Getting Data In

Thread Info

Splunk Enterprise Security passing fields in notable settings

Hello Splunkers!I have built my own correlation search: From which I am generating a notable. In that notabl...

by Path Finder in

How to send Splunk data to Snowflake?

Hi Splunkers, We are looking for a solution to send the Splunk data to the snowflake schema using DB connect. Anyo...

by Path Finder in

Universal Forwarder 9.1.3 not connecting

Hey all, I recently upgraded our Splunk server to 9.1.3. I have a single UF running 8.2 which connects, however my ...

by Loves-to-Learn Lots in

Splunk add-on for Fudo PAM | How to parse logs from Fudo?

Hello splunkers!Has anyone had experience with getting data in Splunk from PAM (Privileged Access Management) systems...

by Path Finder in

How to create your own add-on? | How to parse unusual logs?

Hello Splunkers!I am collecting logs from Fudo PAM for which I haven't found any suitable existing add-on on the Splu...

by Path Finder in

Seeing checksum errors when on-boarding data

Hello , i have logs in following path/abc-logs/hosta/mods/stdout.240513-070854/abc-logs/hostb/mods/stdout.240513-0...

by Communicator in

Splunk stop sending data after log rotation

We have an app input config monitor containing wildcards with whitelist configured to pick up only .log and .out. The...

by Loves-to-Learn Lots in

Ingest Action App Missing

When we go to look at the UI sometimes, it says the app is missing so the UI is unavailable. When it does let us look...

by Explorer in

Duplicate event with rotate log

Hi team, I encountered a problem when retrieving data from rotate log files: duplicate event.For example: the event...

by Loves-to-Learn in

Splunk Enterprise Security notables and investigations | SOC analysts work with Splunk ES

Hello Splunkers!I am learning Splunk, but I've never deployed or worked with Splunk ES in production environment espe...

by Path Finder in

How to configure time picker for dashboard in Enterprise Security?

Hello Splunkers!In the Security Posture by default there are no filters that would allow us to adjust the time, meani...

by Path Finder in

Index whitelisting and blacklisting not work in forwarders

Hi all, I have a number a forwarder that sends a lot of logs to different indexes. For example, there are three ind...

by Path Finder in

How to use Eval recursively?

Hi, We are using Splunk Cloud, so we can't access the conf files. In one of our custom source types, we need to c...

by Path Finder in

Is Splunk support Perl script?

I am looking for Perl script execution steps in Splunk. Please provide the details steps in case of possible.

by New Member in

Incident Review dashboard has no value

Incident review dashboard is displaying no value, despite having correlation searches enabled. Upon investigation, I ...

by Loves-to-Learn in

K8s and Linux Audit Logs Missing From OTEL Collected Logs, Were Present With SCK

Hi folks, So I'm working to migrate from the old Splunk Connect for Kubernetes log collector to the new Splunk OTEL...

by Loves-to-Learn in

Splunk Forwarder doesn't monitor new files

Hello, I need some help. I have a folder and an app that writes logs in NDJSON format and creates a new log file...

by Loves-to-Learn Lots in

splunk uf stopped in a server

We have a splunk forwarder installed in a server where the logs were pushed to splunk cloud. Without any restart or ...

by Loves-to-Learn in

How to ingest Application prometheus metrics onto Splunk Enterprise through UF?

Hello Team, I would like to get clarified whether there is a possibility of ingesting application prometheus metric...

by Observer in

Setup UiPath logging export

Hello all, In our environment, the UiPath team doesn't seem to know how to expect the export expecting in the defau...

by Contributor in

How to assign priority to an asset? Splunk ES

Hello, Splunkers!I am learning Splunk ES and trying to understand how urgency value is assigned for notables generate...

by Path Finder in

How to change time picker for security posture dashboard in ES?

Hello Splunkers!I want to change the time picker of this dashboard in Enterprise security to provide the count of not...

by Path Finder in

Searched data on HF to be sent to the IDX cluster

Hello All, I have an LDAPsearch app installed in one of the onprem Heavy Forwarders and I need to index the search ...

by Explorer in

How to convert timestamp into proper date

Hello Splunk Community, I am trying to extract the "timestamp":"1715235824441" with proper details.Could anyone hel...

by Explorer in

Using the auth0 add on not seeing any data

HI Set up the add on on a cloud instance. Not seeing any data come in via HEC. Any ideas on how to troubleshoot? ...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk Enterprise Security passing fields in notable settings

How to send Splunk data to Snowflake?

Universal Forwarder 9.1.3 not connecting

Splunk add-on for Fudo PAM | How to parse logs from Fudo?

How to create your own add-on? | How to parse unusual logs?

Seeing checksum errors when on-boarding data

Splunk stop sending data after log rotation

Ingest Action App Missing

Duplicate event with rotate log

Splunk Enterprise Security notables and investigations | SOC analysts work with Splunk ES

How to configure time picker for dashboard in Enterprise Security?

Index whitelisting and blacklisting not work in forwarders

How to use Eval recursively?

Is Splunk support Perl script?

Incident Review dashboard has no value

K8s and Linux Audit Logs Missing From OTEL Collected Logs, Were Present With SCK

Splunk Forwarder doesn't monitor new files

splunk uf stopped in a server

How to ingest Application prometheus metrics onto Splunk Enterprise through UF?

Setup UiPath logging export

How to assign priority to an asset? Splunk ES

How to change time picker for security posture dashboard in ES?

Searched data on HF to be sent to the IDX cluster

How to convert timestamp into proper date

Using the auth0 add on not seeing any data

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions