Getting Data In

Discussions

Thread Info

How do I create two instances of the same data input on one forwarder where instance 1 goes to server 1 and instance 2 goes to server 2?

Hi, Is it possible to do the following on one Splunk Universal Forwarder: inputs.conf `[WinEventLog://Securi...

by Motivator in

Does Splunk support capturing data from CA Layer7 and how?

Layer7 was acquired by CA and is offered as an API Management Platform. It seems that Layer7 should be able to send l...

by New Member in

Splunk for Job Monitoring.

Hello Experts!!! I am new to Splunk and just started learning Splunk from couple of days. We are using an in-ho...

by New Member in

TIME not getting milliseconds

Hi all, I do have a log which does look like this: Jul 6 09:31:18.729: %SYS-5-CONFIG_I: Configured from consol...

by Explorer in

How to parse a JSON from REST API?

Hi all, I need some help parsing a JSON containing none/one/multiple nested messages that I have imported via REST AP...

by Explorer in

How to set up a high available syslog drain for cloud foundry to Splunk?

We have a cloud foundry set up and wants to forward the logs to splunk as syslog drain. The TCP/UDP input method is n...

by Engager in

using stream forwarder to forward pcap data

Hi, I would like to forward pcap data using tcpreplay on a remote machine which has installed a stream forwarder to f...

by Path Finder in

How to tag events based on the host value that contains a condition?

Events from our DEV/PROD servers are ingested into the same index. This index already has events since 1 year. The on...

by Explorer in

what is the easy way to split _raw column using comma delimiter and show in table

I have the _raw data in the following format. I just need to split that data and show each value in a separate column...

by New Member in

if-else statement with timeframe

I would like to specify my search to return a previous months + the current months data if the count outputted by jus...

by Explorer in

Custom inputs.conf files in distributed architecture

We are using a distributed architecture and I have a couple of servers with custom windows logs that we want to pull ...

by Explorer in

Wait time before indexing data

Hi, I would like to know if there is an option to wait for/ minute X seconds before indexing the data. The goal is...

by Path Finder in

Problems with CSV timestamps

Hi, I have some csv files on my Splunk index. The files are named with a date like xxxxx20180703.csv . In the csv fil...

by New Member in

Field extraction from Windows eventlog

Windows eventlog are indexed fine. A particulare evnetlog source "WinEventLog:Application Info" (mind the space) cont...

by New Member in

How to control the default in a dropdown menu

I have the following dropdown menu: <fieldset autoRun="true" submitButton="false"> <input type="dropdown" to...

by Motivator in

How do I onboard RFC5425 compliance logs?

All, What's the current process for onboarding RFC5425 (SYslog with TLS) logging? I see docs from 2013 or so reco...

by Builder in

How do i avoid duplicate entries when switching from universal (light) forwarder to heavy forwarder?

I have the SUF running on a few servers monitoring a typical logfile and I want to replace it with the heavy forwarde...

by Communicator in

Extracting data from nested json payload of varying size

Hi, I have events coming into splunk with payload of nested json array type. The elements in the array are of the ...

by Path Finder in

When will the scripted input run?

We have the following - [script://.\bin\<name>.bat] disabled = 0 interval = 86400 Since the interval is 24 ho...

by Ultra Champion in

How I can index specific part of log ?

Hello, I'm noob in this and I don't know still work with .conf files, I hope you can help me I have a universal fo...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I create two instances of the same data input on one forwarder where instance 1 goes to server 1 and instance 2 goes to server 2?

Does Splunk support capturing data from CA Layer7 and how?

Splunk for Job Monitoring.

TIME not getting milliseconds

How to parse a JSON from REST API?

How to set up a high available syslog drain for cloud foundry to Splunk?

using stream forwarder to forward pcap data

How to tag events based on the host value that contains a condition?

what is the easy way to split _raw column using comma delimiter and show in table

if-else statement with timeframe

Custom inputs.conf files in distributed architecture

Wait time before indexing data

Problems with CSV timestamps

Field extraction from Windows eventlog

How to control the default in a dropdown menu

How do I onboard RFC5425 compliance logs?

How do i avoid duplicate entries when switching from universal (light) forwarder to heavy forwarder?

Extracting data from nested json payload of varying size

When will the scripted input run?

How I can index specific part of log ?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...