Getting Data In

Thread Info

Index whitelisting and blacklisting not work in forwarders

Hi all, I have a number a forwarder that sends a lot of logs to different indexes. For example, there are three ind...

by Path Finder in

How to use Eval recursively?

Hi, We are using Splunk Cloud, so we can't access the conf files. In one of our custom source types, we need to c...

by Path Finder in

Is Splunk support Perl script?

I am looking for Perl script execution steps in Splunk. Please provide the details steps in case of possible.

by New Member in

Incident Review dashboard has no value

Incident review dashboard is displaying no value, despite having correlation searches enabled. Upon investigation, I ...

by Loves-to-Learn in

K8s and Linux Audit Logs Missing From OTEL Collected Logs, Were Present With SCK

Hi folks, So I'm working to migrate from the old Splunk Connect for Kubernetes log collector to the new Splunk OTEL...

by Loves-to-Learn in

Splunk Forwarder doesn't monitor new files

Hello, I need some help. I have a folder and an app that writes logs in NDJSON format and creates a new log file...

by Loves-to-Learn Lots in

splunk uf stopped in a server

We have a splunk forwarder installed in a server where the logs were pushed to splunk cloud. Without any restart or ...

by Loves-to-Learn in

How to ingest Application prometheus metrics onto Splunk Enterprise through UF?

Hello Team, I would like to get clarified whether there is a possibility of ingesting application prometheus metric...

by Observer in

Setup UiPath logging export

Hello all, In our environment, the UiPath team doesn't seem to know how to expect the export expecting in the defau...

by Contributor in

How to assign priority to an asset? Splunk ES

Hello, Splunkers!I am learning Splunk ES and trying to understand how urgency value is assigned for notables generate...

by Path Finder in

How to change time picker for security posture dashboard in ES?

Hello Splunkers!I want to change the time picker of this dashboard in Enterprise security to provide the count of not...

by Path Finder in

Searched data on HF to be sent to the IDX cluster

Hello All, I have an LDAPsearch app installed in one of the onprem Heavy Forwarders and I need to index the search ...

by Explorer in

How to convert timestamp into proper date

Hello Splunk Community, I am trying to extract the "timestamp":"1715235824441" with proper details.Could anyone hel...

by Explorer in

Using the auth0 add on not seeing any data

HI Set up the add on on a cloud instance. Not seeing any data come in via HEC. Any ideas on how to troubleshoot? ...

by Splunk Employee in

Ingest Action to include message

I am using ingest action to filter the log message before being indexed in splunk..I want to include the message that...

by Loves-to-Learn Lots in

props and transforms not working

Hi All, My props and transforms is not working. Kept the props and transforms in the Heavy Forwarder. can anyon...

by Path Finder in

bash_history file monitoring

Hi.I'm using Splunk Enterprise 7.3.2 and installed universal forwarder 8.2.6 on Linux.I was asked to monitor the .bas...

by Engager in

How can I get Ansible script to automate installation of splunk universal forwarder on 1000 Linux Red Hat Servers??

Please I need detailed step-by-step process on how I can install splunk universal forwarder on 1000 linux red hat ser...

by Path Finder in

Correlation Help Log

Hello Splunkers, I'm new to Splunk and I'm stuck; I'm getting more data than I'm supposed to. Users are showing up wh...

by Loves-to-Learn Lots in

props config for logs

Hi Splunk Community, I am trying to create a props.conf for the sample log file below. My goal is to * Del...

by Path Finder in

Splunk Integration

How do i integrate my website hosted on AWS(ec2) with splunk?

by New Member in

Splunk Connect For Syslog - Sending syslog using Kiwi Syslog Message Generator (UDP 514) failed but TCP 514 success

Hello. I am completely new at Splunk. Recently, I've recently taken on a role where I'll be working with Splunk quite...

by Explorer in

Deployment Server cannot restart deployment clients after new changes have been downloaded

We use a Deployment server to manage config of our UF fleet. Recent changes to privileges on clients are preventing t...

by Path Finder in

Field extractions from Application logs - pick specific value

I have splunk logs where there is key word like <ref>BTB- Abcd1234<ref> as it's primary key for trade referenc...

by Engager in

How to ensure logs delivery to Splunk

Hello Splunkers! Imagine a scenario:There is a test environment with Splunk being deployed in ubuntu-server 20.04 v...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Index whitelisting and blacklisting not work in forwarders

How to use Eval recursively?

Is Splunk support Perl script?

Incident Review dashboard has no value

K8s and Linux Audit Logs Missing From OTEL Collected Logs, Were Present With SCK

Splunk Forwarder doesn't monitor new files

splunk uf stopped in a server

How to ingest Application prometheus metrics onto Splunk Enterprise through UF?

Setup UiPath logging export

How to assign priority to an asset? Splunk ES

How to change time picker for security posture dashboard in ES?

Searched data on HF to be sent to the IDX cluster

How to convert timestamp into proper date

Using the auth0 add on not seeing any data

Ingest Action to include message

props and transforms not working

bash_history file monitoring

How can I get Ansible script to automate installation of splunk universal forwarder on 1000 Linux Red Hat Servers??

Correlation Help Log

props config for logs

Splunk Integration

Splunk Connect For Syslog - Sending syslog using Kiwi Syslog Message Generator (UDP 514) failed but TCP 514 success

Deployment Server cannot restart deployment clients after new changes have been downloaded

Field extractions from Application logs - pick specific value

How to ensure logs delivery to Splunk

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions