Getting Data In

Community Activity

Does INDEXED_EXTRACTIONS imply index fields for all the fields? I just set INDEXED_EXTRACTIONS = CSV for a large data ingestion sourcetype, and validating with tstats, and it seems ... by spl_aficionado Path Finder in Getting Data In 02-09-2026 0 2	0	2
Oracle Cloud (OCI) WAF Logs Ingestion Hi,Does anyone know how to ingest the WAF logs generated by the Oracle Cloud Web Application Firewall service? The lo... by adnankhan5133 Communicator in Getting Data In 02-09-2026 0 2	0	2
Splunk addon for iis: why have configs other than ms:iis:auto been deprecated? I see from the latest release notes that the recommended sourcetype is ms:iis:auto and the others have been deprecate... by cmeo-bcit Explorer in Getting Data In 02-08-2026 0 4	0	4
Need assistance on Log forwarding from UF I am trying to forward win event security logs from server using UF to our Heavy forwarder. UF has all the required ... by Navanitha Path Finder in Getting Data In 02-06-2026 0 4	0	4
Syslog ng cut the logs of Fortigate? I have a Fortigate firewall that was configured to send UDP logs, lately, I have configured it to send TCP logs inste... by muradgh Path Finder in Getting Data In 02-06-2026 1 20	1	20
Splunk add-on for Amazon Web Services - "Conf file(s) passwords.conf changed, exiting" I have the Splunk add-on for Amazon Web Services v 8.0.0 installed on a Heavy Forwarder and we have several inputs wo... by StuartMacL Path Finder in Getting Data In 02-06-2026 0 1	0	1
Visibility and Monitoring for HEC base Data Ingestion Interruptions please advise whether there is a solution or monitoring use case to identify interruptions in HEC base data ingestion... by Nraj87 Explorer in Getting Data In 02-05-2026 0 3	0	3
Timestamp issue : Events to Metrics conversion Hi Everyone, I have created a custom app that clones current raw data , extracts metrics and dimensions from existing... by Poojitha Communicator in Getting Data In 02-04-2026 0 2	0	2
How come we need to restart the Google app/Heavy Forwarder to take care of a 401 error? We recently experienced a data gap for our Google index lasting several days. Our environment uses the following two ... by danielbb Motivator in Getting Data In 02-02-2026 0 1	0	1
cut a specific phrase in props.conf Hi Community,how to cut..., "q": 0, "user": "system.user.admin"...from...{ "val": 0, "ts": 1770058561014, "q": 0, "us... by GSNRMUVW Loves-to-Learn in Getting Data In 02-02-2026 0 6	0	6
Amazon Linux 2023 performance troubleshooting I have been tasked with building out new instances of anything that runs an older OS, and for our EC2 instances this ... by briancronrath Contributor in Getting Data In 02-02-2026 0 1	0	1
How to Integrate and ingest the audit logs of Cymulate (Breach Attack Simulation) into Splunk We have employed Cymulate, a BAS (Breach Attack Simulation) Solution for Red Teaming activity and Detection Engineeri... by Jayanthan Loves-to-Learn Everything in Getting Data In 01-30-2026 0 0	0	0
What's wrong with this REGEX? I have this "innocent" regex to send to the nullQueue in transforms.conf, and it doesn't work. I'm scratching my head... by danielbb Motivator in Getting Data In 01-29-2026 0 5	0	5
Indexer Sizing We would like your guidance on how to calculate the required number of Splunk indexers for our environment.Currently,... by msaleh7422 Engager in Getting Data In 01-28-2026 0 2	0	2
Duplicates XML events in file monitoring Hello Splunker, i need your help.I have a problem with monitoring a single XML file that records events from an appli... by LM_ACN Engager in Getting Data In 01-27-2026 0 2	0	2
Splunk listen on port 514 UDP Hi,I understand that ports below 1024 are reserved for root access. Is there any supported way for Splunk to listen o... by ws Path Finder in Getting Data In 01-26-2026 0 6	0	6
How to Identify which HF is sending logs/metrics Hi,I have incoming data from 2 Heavy Forwarders.Both of forward HEC data and the internal logs, how do I identify whi... by _pravin Contributor in Getting Data In 01-22-2026 0 14	0	14
What's the best way to handle multiple different time formats in the same source? Hello Splunk Community,My team is currently processing logs from a single source that can contain events with differe... by spl_aficionado Path Finder in Getting Data In 01-21-2026 0 6	0	6
Splunk and TheHive integration Hey!My team is interested in integration of Splunk (especially ES) and TheHive Project products.The goal is to provid... by bil151515 Engager in Getting Data In 01-20-2026 1 3	1	3
Struggling with setting up SC4S in an air-gapped environment – looking for the best deployment approach Hi,I’m trying to use Splunk as a log aggregation solution, and eventually as a SIEM. I have three industrial plants ... by kn450 Explorer in Getting Data In 01-19-2026 0 1	0	1
HF licensing when License Manager is not reachable due to network restrictions We have a distributed on-prem Splunk environment with strict network segmentation between sites.Scenario:Site B:Sourc... by ibrahim1 Explorer in Getting Data In 01-19-2026 0 11	0	11
Timestamp configuration in props for epoch time Dear All,I am getting data from the Search head in json format. The first field of the event is timestamp and it is i... by Tamilraj28 Engager in Getting Data In 01-18-2026 0 1	0	1
How to use Lambda to push logs to Splunk Cloud I'm trying to onboard data from AWS to Splunk Cloud and planning to use Lambda But we have numerous options within La... by richah Explorer in Getting Data In 01-18-2026 0 1	0	1
Field Extractions in Splunk GovCloud I'm in the process of setting up a new Splunk GovCloud instance, and I'm having no luck getting field extractions to ... by bpenny Explorer in Getting Data In 01-16-2026 0 5	0	5
Why do we have major indexing delays for some sourcetypes of Google Workspace? Looking at our Google Workspace data flow, and we experience consistent 4 to 5 hour indexing delays with most of the ... by danielbb Motivator in Getting Data In 01-16-2026 0 3	0	3