Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Re-labeling and breaking up xml stream?

Hello, I have a tcp stream incoming with xml Call Data Records (CDR). enclosed at the end is an example. The CDR...

by Path Finder in

How do I edit Universal Forwarder aeq queue size?

Hi Community, on Universal Forwarder I see these logs: 09-29-2022 12:12:17.410 +0200 INFO Metrics - gr...

by Path Finder in

Why am I getting "homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem." while starting Splunk on an indexer?

I got this error while starting Splunk on the indexer. homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_a...

by Path Finder in

How to partition indexed logfiles into multiple sourcetype?

We need to index logfiles from our monitored devices which are partitioned into two segments. The first segment is C...

by Path Finder in

Why am I receiving "splunk-cooked-mode-v3" data from a universal forwarder in the format "\x00\x00\x00..."?

I am receiving data like this from a universal forwarder on Port: 8097: --splunk-cooked-mode-v3--\x00\x00\x00\x00\...

by New Member in

Custom API endpoint returning CSRF error on post?

Hello, I am trying to get a custom API endpoint to work, but I am getting CSRF errors when posting any data to it: ...

by Engager in

How to encrypt traffic between universal forwarder and indexer (getting error on server splunkd.log)?

I am trying to just set up a basic encryption between the Universal Forwarder and indexer using the certs that come w...

by Communicator in

Problems with sourcetypes on syslog collectors-How can I set a sourcetype using REGEX?

Hi,I have multiple syslog collectors (practically a heavy forwarder that picks up logs from disk).I am struggling to ...

by Path Finder in

How to extract a specific work from Splunk logs?

I would like to extract status value (i.e. 201) highlighted below using RegEx in the following link. However, it didn...

by Explorer in

How to extract nth word in a string with a hyphen delimiter?

I wanted to extract nth word in string with a hyphen delimiter from the following strings that are 3rd and 6th words ...

by Explorer in

Is it possible to pull data from a REST API to Splunk trial?

Hi all, I am trying to configure a REST API (OAuth) into a Splunk cloud trial environment. I'm running into issues...

by New Member in

How do I remove user email?

Hi Guys, Is there anybody here knows how to remove user email from any Splunk alert and add new user email in his ...

by Path Finder in

Need monitoring for PAM- Is it possible without a third party app?

Hi Everyone,We need a PAM server logs without installing any third-party app in Pam server.Is it possible to do the m...

by Path Finder in

Help with oneshot json: Why is | kvmode incorrect?

I'm using a distributed Splunk Enterprise environment with over 15 peers at the Indexer Tier. I have some JSON data ...

by Path Finder in

How to test data integrity?

Hello there, Here is the context, I have a Splunk test environment, one indexer one search head and one forwarder....

by Path Finder in

How to add eval command to props.conf?

Hello Splunk Community, I am trying to add the following command to the props.conf file to make the following search ...

by Observer in

How to edit Splunk HEC token value?

I want to configure two HEC tokens as the same because I want to load balance traffic between them. I followed the do...

by Explorer in

Why is Splunk add-on for okta identity cloud is not able to pull logs from Okta cloud?

Hi All, We are currently in-progress of onboarding the okta identity cloud logs, we are using Splunk built add-on ...

by Path Finder in

What would you say is the recommended method for handling CSV files?

Hi All- What would you say is the recommended method for handling CSV files? Ingesting it into an index or usi...

by Observer in

How to extract json from event with = separated values?

Hello, I have the following type of event, and I would like to extract the `tags` field into its respective fiel...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Re-labeling and breaking up xml stream?

How do I edit Universal Forwarder aeq queue size?

Why am I getting "homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem." while starting Splunk on an indexer?

How to partition indexed logfiles into multiple sourcetype?

Why am I receiving "splunk-cooked-mode-v3" data from a universal forwarder in the format "\x00\x00\x00..."?

Custom API endpoint returning CSRF error on post?

How to encrypt traffic between universal forwarder and indexer (getting error on server splunkd.log)?

Problems with sourcetypes on syslog collectors-How can I set a sourcetype using REGEX?

How to extract a specific work from Splunk logs?

How to extract nth word in a string with a hyphen delimiter?

Is it possible to pull data from a REST API to Splunk trial?

How do I remove user email?

Need monitoring for PAM- Is it possible without a third party app?

Help with oneshot json: Why is | kvmode incorrect?

How to test data integrity?

How to add eval command to props.conf?

How to edit Splunk HEC token value?

Why is Splunk add-on for okta identity cloud is not able to pull logs from Okta cloud?

What would you say is the recommended method for handling CSV files?

How to extract json from event with = separated values?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Eventgen failing to parse csv

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...