Getting Data In

Ask a Question

Discussions

Thread Info

How to split a json array into multiple events?

I'm looking for a way to split a JSON array into multiple events, but it keeps getting indexed as a single event. I...

by Path Finder in

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Hi Community, I'm trying to extract search results using REST API and I'm facing the following problem. 1. I'm using...

by Path Finder in

Edge Processor Destination not showing up in Pipeline

I've been writing new pipelines to my Edge Processors when I discovered that no destination values are showing up for...

by Observer in

How can we determine the overall percentage of memory utilization on a Windows server?

I've read through some of the Splunk documentation and previously one of my colleagues already configured the "Window...

by Observer in

HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ?

We have 40 dc server sending logs to onprem indexers but i see on Deployment server i can see only on App which has o...

by Engager in

Why are we missing Windows "WinEventLog:Security" event logs?

I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se...

by Communicator in

How to parse timestamp which is in epoch and assign it to the same field timestamp

Hello All, I have log file which has the following content in json format, I would like to parse the timestamp and ...

by Loves-to-Learn Lots in

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

As we have recently enabled various audit settings on our domain, we now have 4662 events being generated on the DCs....

by Engager in

ITSI Glass Table

Hello Experts, In Splunk ITSI, we’re able to see the alerts in the Alerts table, but those alerts are not being ref...

by New Member in

Trimming data and sending it through Cribl and Datadog

So the title is pretty self explanatory. I have been approached and requested to trim logs. I had initially installed...

by Communicator in

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Based on the article provided below we have updated our Atlassian settings to pull the Bitbucket logs into our Audit ...

by Contributor in

Routing Sourcetype

We are collecting the sourtype of the data we are currently receiving by changing it as follows. [A_syslog]TRANSFOR...

by Explorer in

HEC configuration for AWS logs

We have a architecture of 3 site multi cluster which contains 6 indexers (2 in each site), 3 search heads (one in eac...

by Communicator in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Splunk DB Connect Addon

Dear Splunk Community, I need some advice on how to get DB Connect configured. I'm hitting a brick wall trying to g...

by New Member in

"Akamai Security Incident Event Manager API" not found

Upon installing the Akamai SIEM I am not seeing the data input option for "Akamai Security Incident Event Manager AP...

by Explorer in

Critical Bucket size and range

Hi There, I have noticed that the cloud monitoring console is reporting a critical bucket. I only have one and have...

by Communicator in

change timestamp for extra data

We are collecting various data from security equipment.The data is being stored in index=sec_A and received as sourty...

by Explorer in

Good example of a working custom REST endpoint (but not an admin:* one)

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note...

by SplunkTrust in

Netskope onboarding

Hi, I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Spl...

by Explorer in

cloudwatch logs tagging

Expert advice needed. I was able to ingest cloudwatch logs for ecs and lambda with data manager Now i need to add...

by Loves-to-Learn Lots in

pull Azure event hub logs to Splunk

How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh...

by Communicator in

Why doesn't my Ingest Action work?

I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi...

by Explorer in

How do I set up a KV Store lookup?

I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku...

by Motivator in

Splunk and Cisco Firepower Audit Logs

Hello folks, My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've be...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to split a json array into multiple events?

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Edge Processor Destination not showing up in Pipeline

How can we determine the overall percentage of memory utilization on a Windows server?

HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ?

Why are we missing Windows "WinEventLog:Security" event logs?

How to parse timestamp which is in epoch and assign it to the same field timestamp

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

ITSI Glass Table

Trimming data and sending it through Cribl and Datadog

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Routing Sourcetype

HEC configuration for AWS logs

Ask Questions, Get Help about Data Manager for Splunk Cloud

Splunk DB Connect Addon

"Akamai Security Incident Event Manager API" not found

Critical Bucket size and range

change timestamp for extra data

Good example of a working custom REST endpoint (but not an admin:* one)

Netskope onboarding

cloudwatch logs tagging

pull Azure event hub logs to Splunk

Why doesn't my Ingest Action work?

How do I set up a KV Store lookup?

Splunk and Cisco Firepower Audit Logs

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions