Getting Data In

Discussions

Thread Info

How to set checkpoint value in the rest api modular input?

I am trying to fetch the logs from a REST url. But when ever the url getting hit all the data is fetched from the url...

by Path Finder in

Does sourcetype=iis work for W3SVC logs with all fields?

I am still trying to work out sourcetype=iis . I am aware of the Add-On for IIS and have installed it, but I want to ...

by Communicator in

Is monitoring .conf files on forwarders any different from monitoring any other file?

We want to watch the /local .conf files on our forwarders and alert if changes are made. Is this as simple as setting...

by Path Finder in

Query for a list of users in a search head cluster

Goal Query for a list of all users across a search head cluster Problem Not all users are returned by the query be...

by Explorer in

How do you ingest a file with current time?

I have files with a time field that is of a previous date . I want to ingest these files in Splunk, but the indexed t...

by Path Finder in

How do I go about the parsing of Splunk modular input with JSON data?

Hi Splunk community, I am facing some issue in using the Splunk modular input. The modular input is built arou...

by New Member in

Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 1).

Hi, I am receiving the following error message in my inbox : Unable to initialize modular input "jmx" defined insi...

by New Member in

When adding "KV_MODE=none" to props.conf, how come unwanted field extractions are not being stopped?

I am looking for assistance with unwanted fields extracted automatically. I am using a custom sourcetype that I ad...

by Explorer in

Splunk eStreamer eNcore client doesn't start

I have been trying to get the Cisco eStreamer eNcore app to work and since rebuilding the FMC host, and using a routa...

by Communicator in

How do you edit user role capabilities using REST API?

I am creating indexes, inputs and roles based on k8s namespace. I was granting user role capabilities, but now, I nee...

by Engager in

How do I remove the lines with INFO or WARN from logging to Splunk?

I want to NOT ingest the events that have INFO or WARN in them. Can I use the following in the Props.conf without any...

by Path Finder in

Using lookup table for whitelisting CIDR ranges in SPL and getting zero results

I'm brand new to Splunk and I'm having difficulty getting a query to return the results I'm looking for. I've checked...

by Explorer in

Capture and parse incoming Source IP's from Heavy Forwarder receiving incoming Linux logs?

I have a heavy forwarder that is capturing incoming logs from thousands of Linux hosts. The hosts are sending their O...

by Path Finder in

finding systems from a CSV that are not reporting into Splunk

I have a search that I am working on and running into problems. Currently, I have a CSV generated that contains a...

by Explorer in

Why is data getting duplicated?

Hi , We have noticed an issue in my Splunk environment: Issue: Data is getting duplicated twice in indexers....

by Communicator in

Adding new device to splunk Cisco UCS add on

Hi All, In our environment, Already our team installed the "Cisco UCS Add-On" and data is getting into splunk. ...

by Explorer in

In Windows Security logs Splunk is no longer resolving account names and instead showing SIDs

Good morning, I noticed recently that some of my events in splunk are no longer displaying account names and group...

by Communicator in

parsing specific events in logs at heavy forwarder

Hello, I am new to splunk and learning it . I am trying the parse the events with specific keyword will dropping t...

by New Member in

Is there a way to attach an excel file instead of csv to an email alert?

Hello. I have an email alert that sends the results in a csv file attached to the email. The search result of this...

by Path Finder in

Can I set different interval of execution for different hosts receiving same scripted input app from deployment server?

Hi, We have a requirement where we need to deploy an app having a script in it but interval of execution of script sh...

by Path Finder in

How to remove duplicate events in search results without using DEDUP

I'm using *NIX app 4.6, and for auditd logs I have a duplication problem of events. I also checked the raw logs and t...

by Explorer in

How to monitor network file share drive ?

I have application data being collected on following shared folders over network : \qlikviewt1\east\torage\ \qlik...

by Path Finder in

How can I configure routing that sends specific logs to only 514 and other logs to 9997?

I want to configure routing that sends specific logs(syslog_test) to only 514 and other logs to 9997, so I edited pro...

by Builder in

How to install it on pfsense

Can you provide tutorial to install it pfsense. 1. currently the splunk enterprise is installed on my mac 2. need to ...

by Explorer in

Are there limitations on using the searchmatch() eval function in props.conf?

I have the following eval statement: | eval aaa=case( action=="opened","success", action=="closed","succes...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to set checkpoint value in the rest api modular input?

Does sourcetype=iis work for W3SVC logs with all fields?

Is monitoring .conf files on forwarders any different from monitoring any other file?

Query for a list of users in a search head cluster

How do you ingest a file with current time?

How do I go about the parsing of Splunk modular input with JSON data?

Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 1).

When adding "KV_MODE=none" to props.conf, how come unwanted field extractions are not being stopped?

Splunk eStreamer eNcore client doesn't start

How do you edit user role capabilities using REST API?

How do I remove the lines with INFO or WARN from logging to Splunk?

Using lookup table for whitelisting CIDR ranges in SPL and getting zero results

Capture and parse incoming Source IP's from Heavy Forwarder receiving incoming Linux logs?

finding systems from a CSV that are not reporting into Splunk

Why is data getting duplicated?

Adding new device to splunk Cisco UCS add on

In Windows Security logs Splunk is no longer resolving account names and instead showing SIDs

parsing specific events in logs at heavy forwarder

Is there a way to attach an excel file instead of csv to an email alert?

Can I set different interval of execution for different hosts receiving same scripted input app from deployment server?

How to remove duplicate events in search results without using DEDUP

How to monitor network file share drive ?

How can I configure routing that sends specific logs to only 514 and other logs to 9997?

How to install it on pfsense

Are there limitations on using the searchmatch() eval function in props.conf?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions