Getting Data In

Discussions

Thread Info

Does Splunk support LEEF formatted events?

Does it support LEEF, Log Event Enhanced Format?

by Champion in

Windows IIS Log and Splunk

On a Windows 2012 Server the daily IIS log is held open and sits at "0" bytes in size throughout the day. It appears ...

by New Member in

How to send data from IBM AS400 to Splunk via syslog?

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn...

by Communicator in

Host rewrite not working...

I'm trying to rewrite the host field based upon values in my data. Here is a sample event: {"href":"/orgs/1/audit_...

by Builder in

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queir...

by New Member in

Forward messages to different indexes based on the value of its field

Is it possible to forward messages to different indexes based on the value of message field ? And which forwarder is ...

by Engager in

JSON is being cut off at "created" key

I've got a pretty strange issue, and I'm sure there is a simple answer for it. Here is my env: 7.1.2All default co...

by Path Finder in

How do I ingest the details tab in Windows Forwarded Events?

I have a server that received forwarded event logs from clients within my Enterprise. The event logs are simple to re...

by Path Finder in

Custom fields for CSV Input

Hi All, We have Splunk environment with Indexers clustered and many forwarders managed by Deployment server. We ar...

by Path Finder in

Simple search using cURL returns empty results

I tried following a simple cURL request based on the training video and I get no results. I run my search: curl -u...

by Path Finder in

Why are my Palo Alto firewall logs not forwarding to Splunk anymore?

Hello. My Palo Alto firewall logs were successfully forwarding to Splunk for a while, except today I noticed that for...

by New Member in

After the Upgrade to 7.0.3 the inputlookup command not working properly

The lookup file was working fine for long time (2 months) and contained 1000+ entries However, after upgrading to ...

by Path Finder in

How to list all the values which are greater than or equal to three after splitting?

I have following values for a field="Listdir". I want to get the only the values which contains 3 or more directories...

by Path Finder in

Is there a way to determine how much disk space my sourcetype is taking up?

Hi, Is there a way to determine how much disk space a sourcetype is using?

by Champion in

Windows UniversalForwarder not registering Syslog input

I am trying to make UniversalForwarder on Windows Server 2008 R2 Standard act as a syslog data receiver and forward t...

by Path Finder in

Multiple Values in Key/Value pair

I am looking to return the multiple values I have on my dashboard currently only one shows up. Here is an example: ...

by Engager in

how to get list of all Index-time fields using a REST query?

Is there a handy REST query to fetch all index-time fields (which can be put to indexers). Currently the process is d...

by Engager in

Using Splunk with a custom application log file

I am working with a custom application that generates log files and I think I need to create a new source type and th...

by Explorer in

send snmp trap splunk to other system

Hi, I am following, Sending SNMP Traps On Windows document. As per document, I have placed sendsnmptrap.cmd script...

by New Member in

How can I tell splunk to ignore the first few lines for TCP port indexing?

I opened a TCP port to capture incoming data. But I don't know what I could do to filter out the first 10 lines befor...

by Contributor in

How to extract from CSV using rex?

I have a csv file that I am trying to pull data from, this is an example of the data in the file: Action, Message,...

by Path Finder in

Ingesting data from web query that returns JSON/XML response in plaintext

Hello All, I am trying to ingest data from a cloud-based 3rd party tool that returns JSON/XML in response to a we...

by Path Finder in

Splunk-SAML: Users entry existing in authentication.conf even after removing from SAML portal

Hello, I have been facing this issue with authentication.conf where if I remove a user from SAML portal, it still ...

by Path Finder in

How to index data into splunk from RabbitMQ?

Can someone pass me a setup tutorial? I need to use a plugin too, or only the AMQP app?

by Path Finder in

Why is blacklisting Windows event logs on a deployment server not working?

I tried following the documentation for blacklisting Windows event logs in Splunk 6.3.1 without success. I tried edit...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Does Splunk support LEEF formatted events?

Windows IIS Log and Splunk

How to send data from IBM AS400 to Splunk via syslog?

Host rewrite not working...

i can see only splunk example queries and no example output results. is there a document whcih have both exmple queires and the sample outputs.

Forward messages to different indexes based on the value of its field

JSON is being cut off at "created" key

How do I ingest the details tab in Windows Forwarded Events?

Custom fields for CSV Input

Simple search using cURL returns empty results

Why are my Palo Alto firewall logs not forwarding to Splunk anymore?

After the Upgrade to 7.0.3 the inputlookup command not working properly

How to list all the values which are greater than or equal to three after splitting?

Is there a way to determine how much disk space my sourcetype is taking up?

Windows UniversalForwarder not registering Syslog input

Multiple Values in Key/Value pair

how to get list of all Index-time fields using a REST query?

Using Splunk with a custom application log file

send snmp trap splunk to other system

How can I tell splunk to ignore the first few lines for TCP port indexing?

How to extract from CSV using rex?

Ingesting data from web query that returns JSON/XML response in plaintext

Splunk-SAML: Users entry existing in authentication.conf even after removing from SAML portal

How to index data into splunk from RabbitMQ?

Why is blacklisting Windows event logs on a deployment server not working?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures