/20 and ... by KhalidAlharthi Explorer in Getting Data In 09-03-2024 0 2	0	2
How to blacklist specific events on universal forwarder? Hello, community, I need help reducing Events containing 4688 and ParentProcessName=*splunkd.exe There is an excerpt ... by DanAlexander Communicator in Getting Data In 08-30-2024 0 2	0	2