Getting Data In

Community Activity

Syntactical Error in WQL Hello,I am currently using Splunk UF 7.2 on a Windows Server, and my UF is configured on D Drive.I am getting below e... by sarvesh_11 Communicator in Getting Data In 07-29-2024 0 3	0	3
re-route logs from one index to another HelloI have one big index with lots of files which I want to reroute logs from there to different indexesThe reroute ... by sarit_s6 Engager in Getting Data In 07-29-2024 0 12	0	12
splunk forwarder - blue cape security tutorial Hello Splunk communityin a nutshell my problem is i have set up splunk and a forwarder on a server, added input and o... by benmstl New Member in Getting Data In 07-27-2024 0 2	0	2
How to reroute events from TCP routed index to a different index Hello, we receive data using _TCP_ROUTING from forwarders from another team using another Splunk cluster.We don't use... by splunkreal Motivator in Getting Data In 07-26-2024 0 2	0	2
inputs.conf TCP One port multiple indexes ? Hey allI am taking input over TCP by having this in my inputs.conf [tcp://1.2.3.4:123] connection_host = ip index = i... by Silah Path Finder in Getting Data In 07-26-2024 0 4	0	4
MS security integration with splunk Hi All,Data is not getting indexed after adding the conf by pavithra Explorer in Getting Data In 07-25-2024 0 3	0	3
Strip control/color codes I have log files with color codes and control characters that we'd like to strip because they clutter the search resu... by oreoshake Communicator in Getting Data In 07-25-2024 1 9	1	9
Slice Messages Before Search Time How can I cut some parts of my message prior to index time?I tried to use both SEDCMD and transform on raw messages b... by DoubleAka Observer in Getting Data In 07-25-2024 0 4	0	4
WEF .conf files Hi, in our organization we use wef to monitor windows. we configure an inputs.conf for monitoring from the Event view... by Gil Explorer in Getting Data In 07-25-2024 0 8	0	8
Addig data input Hello Splunkersi have clustered splunk 9.2.1 on prem, i have pushed an app from the CM to search head cluster and try... by msalghamdi Path Finder in Getting Data In 07-24-2024 0 2	0	2
Splunk Add-on Builder - send metrics with helper.new_event method? HelloI am building an app using the Splunk Add-on builder. Can I use the helper.new_event method in order to send a m... by c86 Loves-to-Learn in Getting Data In 07-24-2024 0 0	0	0
Solution: Splunk Enterprise Security (ES) incident review not showing notables or Splunk core settings issue Subject moved to https://community.splunk.com/t5/All-Apps-and-Add-ons/Solution-Splunk-Enterprise-Security-ES-incident... by splunkreal Motivator in Getting Data In 07-23-2024 0 1	0	1
linux logs only showing epoch time - how to convert epoch time upon ingestion in props/trans linux logs only showing epoch time - how to convert epoch time upon ingestion in props/trans ?is there a way or a con... by jcorcorans Explorer in Getting Data In 07-23-2024 0 1	0	1
Use NAS as cold storage We are using a clustered index environment and want to use NAS as our cold storage. I mapped NAS to a local folder fo... by Nawab Communicator in Getting Data In 07-23-2024 0 2	0	2
Microsoft Teams PSTN call logs Hello, We are interested in capturing Microsoft Teams PSTN call records. There is a Microsoft Graph API with specif... by sc3 New Member in Getting Data In 07-23-2024 0 2	0	2
Forward data from Netscout to Splunk Hello everyone, im new in Splunk and still need a lot to know.I want to ask question, how to forward data in JSON for... by Rizqi_Iskandar Loves-to-Learn Lots in Getting Data In 07-21-2024 0 4	0	4
_raw data _raw data exported from a search query. This not the actual raw data stream from the sending device, correct? This is... by splunkville Observer in Getting Data In 07-21-2024 0 1	0	1
Is there a way to get inputs.conf on the deployment server via the rest API? We can reach via https://<deployment server>:8089/services/deployment/server/applications/<app name> to the deplo... by ddrillic Ultra Champion in Getting Data In 07-20-2024 0 16	0	16
Timestamp file breakup get-brokersession is run via powershell and sent to a txt file. The information is getting into splunk however, eve... by kmm2 Path Finder in Getting Data In 07-19-2024 0 1	0	1
Line Breaking The above screen shot Blue color line event into one Event and above Blue color lines in to single event please provi... by vijreddy30 Loves-to-Learn Everything in Getting Data In 07-19-2024 0 6	0	6
Load Balancing at Splunk With load balancing the Universal Forwarder sends data to all the indexers equally so that no indexer should get all ... by ibraheem Explorer in Getting Data In 07-19-2024 0 0	0	0
Prevent ingestion of "NT AUTHORITY\SYSTEM" EventCode 4663 I am exceeding my 5GB license. I have determine the problem by doing a 24 hour search using the following: index="win... by sswigart Explorer in Getting Data In 07-18-2024 0 2	0	2
Get logs Hello everyoneI want help on how to deal with the following problemA company that got hacked and we want to know how ... by tuts Path Finder in Getting Data In 07-18-2024 0 5	0	5
Multisite indexer cluster : Why is data from other sites retrieved? Why is data from other sites retrieved? 1. splunk version 9.2.1 2. server.conf : manager-node [general] ser... by Cloud001 Explorer in Getting Data In 07-17-2024 0 11	0	11
Text File Ingestion I want Splunk to ingest my AV log. I made the following entry in the inputs.conf file:Note: The log file is a text fi... by sswigart Explorer in Getting Data In 07-17-2024 0 1	0	1