Getting Data In

Discussions

Thread Info

Universal Forwarder doesn't forward specific log

Collect two logs with the Universal Forwarder.One log is collected well, but one log is not collected.Can you give me...

by Engager in

Log ingestion with line level delete

This evening decided to setup a test Splunk box in my lab to goof around with. Been a while since I have done this p...

by Communicator in

change index metadata dynamically during ingestion

Hi all, I'm trying to see if logs can be send to different indexes at index time depending on regex. Is it possibl...

by Explorer in

Cannot create token or find realm

I try to import into the Observability platform, but I fail to follow your documentation. This page, https://docs.s...

by Explorer in

What are the ports that I need to open?

Hi, for Splunk to work properly, what are the ports that I need to open? Can anyone specify the inbound ports and ...

by Engager in

Collect journalctl events with a Splunk UF to Cribl Stream in individual events

Hello, Here I have a small picture of how the environment is structured: Red arrow -> Source Splunk TCP (C...

by Explorer in

Get the journald logs from Universal Forwarder in JSON format to Splunk

Hello, first of all, sorry for my bad English, I hope you can understand everything. My goal is to get the journa...

by Explorer in

How can I arrange an input from file share?

How can I arrange an input from file share? File share is like \xyzglobal.local\Apps\Agent\Dev\logs\Dev. I have Splun...

by New Member in

Problem with connection_host = dns setting

Hello to everyoneWe have about >300 hosts sending syslog messages to the indexer clusterThe cluster runs on Windows S...

by Contributor in

how do i validate new logging locations in splunk

we are trying to configure octopus deploy where data is sent via HEC and now i need to validate new logging locations...

by New Member in

Indexer not indexing correctly

Hi Support Team I have two Splunk indexers and two forwarders. Both forwarders have a configuration with index = ...

by Engager in

Help with Injesting Oracle Fusion Application Audit logs

Hello follow Splunkers! We want to ingest Oracle Fusion Application (SaaS) audit logs into Splunk on-prem, and the ...

by Explorer in

Maximum SPLUNK_LOGGING_DRIVER_BUFFER_MAX Value

When using the Splunk Logging Driver for Docker, you can leverage SPLUNK_LOGGING_DRIVER_BUFFER_MAX to set the maximum...

by New Member in

VM Splunk / Proxmox / Unifi

Hello, I would like my router/firewall Unifi UDM-SE send his logs to my VM (splunk+ubuntu server). What I h...

by New Member in

MSCS TA: How to ensure mscs:azure:eventhub sourcetype is mapping to CIM?

Hi all. I'm trying to understand how to map my diagnostic setting AAD data coming in from an mscs:azure:eventhub s...

by Engager in

BlueCoatProxySG to Syslog to Splunk. How do I get this to work?

First off I have looked over the instructions contained here: http://docs.splunk.com/Documentation/AddOns/latest/Blue...

by Communicator in

_meta: How does it work?

I am setting _meta at the app level can i also set it in the /system/local or will one override the other For...

by Explorer in

Unable to use Splunk Cloud Trial version with SAP Cloud Integration

I am trying below blogs to use Splunk Cloud Trial version in SAP Cloud Integration. However, I am getting below err...

by Engager in

Splitting indexes between multiple output groups

Hi, We are collecting the logs directly though UF and HEC in the indexer cluster. All inputs are defined in Cluster...

by Explorer in

Need report to be emailed/send to splunk

Hi Team, We have some reports in a shared path, how to bring it to splunk?

by Builder in

How could I solve this error while setting the sourcetype ? error - could not use strptime to parse the timestamp after

by New Member in

How to assign actual directory source in script

Hi Community,I'm working on script input. I have created a script to convert binary code logs into human read-able fo...

by Explorer in

Splunk Add-on for windows

Hello, Does the below log paths of windows logs can be ingested into Splunk and if this is available in any add-on'...

by Motivator in

How to move summary index to another summary index with updated fields?

Hello,I have summary index feeding data since 6 months ago. There is new "field" and I tried to add new field into "p...

by Motivator in

Looking to create 2 timeframes but "week of month" is returning week of year

Hello. I am interested in data that occurs from Tuesday night on 8 PM until 6 AM. The caveat is that I need 2 separat...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal Forwarder doesn't forward specific log

Log ingestion with line level delete

change index metadata dynamically during ingestion

Cannot create token or find realm

What are the ports that I need to open?

Collect journalctl events with a Splunk UF to Cribl Stream in individual events

Get the journald logs from Universal Forwarder in JSON format to Splunk

How can I arrange an input from file share?

Problem with connection_host = dns setting

how do i validate new logging locations in splunk

Indexer not indexing correctly

Help with Injesting Oracle Fusion Application Audit logs

Maximum SPLUNK_LOGGING_DRIVER_BUFFER_MAX Value

VM Splunk / Proxmox / Unifi

MSCS TA: How to ensure mscs:azure:eventhub sourcetype is mapping to CIM?

BlueCoatProxySG to Syslog to Splunk. How do I get this to work?

_meta: How does it work?

Unable to use Splunk Cloud Trial version with SAP Cloud Integration

Splitting indexes between multiple output groups

Need report to be emailed/send to splunk

How could I solve this error while setting the sourcetype ? error - could not use strptime to parse the timestamp after

How to assign actual directory source in script

Splunk Add-on for windows

How to move summary index to another summary index with updated fields?

Looking to create 2 timeframes but "week of month" is returning week of year

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!