Getting Data In

Thread Info

Netscaler Syslog to Sylog-ng over TCP Failing

Splunk Community, I have a Netscaler appliance configured to send syslog data to a syslog-ng server over TCP/9524....

by New Member in

Why am I getting this JSON Parsing error?: "parsing error:Unexpected character while looking for value"

Hi community, I have a strange issue when i try to parse a JSON : i have a basic JSON like this with 100 line: ...

by Explorer in

Home Monitoring with Splunk on Docker

Hey Guys Very new to Splunk. I want to do the following 1) Install Splunk on Docker on my NAS (Have the basic o...

by New Member in

Which instance should host the console?

REF - http://docs.splunk.com/Documentation/Splunk/7.0.5/DMC/WheretohostDMC Doc seems not straightforward to me for...

by Path Finder in

Problem ingesting from HEC, sslv3 alert certificate unknown

We're attempting to ingest from ELK servers into Splunk using ELK -> HEC, but are having difficulties getting past ss...

by Contributor in

Why am I unable to read logfiles?

I am trying to read log files from a server. I have made all the configuration in Splunk but data is not coming in Sp...

by Communicator in

UF is not flavour for monitoring over 10k of files?

Hi, I guess I'm not alone for this issue. Any of you encountered high CPU using when UF is monitoring like over 1...

by Explorer in

How do you modify data values before indexing?

Hi All, I want to remove more than 2 white spaces from event values at heavy forwarder before ingesting to indexer...

by Path Finder in

How to investigate Domain Local (DL) and Windows group membership?

Team, If we have Windows events and Active Directory (AD) is synced with Splunk, how can I search/investigate who ...

by New Member in

Indexer fails on startup

When I try and restart one of my indexers after an OS upgrade I am seeing the following messages. My 2 other indexers...

by Path Finder in

Help me find where my sourcetype is getting broken ?

All, My Windows Event Log items are coming in as sourcetype=WinEventLog and not sourcetype=WinEventLog:Security a...

by Builder in

Trouble installing Splunk_TA_jmx Add-on: Has anyone seen the following error?

I have the Splunk_TA_jmx add-on installed on a Heavy Forwarder but am getting the following error: Introspecting s...

by Path Finder in

On Forwarder: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

I am seeing messages like this: 09-05-2018 13:23:47.416 -0400 WARN AdminHandler:AuthenticationHandler - Denied se...

by Contributor in

Heavy Forwarder in DMZ

I have a segmented area of my network that I want to pull logs from a couple of systems. Rather than configure firewa...

by New Member in

Is it possible to rename a pretrained sourcetype?

We have log data that fits perfectly into the access_combined pretrained sourcetype. All looks perfect except the fac...

by Ultra Champion in

REST API Modular Input - 401 Client Unauthorized

I am trying to access Carbon Black via The REST API. As expected, this works in Postman: Console Output (keys and tok...

by Explorer in

What's the best way to monitor Splunk itself?

I would like to start a discussion as to how the community monitors their Splunk deployment? What are some of the met...

by Builder in

Why is some of my Data Not Onboarding After Writing Input.conf file?

Hi , i have a problem. i wrote one input.conf file and half of the data has been onboarded, and i can see the data in...

by Communicator in

How to deploy the Universal Forwarder 6.2.2 to a few hundred Windows 2008 R2 servers via Group Policy?

I've been tasked with installing the Splunk Universal Forwarder (splunkforwarder-6.2.2-255606-x64-release.msi) to a f...

by Explorer in

How can I get my inputlookup to ignore the time within the timestamp?

Here's What I have to fix but haven't yet figred out how. In this search index=dev_tsv "BO Type"="assessments" ...

by Communicator in

How to merge all lines into one single event?

Hi, How can I merge all lines of a config file into one single event? My inputs.conf is: [monitor:D:\CatTools3\Con...

by Explorer in

How to create an alert for password sharing across multiple countries for all logins across different hosts and applications with more than 60 indexes?

I tried using this query: index=* tag=authentication action=success OR action=failure Initially to retrieve us...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Netscaler Syslog to Sylog-ng over TCP Failing

Why am I getting this JSON Parsing error?: "parsing error:Unexpected character while looking for value"

Home Monitoring with Splunk on Docker

Which instance should host the console?

Problem ingesting from HEC, sslv3 alert certificate unknown

Why am I unable to read logfiles?

UF is not flavour for monitoring over 10k of files?

How do you modify data values before indexing?

How to investigate Domain Local (DL) and Windows group membership?

Indexer fails on startup

Help me find where my sourcetype is getting broken ?

Trouble installing Splunk_TA_jmx Add-on: Has anyone seen the following error?

On Forwarder: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

Heavy Forwarder in DMZ

Is it possible to rename a pretrained sourcetype?

REST API Modular Input - 401 Client Unauthorized

What's the best way to monitor Splunk itself?

Why is some of my Data Not Onboarding After Writing Input.conf file?

How to deploy the Universal Forwarder 6.2.2 to a few hundred Windows 2008 R2 servers via Group Policy?

How can I get my inputlookup to ignore the time within the timestamp?

How to merge all lines into one single event?

How to create an alert for password sharing across multiple countries for all logins across different hosts and applications with more than 60 indexes?

What query should I execute in the 2nd dropdown to not have value displayed in the 1st dropdown?

How can I have the 'HF' to forward specific logs to indexer and also transfer itself with syslog format?

Source type Timestamp settings.

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Extract fields from RFC5424 syslog with nested jso...

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions