Getting Data In

Discussions

Thread Info

How to investigate Domain Local (DL) and Windows group membership?

Team, If we have Windows events and Active Directory (AD) is synced with Splunk, how can I search/investigate who ...

by New Member in

Indexer fails on startup

When I try and restart one of my indexers after an OS upgrade I am seeing the following messages. My 2 other indexers...

by Path Finder in

Help me find where my sourcetype is getting broken ?

All, My Windows Event Log items are coming in as sourcetype=WinEventLog and not sourcetype=WinEventLog:Security a...

by Builder in

Trouble installing Splunk_TA_jmx Add-on: Has anyone seen the following error?

I have the Splunk_TA_jmx add-on installed on a Heavy Forwarder but am getting the following error: Introspecting s...

by Path Finder in

On Forwarder: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

I am seeing messages like this: 09-05-2018 13:23:47.416 -0400 WARN AdminHandler:AuthenticationHandler - Denied se...

by Communicator in

Heavy Forwarder in DMZ

I have a segmented area of my network that I want to pull logs from a couple of systems. Rather than configure firewa...

by New Member in

Is it possible to rename a pretrained sourcetype?

We have log data that fits perfectly into the access_combined pretrained sourcetype. All looks perfect except the fac...

by Ultra Champion in

Powershell script input on a schedule

Not sure if this is a bug or just weird behaviour, I don't seem to be able to work around it. I have loads of powe...

by Path Finder in

REST API Modular Input - 401 Client Unauthorized

I am trying to access Carbon Black via The REST API. As expected, this works in Postman: Console Output (keys and tok...

by Explorer in

What's the best way to monitor Splunk itself?

I would like to start a discussion as to how the community monitors their Splunk deployment? What are some of the met...

by Builder in

Why is some of my Data Not Onboarding After Writing Input.conf file?

Hi , i have a problem. i wrote one input.conf file and half of the data has been onboarded, and i can see the data in...

by Communicator in

How to deploy the Universal Forwarder 6.2.2 to a few hundred Windows 2008 R2 servers via Group Policy?

I've been tasked with installing the Splunk Universal Forwarder (splunkforwarder-6.2.2-255606-x64-release.msi) to a f...

by Explorer in

How can I get my inputlookup to ignore the time within the timestamp?

Here's What I have to fix but haven't yet figred out how. In this search index=dev_tsv "BO Type"="assessments" ...

by Communicator in

How to merge all lines into one single event?

Hi, How can I merge all lines of a config file into one single event? My inputs.conf is: [monitor:D:\CatTools3\Con...

by Explorer in

How to create an alert for password sharing across multiple countries for all logins across different hosts and applications with more than 60 indexes?

I tried using this query: index=* tag=authentication action=success OR action=failure Initially to retrieve us...

by New Member in

What query should I execute in the 2nd dropdown to not have value displayed in the 1st dropdown?

Input to splunk is a csv file which has column headers like 'Falcon 15.01.01.03.100', 'Falcon GA 15.01.02.06.1'.. (th...

by Explorer in

How can I have the 'HF' to forward specific logs to indexer and also transfer itself with syslog format?

I want HF to forward specific logs(tcp input from 514 port) to indexer, and also transfer them itself with syslog for...

by Builder in

Source type Timestamp settings.

Hi, I'm trying to set up a source type that parses the date from an inner field (message.date in the below example...

by New Member in

How to enable rest-api?

Hi Team, I'm running Splunk on AWS ec2 instance backed by AWS ALB. I've created target group for port 80,443 & 808...

by Path Finder in

If I have two timestamps in my log file, how can I choose one timestamp as the timestamp of the event?

I have two timestamps in my log as shown below: "#01#20180626-125301;969#19700101-000028;723#0046#01#GROUND#Y#4Y16...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to investigate Domain Local (DL) and Windows group membership?

Indexer fails on startup

Help me find where my sourcetype is getting broken ?

Trouble installing Splunk_TA_jmx Add-on: Has anyone seen the following error?

On Forwarder: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

Heavy Forwarder in DMZ

Is it possible to rename a pretrained sourcetype?

Powershell script input on a schedule

REST API Modular Input - 401 Client Unauthorized

What's the best way to monitor Splunk itself?

Why is some of my Data Not Onboarding After Writing Input.conf file?

How to deploy the Universal Forwarder 6.2.2 to a few hundred Windows 2008 R2 servers via Group Policy?

How can I get my inputlookup to ignore the time within the timestamp?

How to merge all lines into one single event?

How to create an alert for password sharing across multiple countries for all logins across different hosts and applications with more than 60 indexes?

What query should I execute in the 2nd dropdown to not have value displayed in the 1st dropdown?

How can I have the 'HF' to forward specific logs to indexer and also transfer itself with syslog format?

Source type Timestamp settings.

How to enable rest-api?

If I have two timestamps in my log file, how can I choose one timestamp as the timestamp of the event?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...