Getting Data In

Discussions

Thread Info

Can we have one connect to Azure Commercial while the other connects to Azure Government event hubs?

I have been asked to check with Splunk Support on whether we can run 2 different Splunk add-ins for "Splunk Add-on fo...

by Explorer in

How to upload CSV from UI?

Hi All, We have a requirement where the end user would be uploading CSV to our HF, and from there, jobs would...

by Path Finder in

VMWare user access gate way: How do I override source types on a per-event basis?

Solved: How to seperate different Sourcetype logs from sin... - Splunk Community Configure Unified Access Gateway S...

by Communicator in

Getting Cisco Ironport ESA data into the Common Information Model

I am having a tough time understanding how anyone is getting Cisco Ironport ESA data to map to the CIM for use in thi...

by Explorer in

How to search to get list of URLs/domains in my logs in a particular period?

I am new to Splunk and I need help to get a query that lists all the domains that are in my logs (that were accessed ...

by Explorer in

Why is Dropdown in Dashboard Only Showing One Word Results?

Hello, Anyone have any idea why a dropdown filter would only show results for one word field result? I need the dr...

by Engager in

How would I monitor file content history change?

Hi I have two config files that need to monitor them, to answer these questions: Who?what?when? Change that file. Nee...

by Motivator in

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

Hello i have two windows event collectors. 3 domain controllers send their events to one event collector (WEC01), and...

by Path Finder in

How to send OCI (Oracle Cloud) Logs to Splunk (On-Prem)?

Are there any best practices with respect to sending OCI GovCloud logs over to Splunk? We're primarily planning to ge...

by Communicator in

How to exclude private ip address range based on the result of "rex max_match"

I run this query to extract all IP address from the events. There are multi ip based on one event. index=*| rex max...

by Engager in

How to install Splunk Universal Forwarder on multiple servers?

Hi Whats the best way to install Splunk Universal Forwarder on more than 100 servers without installing on each on...

by Builder in

How to extract timestamp in multiline event?

Hi all, can somebody please give me a hand w/ this. I would like to extract the timestamp from an Event like this:...

by Explorer in

Which endpoint can be used to retrieve splunk instance version?

Hi Guys, which endpoint should I use to get the version of Splunk except /server/info.I don't want to use /server/...

by Splunk Employee in

How to override source from raw data while indexing in splunk?

For example below is my raw data in sample.log file. This is a |AWS| test log testing. The source of this file...

by Explorer in

Where can I find the host for HEC URI?

This is probably a stupid question where can I find the <host> for the HEC URI <protocol>://<host>:<port>/<endpoi...

by New Member in

How to set up an Email Report after Alert?

I would like to have a report emailed to me a few minutes after an alert goes off. While the alert can include the r...

by Explorer in

Is it possible to send metrics to event index?

Hello, It is possible to send metrics to event index? For instance indexing df_metric from Splunk_TA_nix Thanks...

by Motivator in

Powershell Script Input via JSON not parsing correctly?

Hi  i have a curious problem. (btw. not my first Powershell input  ) I am trying to Input some Acti...

by New Member in

Why am I Unable to fetch Prometheus metrics into Splunk?

I have used the "Prometheus Metrics for Splunk" plugin from the Splunk Apps to get data from the Prometheus remote wr...

by Engager in

Splunk Forwarder: Why does it stop sending data after Too Many Fields?

Hello, We have a heavy forwarder that occasionally receives and event that exceeds the bounds of Splunk indexers. ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can we have one connect to Azure Commercial while the other connects to Azure Government event hubs?

How to upload CSV from UI?

VMWare user access gate way: How do I override source types on a per-event basis?

Getting Cisco Ironport ESA data into the Common Information Model

How to search to get list of URLs/domains in my logs in a particular period?

Why is Dropdown in Dashboard Only Showing One Word Results?

How would I monitor file content history change?

Extreme Latency with Windows Events on one Windows Event Collector. How do I troubleshoot?

How to send OCI (Oracle Cloud) Logs to Splunk (On-Prem)?

How to exclude private ip address range based on the result of "rex max_match"

How to install Splunk Universal Forwarder on multiple servers?

How to extract timestamp in multiline event?

Which endpoint can be used to retrieve splunk instance version?

How to override source from raw data while indexing in splunk?

Where can I find the host for HEC URI?

How to set up an Email Report after Alert?

Is it possible to send metrics to event index?

Powershell Script Input via JSON not parsing correctly?

Why am I Unable to fetch Prometheus metrics into Splunk?

Splunk Forwarder: Why does it stop sending data after Too Many Fields?

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

how splunk can detect wineventlog for "remote desk...

Delay in Access Logs from S3

Why is universal forwarder phonehome not interpret...

Why can't I see FortiAP logs?

Why am I having this issue with HEC guid?