Getting Data In

Discussions

Thread Info

How do I remove the lines with INFO or WARN from logging to Splunk?

I want to NOT ingest the events that have INFO or WARN in them. Can I use the following in the Props.conf without any...

by Path Finder in

Using lookup table for whitelisting CIDR ranges in SPL and getting zero results

I'm brand new to Splunk and I'm having difficulty getting a query to return the results I'm looking for. I've checked...

by Explorer in

Capture and parse incoming Source IP's from Heavy Forwarder receiving incoming Linux logs?

I have a heavy forwarder that is capturing incoming logs from thousands of Linux hosts. The hosts are sending their O...

by Path Finder in

finding systems from a CSV that are not reporting into Splunk

I have a search that I am working on and running into problems. Currently, I have a CSV generated that contains a...

by Explorer in

Why is data getting duplicated?

Hi , We have noticed an issue in my Splunk environment: Issue: Data is getting duplicated twice in indexers....

by Communicator in

Adding new device to splunk Cisco UCS add on

Hi All, In our environment, Already our team installed the "Cisco UCS Add-On" and data is getting into splunk. ...

by Explorer in

In Windows Security logs Splunk is no longer resolving account names and instead showing SIDs

Good morning, I noticed recently that some of my events in splunk are no longer displaying account names and group...

by Communicator in

parsing specific events in logs at heavy forwarder

Hello, I am new to splunk and learning it . I am trying the parse the events with specific keyword will dropping t...

by New Member in

Is there a way to attach an excel file instead of csv to an email alert?

Hello. I have an email alert that sends the results in a csv file attached to the email. The search result of this...

by Path Finder in

Can I set different interval of execution for different hosts receiving same scripted input app from deployment server?

Hi, We have a requirement where we need to deploy an app having a script in it but interval of execution of script sh...

by Path Finder in

How to remove duplicate events in search results without using DEDUP

I'm using *NIX app 4.6, and for auditd logs I have a duplication problem of events. I also checked the raw logs and t...

by Explorer in

How to monitor network file share drive ?

I have application data being collected on following shared folders over network : \qlikviewt1\east\torage\ \qlik...

by Path Finder in

How can I configure routing that sends specific logs to only 514 and other logs to 9997?

I want to configure routing that sends specific logs(syslog_test) to only 514 and other logs to 9997, so I edited pro...

by Builder in

How to install it on pfsense

Can you provide tutorial to install it pfsense. 1. currently the splunk enterprise is installed on my mac 2. need to ...

by Explorer in

Are there limitations on using the searchmatch() eval function in props.conf?

I have the following eval statement: | eval aaa=case( action=="opened","success", action=="closed","succes...

by Builder in

Can you help me with some weird search behavior with SEDCMD?

Hello, I'm monitoring a single file on my Linux machine with Splunk, [monitor:///...] in inputs.conf. As I need...

by Explorer in

Timestamp extraction stops working on some lines and all future lines

Hello! I have a log which has the following format: 12345|A123456/A12345678/some_thing|00:01:00|0|AA|a1234abc_a...

by Communicator in

Can we limit how many results are output to a CSV in a scheduled search?

Hi, I have 2 scheduled searches that run each morning. When I run them manually, 60k results are returned and out...

by Communicator in

How do I display data in Splunk that's delivered through the HTTP collector endpoint?

I'm running a cloud trial of Splunk and have set up an HTTP collector. Data is being delivered to the endpoint via cU...

by New Member in

API for Splunkbase

Hi all, is there an API for splunkbase.splunk.com? I want to automatically check which apps of the ones we current...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I remove the lines with INFO or WARN from logging to Splunk?

Using lookup table for whitelisting CIDR ranges in SPL and getting zero results

Capture and parse incoming Source IP's from Heavy Forwarder receiving incoming Linux logs?

finding systems from a CSV that are not reporting into Splunk

Why is data getting duplicated?

Adding new device to splunk Cisco UCS add on

In Windows Security logs Splunk is no longer resolving account names and instead showing SIDs

parsing specific events in logs at heavy forwarder

Is there a way to attach an excel file instead of csv to an email alert?

Can I set different interval of execution for different hosts receiving same scripted input app from deployment server?

How to remove duplicate events in search results without using DEDUP

How to monitor network file share drive ?

How can I configure routing that sends specific logs to only 514 and other logs to 9997?

How to install it on pfsense

Are there limitations on using the searchmatch() eval function in props.conf?

Can you help me with some weird search behavior with SEDCMD?

Timestamp extraction stops working on some lines and all future lines

Can we limit how many results are output to a CSV in a scheduled search?

How do I display data in Splunk that's delivered through the HTTP collector endpoint?

API for Splunkbase

Enterprise Security Content Update (ESCU) | New Releases

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Understanding Splunk Index Retention

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server

Ingest Actions error

Splunk OTEL Collector throwing Timeout and Authent...