Getting Data In

Discussions

Thread Info

Re-index all lines of a CSV file after any change?

I have CSV files that are point-in-time snapshots of a configuration. If any part of the CSV changes, I'd like the co...

by Path Finder in

Why is the Universal forwarder executing regmon, powershells and others with out them being explicitly configured?

Hi, why is my UF on Windows executing various splunk-* tools without them beeing configured in any input? Every few m...

by Contributor in

How to setup universal forwarder on linux

Step by step setup for universal forwarder.

by Path Finder in

What is included in Linux syslog?

Hi, On Linux Splunk servers, my system admin set this record in remotesyslog.conf . @@syslog-zone40.uth.tmc.edu:15...

by Contributor in

HTTP Event Collector in a distributed environment with load balanced Heavy Forwarders

I have a pair of heavy forwarders that is load balanced by a round robin DNS record. I want to set them up as HTTP...

by Path Finder in

Has anyone indexed Azure Devops audit log?

Hi. It seems Microsoft has exposed the audit log for Azure DevOps, https://docs.microsoft.com/en-us/rest/api/azure...

by Contributor in

Index showing latest data as over a month ago but events are still coming in

Hi, I have recently started looking at .conf files and configuring them to log specific site data. After I ma...

by Explorer in

How to monitor network bandwidth at Windows and Linux host and then forward to Splunk server?

Hi, I am trying to monitor bandwidth at computers (using Windows and Linux) in a network and send it to Splunkserver ...

by Engager in

How to find non-json records

I have a bunch of sourcetypes which are supposed to contain only valid JSON data. I've been asked to verify that in f...

by Path Finder in

Universal Forwarder to report 2 Indexer

What is the best way to route security events to Security Indexers and rest of the sourcetypes to operational indexer...

by Motivator in

ログソースタイプについて | About log source type

以下のログを取り込むときに推奨のソースタイプを教えていただけますでしょうか。 ◆ログ一覧・IIS -> ? ・MS Exchange -> ? ・gmail -> CSV形式？ ・Firewall-1 -> chackpoin...

by New Member in

Splunk dummy data from classes

Hello All Splunkers, I was wondering if someone have a dummy data for the access-combined source type. I am looking f...

by Communicator in

How to split the following JSON into different events?

Hello All, Im a newbie to JSON and have pretty much no knowledge in programming. Can someone please assist in splitti...

by Communicator in

Recommended R-Syslog equivalent collector for Windows systems.

Hello, We have a relatively small network on a remote location that needs to forward logs onto our Splunk Instanc...

by Engager in

How to send data to different index if packet broker tags events

Hi, i have a setup where a packet broker is sending multiple data streams to a universal forwarder. I need to unde...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Re-index all lines of a CSV file after any change?

Why is the Universal forwarder executing regmon, powershells and others with out them being explicitly configured?

How to setup universal forwarder on linux

What is included in Linux syslog?

HTTP Event Collector in a distributed environment with load balanced Heavy Forwarders

Has anyone indexed Azure Devops audit log?

Index showing latest data as over a month ago but events are still coming in

How to monitor network bandwidth at Windows and Linux host and then forward to Splunk server?

How to find non-json records

Universal Forwarder to report 2 Indexer

ログソースタイプについて | About log source type

Splunk dummy data from classes

How to split the following JSON into different events?

Recommended R-Syslog equivalent collector for Windows systems.

How to send data to different index if packet broker tags events

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

Assistance Needed: Reformatting Provided Events to...

XML Regex Conversion

SC4S Initial setup error

Reports are not indexed correctly

Journald exclude specific services