Getting Data In

Thread Info

Why can't I blacklist Windows Security EventCode 5152 in inputs.conf?

Hello, I am trying to blacklist EventCode 5152 in inputs.conf. I have tried putting it in a different order in the...

by Explorer in

How do you filter results after using the tostring "duration"?

I used the answer from this thread to create my query, but I can't figure out how to narrow them down. https://answer...

by Explorer in

Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers?

I'm trying to use a regex in a transforms.conf file on the Indexer to prevent indexing of informational and debug mes...

by Path Finder in

How can I split my data to show the average based on column values?

I am using the following query to split my data to show the average, min, and max based on the fields. But, I seem to...

by Path Finder in

How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home?

The other day I came across universal forwarder based deployment client which was not receiving deployment server app...

by Builder in

File can't be indexed

Hi Team, I have on file (is the picture) that are unable to catch and index i have this configuration i...

by Explorer in

How do I make my heavy forwarder, which is already configured, into a deployment server?

I have a Splunk Cloud instance and a heavy forwarder that sends in all my data into my cloud instance. I will now be ...

by Engager in

custom fields are not returned in search/jobs end point

Hi, The custom fields set in search/jobs POST are not returned in search/jobs GET. In earlier versions of splunk t...

by Influencer in

Can you help me get multiple fields from a single field in JSON?

The text field in my event contains A LOT of data. json snipped : {"Date":"2018-12-05T12:04:04.71","ID":"000000...

by Engager in

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

Hi Team, I am using Splunk 7.1.1 and i have been getting this error constantly LineBreakingProcessor - Truncat...

by Engager in

override source field to a common source using transform.conf and props.conf

Hi I want to have a common source field for all my syslog. I have centralized syslog server where I am running spl...

by Engager in

How can I take multiple fields and time values and combine them into one?

Suppose I have 4 fields fields= "jobtype" values= A,B fields= "status" values=1,2,3,4,5,6 fields= "Time1" values=...

by New Member in

How to send few values from jenkins pipeline to splunk and report it

Hi, Thanks in advance for your help. I am new to splunk and working on building few reports in splunk from Jenk...

by Explorer in

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Hello, I have an issue with a scripted input. I have 2 Linux on Amazon Web Services (AWS) : 1 based one AWS ...

by Communicator in

Can you help me create a search that would monitor activity to our login page from a single URL?

Hi Team, I hope that we are all well? I'm working on a search to assist in monitoring one of our web portals. W...

by Communicator in

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Hello, I'm trying to parse log entries that look like so EventTime=2018-12-07 10:06:31,Hostname=WIN-UE7JIIAK3I...

by New Member in

Why is host override in inputs.conf not working when it's IP?

I have remote servers dropping logs to a syslog server where I have a Splunk forwarder configured to push it to Splun...

by Engager in

How come replication isn't working on the Index cluster after a reboot?

We had to shut down one of the machines and create a new one. The cluster replication between the new and old ones do...

by Splunk Employee in

Lookup: local_ip{ having fields threat_key, CIDR range, description}. I want to match ip from index=* to the column CIDR range of lookup where threat_key="abc". How we can do that

Lookup: local_ip{ having fields threat_key, CIDR range, description}. I want to match ip from index=* to the column C...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why can't I blacklist Windows Security EventCode 5152 in inputs.conf?

How do you filter results after using the tostring "duration"?

Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers?

How can I split my data to show the average based on column values?

How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home?

File can't be indexed

How do I make my heavy forwarder, which is already configured, into a deployment server?

custom fields are not returned in search/jobs end point

Can you help me get multiple fields from a single field in JSON?

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

override source field to a common source using transform.conf and props.conf

How can I take multiple fields and time values and combine them into one?

How to send few values from jenkins pipeline to splunk and report it

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Can you help me create a search that would monitor activity to our login page from a single URL?

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Why is host override in inputs.conf not working when it's IP?

How come replication isn't working on the Index cluster after a reboot?

Lookup: local_ip{ having fields threat_key, CIDR range, description}. I want to match ip from index=* to the column CIDR range of lookup where threat_key="abc". How we can do that

Why is the process bar getting stuck while uploading a second CSV file, while the first CSV was uploaded successfully?

Can you help me figure out why our Windows Domain Controller is missing events?

Why am I getting "ERROR BTreeCP - failed: failed to rename... Access is denied"

How to index Outlook365 inbox?

Can anyone help me configure props.conf and transforms.conf to parse the following timestamp?

How to send different logs to different indexers from the same Universal Forwarder?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions