Getting Data In

Discussions

Thread Info

a problem in Splunk UBA Installation

Hi, I am installing Splunk UBA 5.4.2 on my laptop in a virtual machine (RHEL 8.8) for testing. I followed the install...

by Explorer in

How to handle multiline events from k8s via opentelemetry / HWF

Hi - we have been sending data from our K8s cluster to splunk hwf which then forwards to the indexer. It works great...

by Explorer in

Documentation for implementing Semperis DSP

We are looking at bringing in Semperis DSP logs to evaluate them. Is there documentation on sending those logs to Spl...

by Engager in

Proofpoint On Demand Email Security Add On Audit Logs Ingestion

Are we able to ingest into Splunk the config change events such as the attached image, using "Proofpoint On Demand Em...

by Path Finder in

Juniper switch add-on

Hi at all, I have to parse Juniper Switch logs that are very similar to Cisco ios. In the Juniper Add-On there is...

by SplunkTrust in

.NET Application Runtime Metrics Not Showing in Splunk APM Dashboard

I’m currently instrumenting a .NET application to send telemetry to Splunk Observability Cloud using the Splunk Distr...

by New Member in

Getting different sourcetypes from the same source

Hi, I am configure the apps on the UF from a Deploy Server, and get this weird behavior: What I am trying to do i...

by Path Finder in

Streamfwd drops IPFIX data with “no template received”—pcap shows templates arrive after data

Environment- Splunk Enterprise 10.0.0 (Ubuntu 24.04), single VM (indexer+SH+Stream)- splunk_app_stream 8.1.5, Splunk_...

by New Member in

How to aggregate results by elements in the array, and sort them by ratio

I got my data stream in a following format: [ { "name": "event 1" "attributes": [false, true, true], }, { "name...

by Engager in

Can we install Botsv3 on splunk 10.0.0 in windows ?

Hi, I want to install the BOTS v3 dataset on Splunk 10.0 in Windows OS. Is it compatible with this version? If yes,...

by Explorer in

drop specific eventcode for specific destination

we have one HF , configured to routing into 3 destinations 2 * syslogNG 1* Splunk HF cluster our requirement i...

by Loves-to-Learn Lots in

Need help routing all Windows events to syslog but only selected Event IDs to Splunk

I’m trying to split my Windows events so that: All events get forwarded to a syslog server.Only certain Event I...

by Engager in

Duplicate field values in Splunk events from Cribl

Hello, I’m using Cribl Cloud to pull JSON events from an Azure Event Hub and forward them to Splunk via HEC. Each...

by Loves-to-Learn in

Filtering on WinEvent IDs

Hi all, sorry if this has been asked before, but my initial searches haven't turned up anything.I'm fairly new to Spl...

by Engager in

How to get last 5 mins triggered alerts and its data like host, source, message, etc fields using Splunk REST API

Hi Team, How to get last 5 mins triggered alerts and its data like host, source, sourcetype, message, etc fields ...

by New Member in

Unable to access services/saved/searches REST API for Splunk Cloud

Hi Team, I got one trail account from Splunk Cloud. I need to access below API. services/saved/searches But ...

by New Member in

Generate Splunk Cert with "bin/splunk createssl server-cert" including Server Alternative Name (SAN)

Hey, i am trying to connect from EDGE Processor to my Splunk Server and iam getting the following error: /opt...

by Engager in

Transforms Truncating - Setting SOURCE_KEY

We are currently having an issue where our masking transforms are not working due to the length of _raw being too lar...

by Explorer in

SC4S not able to parse syslog and ingest

I've set up my SC4S and connected to my indexer. Logs are ingested as show below but further down, those does not get...

by New Member in

Kafka Broker Error – Topics not receiving events (Status code KAFKA-1)

Hello, I’m experiencing an issue with my Kafka broker integration with Splunk.The error message I’m seeing is: Ka...

by Explorer in

to read the first previous event out of the selected time range

Hi, can anybody help, please? Here the status quo: In the Dashboard there is time picker object. selected time ...

by Contributor in

how to connect Azure Event Grid to Splunk using Webhooks and Cloud Events

I am the technical lead for a product that we hope to integrate to Splunk instances using webhooks. As an intermedia...

by New Member in

Indexer Cluster Fixup Tasks Stuck (fsck failed: exitCode=24)(bucket is already registered)

After the Splunk Master enters maintenance mode, one of the indexers goes offline and then back online, and disables ...

by Path Finder in

Splunk HEC Data Ingestion Issue from Azure Web Apps to Customer Cloud Instance

Environment Sending from: Azure Web Apps (Kudu CLI)Target: Two Splunk instances Personal trial Splunk (working)...

by Explorer in

$_index_name in indexes doesn't expand when moving indexes to frozed

Hi, I have issues with Splunk Enterprise 9.4.2 not expanding $_index_name from etc/system/local/indexes.conf. ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

a problem in Splunk UBA Installation

How to handle multiline events from k8s via opentelemetry / HWF

Documentation for implementing Semperis DSP

Proofpoint On Demand Email Security Add On Audit Logs Ingestion

Juniper switch add-on

.NET Application Runtime Metrics Not Showing in Splunk APM Dashboard

Getting different sourcetypes from the same source

Streamfwd drops IPFIX data with “no template received”—pcap shows templates arrive after data

How to aggregate results by elements in the array, and sort them by ratio

Can we install Botsv3 on splunk 10.0.0 in windows ?

drop specific eventcode for specific destination

Need help routing all Windows events to syslog but only selected Event IDs to Splunk

Duplicate field values in Splunk events from Cribl

Filtering on WinEvent IDs

How to get last 5 mins triggered alerts and its data like host, source, message, etc fields using Splunk REST API

Unable to access services/saved/searches REST API for Splunk Cloud

Generate Splunk Cert with "bin/splunk createssl server-cert" including Server Alternative Name (SAN)

Transforms Truncating - Setting SOURCE_KEY

SC4S not able to parse syslog and ingest

Kafka Broker Error – Topics not receiving events (Status code KAFKA-1)

to read the first previous event out of the selected time range

how to connect Azure Event Grid to Splunk using Webhooks and Cloud Events

Indexer Cluster Fixup Tasks Stuck (fsck failed: exitCode=24)(bucket is already registered)

Splunk HEC Data Ingestion Issue from Azure Web Apps to Customer Cloud Instance

$_index_name in indexes doesn't expand when moving indexes to frozed

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions