Getting Data In

Discussions

Thread Info

Lines starting with semicolon(;) needs to discarded completely from indexing . My props and transforms not working

I would like to remove any lines that start with semicolon(;) from indexing. Below are my config files and sample dat...

by Path Finder in

About obtaining log of virus buster

I am always grateful for your help. It is necessary to capture the log of the ”Trend Micro virus buster” transferr...

by Champion in

Unable data of table and resource of azure to splunk

Hello, I have integrated azure and splunk , getting data for blob storage and audit . But Unable data of table and...

by Explorer in

webhook: unable to read POST data

Hello Splunk users, I'm sorry for this trivial question, but I can't understand. How can I read the HTTP POST data...

by Path Finder in

syslog-ng to HEC data persistence

How would we ensure data persistence/queuing when using Ryan Faircloth's (or a similar script) method to batch the sy...

by Builder in

Splunk forwarder delays only Concurrently generated logs

After reviewing splund.log, metrics.log in several attempts and adding check on storage etc. on splunk servers, we ha...

by New Member in

How to index .evt(x) files exported from a Windows system for Forensics/Root Cause Analysis/Incident Response etc when the system is no longer operational?

Problem statement: Windows .evt(x) files need to be indexed but the system the files originated from is no longer ope...

by SplunkTrust in

SEDCMD a field

I'm hoping what I want to do exists. I've reviewed props.conf.spec and https://docs.splunk.com/Documentation/Splun...

by Builder in

Need SEDCMD Help.

I have a csv that is coming in and we want to replace anything in the name section with "XXXX" Sample events "2...

by Builder in

Proper way to mount configs in Splunk Docker Container

Hello, currently working on Spinning up Splunk Containers using the splunk latest image. Works great when using all d...

by New Member in

Need to export Splunk data (our application logs) to CSV using API

Our application has over 3 million records every 24 hours that we need to export using Splunk. When we tried using Re...

by New Member in

Monitor files perfomance

Hello, I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for f...

by Explorer in

Why are we unable to run splunk forwarder image as non root user?

Hi, I want to run splunk-universalforwarder with non-root user. I created my own docker image and tried to run it...

by New Member in

kvmode=json and field aliases

When using kvmode=json to carve fields, when I try to create a field alias to make the fields CIM compliant, they don...

by Communicator in

How to mask emails and credit card numbers in logs?

According to the link below, it looks possible to mask data in splunk. https://docs.splunk.com/Documentation/Splunk/6...

by Explorer in

Getting JSON-data in Splunk (preferably with Streamsets)

Hi all, I am new to Splunk and am struggling to get this to work. I use Streamsets to add data to my streams. F...

by Explorer in

Send Mainframe logs to Splunk?

Dear, I ask you guys for help on how to send Mainframe logs to Splunk? What events are more important collect the ...

by Path Finder in

New install of UF windows, splunkd.log says "sock_error = 10054. SSL Error = No error"

I just installed a new UF on a Windows VM, and I'm getting an error that connection to the host failed, with "sock_er...

by Communicator in

How do I capture the output of a script from a scripted input?

All, I have a script which I'd like to capture the output from. I assumed that as long as I had it started by my ...

by Builder in

Is there a way to index Avro files in Splunk?

Hi Splunkers, I am in an odd pickle here. So, I am ingesting data from Amazon Web Services (AWS) to my Splunk ...

by Path Finder in

Monitor bandwidth with Netflow

I am newbie. I was config netflow on router, and then send netflow to logstash index netflow. Next, logstash send dat...

by New Member in

How to query a CSV file from another CSV file?

Hi I have 2 CSV file in lookups directory : The first CSV is called "host.csv" and has a field called "host" which...

by Motivator in

Splunk Universal Forwareder porformance impact

Hello. Do you know if exist a table, web page, benchmark or paper where the impact to performance for the applian...

by Explorer in

How to use the timestamp from a file name at index time?

hello I have log files that does not contain timestamp i want splunk to take the time stamp from the file name fil...

by Communicator in

How to get comma separated list of values?

Hi, Here's my query: index=uplynk slice_played isLive=1 channelID=8f88881faa334ab59484e999c6c5c318 | stats dc(...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Lines starting with semicolon(;) needs to discarded completely from indexing . My props and transforms not working

About obtaining log of virus buster

Unable data of table and resource of azure to splunk

webhook: unable to read POST data

syslog-ng to HEC data persistence

Splunk forwarder delays only Concurrently generated logs

How to index .evt(x) files exported from a Windows system for Forensics/Root Cause Analysis/Incident Response etc when the system is no longer operational?

SEDCMD a field

Need SEDCMD Help.

Proper way to mount configs in Splunk Docker Container

Need to export Splunk data (our application logs) to CSV using API

Monitor files perfomance

Why are we unable to run splunk forwarder image as non root user?

kvmode=json and field aliases

How to mask emails and credit card numbers in logs?

Getting JSON-data in Splunk (preferably with Streamsets)

Send Mainframe logs to Splunk?

New install of UF windows, splunkd.log says "sock_error = 10054. SSL Error = No error"

How do I capture the output of a script from a scripted input?

Is there a way to index Avro files in Splunk?

Monitor bandwidth with Netflow

How to query a CSV file from another CSV file?

Splunk Universal Forwareder porformance impact

How to use the timestamp from a file name at index time?

How to get comma separated list of values?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions