Getting Data In

Discussions

Thread Info

Receiving error after restarting docker-splunk, proceeds to add forward-server

Hi, I am setting up a Splunk universal forwarder by pulling the universalforwarder docker image from docker-hub an...

by New Member in

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

I am trying to limit the input of iis logs to only 4xx and 5xx vaqlues in the sc_status field. In the etc\system\loca...

by New Member in

What are the best practices for assigning time zones in my Splunk platform deployment?

When setting up my Splunk deployment, I was asked about what timezone I want the servers to have. I just assumed I sh...

by Splunk Employee in

Session Duration in minutes

I have a search that returns the "Avg Session Duration" by USER_ID. The results are coming back in minutes as long as...

by Communicator in

Why does Splunk "Show Source" not match IIS log file?

Hi, At my company, we have noticed that for some records (1-2%), the data we see in Splunk does not match the data...

by Explorer in

UF is not sending few logs

Hi All, I have UF installed in my windows machine and its has IIS logs and App logs. In last few days, my forwarde...

by New Member in

JSON line breaking

I am trying to break one big json event into several events, eventually 1080, but in the example below there would be...

by Engager in

How to send data via UDP port to 2 indexers?

Hi Experts, I have a concern. I am aware that I can get data from UDP port and send it to an indexer. I have a con...

by Builder in

Does Splunk ingest files that existed before the remote folder monitor was created?

I have a client server with a universal forwarder configured to forward data to an index server. On the client server...

by Path Finder in

Will Splunk ingest the same data if it is sent to two different indexes?

I currently see the wineventlog:security as a source under my wineventlog index for the Splunk_TA_Windows app and al...

by New Member in

Why are events indexing with the wrong time stamp

Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days ...

by New Member in

Cisco IOS and TA not showing data in dashboards

I have a distributed environment: Splunk Enterprise 7.2.4 All infrastructure is RHEL 7.x Search head cluster (5 searc...

by Path Finder in

Not receiving all files present in the directory?

I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\ Below is my in...

by Path Finder in

HEC Posting Data Issue

Hi All, I am trying to post some data to splunk via QT's Network Module. Currently, I have the HEC setup to where ...

by New Member in

pushing data to new csv

I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitori...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Receiving error after restarting docker-splunk, proceeds to add forward-server

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

What are the best practices for assigning time zones in my Splunk platform deployment?

Session Duration in minutes

Why does Splunk "Show Source" not match IIS log file?

UF is not sending few logs

JSON line breaking

How to send data via UDP port to 2 indexers?

Does Splunk ingest files that existed before the remote folder monitor was created?

Will Splunk ingest the same data if it is sent to two different indexes?

Why are events indexing with the wrong time stamp

Cisco IOS and TA not showing data in dashboards

Not receiving all files present in the directory?

HEC Posting Data Issue

pushing data to new csv

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Splunk on GCP: what's the benefit of running dataf...

Excluding log entries based on specific String in ...

Splunk user password restore

scheduler.log broken korean

Suggestions Please: REST Api, csv,html