Getting Data In

Discussions

Thread Info

Any tips on setting up Dell Sonicwall Analytics?

Hello Splunkers, I'm having trouble getting apps/searches that rely on firewall data, to display anything. The dashbo...

by Path Finder in

MAX_EVENTS in props.conf not working

Hi everyone, We have the following Splunk configuration: Splunk Cloud instance (managed)Universal ForwarderMoni...

by New Member in

How to display several syslogs at the same time from different devices?

Hi All I am looking for a solution to display syslogs from three devices at the same time on the same screen in or...

by New Member in

What is the identification process for SplunkForwarder?

I've been asked to write a document about the process of SplunkForwarder connecting with a deployer or indexer and fo...

by Path Finder in

How to parse hash code from a raw log into a field

Mail_Log_Splunk: Info: MID 119972447 SHA ee1b5fe97eb813f416052526bc191f3112382a7e9638fba3a3ed2652acf81d5a filename Pi...

by New Member in

How do I combine two data sources and get rid of repeated IDs?

Currently I have two data sources with different names for the same IDs. One is called License Key Identifier and the...

by Explorer in

Splunk Add on For AWS - Generic S3 input

I have setup splunk add-on for AWS. For generic S3 bucket, we tried to add different format files into the bucket. Th...

by New Member in

,Guacamole Docker logs in Splunk

Hi, I would like the Guacamole logs to get forwarded to the Splunk server and I added the log forwarding parameters I...

by New Member in

Why am I encountering a bug when accessing nested JSON field values?

There seems to be a bug searching events with JSON data if the field names are nested. For example: sourcetype=cmd...

by Builder in

Collect remote files using SFTP

Hi all, Is there any native way of configuring splunk or forwarders to periodically collect files using SFTP ? ...

by New Member in

Help extracting and paring nested JSON for table

I'm indexing some JSON data that describes an AWS security group. Inside this JSON are nested pairs of port combinati...

by Engager in

len(_raw) vs |dbinspect rawSize

I use a simple query to determine the amount of data I've sent to splunk: index=x |eval esize=len(_raw) |timechart...

by Explorer in

How to use spath command in props.conf or transforms.conf in Splunk?

Hello , I used spath command to extract field from json data: {"key":"value", "key":"value", "key":"value", "ke...

by Explorer in

Getting issue while parsing event which have no timestamp in logs

Getting issue while parsing events which have no timestamp in logs, it should use date\time from last log event times...

by Explorer in

Can Splunk read a file in JSON format?

We are trying to pull in slack data using function1 which is not work as we are using the new api. We had a call with...

by Path Finder in

How to mass delete knowledge objects in version 7.0?

I've got a large number of orphaned objects that I'd like to clean up (delete). I don't see any way to do this in the...

by Champion in

Can I do an if else in a props.conf?

I am using Graylog to forward my windows events, all the events field names start with winlogbeat, but some are _even...

by Path Finder in

How to split multiple lines in a table into separate rows?

I have some data from Tenable and I am trying to weed out the rows with multiple values into its own row. ...

by Explorer in

crcSalt is not working

I ingested SQL ERRORLOGs and SQLAGENT logs with my forwader but didn't have the props.conf setup correctly. They show...

by Builder in

How would I filter out fields via Props.conf?

I am forwarding windows events from graylog to a UF and then UF to Indexer. I have a props.conf to create field alias...

by Path Finder in

How to define custom index and sourcetype for Universal Forwarder

Hi, I am using an Universal Forwarder to send a specific file to a Splunk instance on another machine. On this mac...

by Builder in

Ingesting files with updated first line

I got a file which get new log entries during the day, when a user logs out, the first line of the log is updated wit...

by Engager in

How to collect perfmon data on .NET counters?

I am attempting to collect perfmon counters to track garbage collection in a .NET application. I can create the count...

by Path Finder in

Files & Directories: Path does not exist

I have four files in the same directory, "/opt/SplunkData". I can see three of them in "Manager » Data inputs » Files...

by Builder in

How to find .conf files on a splunk interface which is only accessible via a URL?

I need to locate the savedsearches.conf on a Splunk web server i.e. I can only reach this Splunk instance with a URL....

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Any tips on setting up Dell Sonicwall Analytics?

MAX_EVENTS in props.conf not working

How to display several syslogs at the same time from different devices?

What is the identification process for SplunkForwarder?

How to parse hash code from a raw log into a field

How do I combine two data sources and get rid of repeated IDs?

Splunk Add on For AWS - Generic S3 input

,Guacamole Docker logs in Splunk

Why am I encountering a bug when accessing nested JSON field values?

Collect remote files using SFTP

Help extracting and paring nested JSON for table

len(_raw) vs |dbinspect rawSize

How to use spath command in props.conf or transforms.conf in Splunk?

Getting issue while parsing event which have no timestamp in logs

Can Splunk read a file in JSON format?

How to mass delete knowledge objects in version 7.0?

Can I do an if else in a props.conf?

How to split multiple lines in a table into separate rows?

crcSalt is not working

How would I filter out fields via Props.conf?

How to define custom index and sourcetype for Universal Forwarder

Ingesting files with updated first line

How to collect perfmon data on .NET counters?

Files & Directories: Path does not exist

How to find .conf files on a splunk interface which is only accessible via a URL?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures