Getting Data In

Thread Info

HEC Curl Command Not Working?

Hello all! I have a weird problem occurring that I would like to get some feedback on. I currently am running a Splun...

by Communicator in

How to make the time stamp of logs default to _indextime?

Hi, Is there a way to have the time stamp of logs to default to the _indextime? I have noticed that a few events from...

by Explorer in

Perfmon:Memory missing from search head

I'm trying to timechart memory usage on my search head, but for some reason it's not collecting data. Specifically, m...

by Path Finder in

PingOne/PingIdentity log subscription ingestion - logs unreadable

I am sending logs from PingOne to my heavy forwarder. The logs are being streamed to the forwarder via TCP. The logs ...

by Engager in

Upload txt file - metafields source and sourcetype not searchable

Hello, i just uploaded a txt file with some logs, through GUI Add data ->upload. Data is indexed, and I can search it...

by Explorer in

crcSalt entries getting deleted on Forwarders inputs.conf, when changing Forwarder Data Inputs through GUI

Hello and good afternoon. I did run into the following issue and was wondering if anybody experienced the same and...

by New Member in

Support for logs compressed with xz?

The version of SUSE Linux I'm using has been compressing my logs with xz (by default) rather than gzip or bzip2. As s...

by Engager in

How can I define customize sourcetype that I write logs in _internal?

My custom script writes log in /opt/splunk/var/log/splunk/script.log. I want the log to be indexed in _internal bu...

by Explorer in

servicesns/user/app/saved/searches endpoint doesn't filter on user or app

Like the title says, I can hit the endpoint successfully, but the results are the same no matter what I replace "user...

by Path Finder in

messy code from inputted .xlsx files

when i try to input some excel files named xx.xlsx , and then i got some messy codes from search result like: "Pk\x00...

by New Member in

How to edit ps.sh to limit process getting in ingest for Splunk Add-on for Unix and Linux

Hello, I'm trying to only get a certain server processes to ingest to splunk index using Splunk Add-on for Unix and ...

by Engager in

What is the best practise for monitoring a file directly on the indexer machine(s)?

I need to monitor a file directly on the indexer. I know I can just define an inputs.conf on the indexer itself and r...

by Builder in

Splunk alert and shutting down a physical port on a switch

Have anyone used Splunk to act upon an alert and shut down a physical port on the switch? This would require running ...

by New Member in

How to filter the event by different date than mapped in the sourcetype?

We have Date1 mapped in the sourcetype for the index. So if I select last 7 days in the date filter data is filtered ...

by Path Finder in

Combine data across multiple sources and then split answer to separate rows when exported to csv

Good afternoon, I am trying to take data from multiple sourcestypes, combine it by a common field and then output ...

by New Member in

HEC Sourcetype

Hello everyone! I just have a brief question regarding the HEC input. Our primary data input is the HEC. For new appl...

by Communicator in

Palo Alto stopped logging traffic to Splunk

I am having the same issue as: https://answers.splunk.com/answers/507167/why-are-my-palo-alto-firewall-logs-not-forwa...

by Path Finder in

Why are logs not getting sent to Splunk with our current inputs.conf monitor stanza for a Windows file?

Hello All, I know this has been covered and there are many answers, but from what I can tell, my inputs.conf is co...

by Contributor in

How to do a match of fields between a CSV file and my SPLUNK search?

Hello I want to do a match between a CSV file and my SPLUNK search In the CSV file, I want that the field "host" whic...

by Motivator in

Single Value fields Ingested as Multi Value

I never ran into this problem before, but I hope someone has.. I have a python script which calls a REST API and p...

by Path Finder in

How to import old log files to splunk

I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and...

by Path Finder in

Send JSON file/txt file using HEC - stuck on curl command

Hello Trying to send a JSON file/text file through HEC to splunk. Getting stuck while adding "-d @data.json" in...

by New Member in

Is there a way to index data from NFS without mounting?

Hello, I'm relatively new to Splunk, so please bear with me. I wanted to know whether there was any way to point to m...

by New Member in

How to index data with multiple forwarders on the same host?

Hello, I googled around for similar questions but could not find anything, so I'm sorry if this question has alre...

by New Member in

Is there a way to define the colon to be a name value pair separator?

We have cases such as the ldap audit log file - dn: dc=<domain name>,dc=com changetype: modify replace: ds-sync-st...

by Ultra Champion in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

HEC Curl Command Not Working?

How to make the time stamp of logs default to _indextime?

Perfmon:Memory missing from search head

PingOne/PingIdentity log subscription ingestion - logs unreadable

Upload txt file - metafields source and sourcetype not searchable

crcSalt entries getting deleted on Forwarders inputs.conf, when changing Forwarder Data Inputs through GUI

Support for logs compressed with xz?

How can I define customize sourcetype that I write logs in _internal?

servicesns/user/app/saved/searches endpoint doesn't filter on user or app

messy code from inputted .xlsx files

How to edit ps.sh to limit process getting in ingest for Splunk Add-on for Unix and Linux

What is the best practise for monitoring a file directly on the indexer machine(s)?

Splunk alert and shutting down a physical port on a switch

How to filter the event by different date than mapped in the sourcetype?

Combine data across multiple sources and then split answer to separate rows when exported to csv

HEC Sourcetype

Palo Alto stopped logging traffic to Splunk

Why are logs not getting sent to Splunk with our current inputs.conf monitor stanza for a Windows file?

How to do a match of fields between a CSV file and my SPLUNK search?

Single Value fields Ingested as Multi Value

How to import old log files to splunk

Send JSON file/txt file using HEC - stuck on curl command

Is there a way to index data from NFS without mounting?

How to index data with multiple forwarders on the same host?

Is there a way to define the colon to be a name value pair separator?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?