Getting Data In

Ask a Question

Discussions

Thread Info

How to create an If Statement in Props.conf?

I need to set a value based on another value. How would I do this: if severity = 1 severity=high One of my ...

by Path Finder in

Is there a way to use some sort of regular expression with field aliases?

Is there a way to simply the props.conf configurations and do the following in one command - FIELDALIAS-alias01 = ...

by Ultra Champion in

How can I forward data from UniversalForwarder for 2 instances?

I have universal forwarder with Splunk_TA_Stream and my app _server_app_audit where in inputs.conf I write _TCP_Routi...

by Explorer in

How to redirect logs to separate indexes based on host?

Hi.. I have a question From a heavy forwarder , based on the incoming host, I like to send the logs into a separat...

by Engager in

Why does the csv sourcetype work for upload but not via the forwarder?

The following sourcetype works fine when we upload a file against this sourcetype, but via the forwarder the csv fiel...

by Ultra Champion in

how do i find where each hosts are indexing data

the reason for this is because someone made a mix-up on the UF and then some hosts are indexing to the wrong index. I...

by Communicator in

How to create a summary Index that will give license usage by index and sourcetype?

Hi All, I am trying to create a summary index which will gives us the license usage by index and sourcetype, which...

by Path Finder in

How to assign a field alias to a json field?

We have the following in props.conf - FIELDALIAS-alias1 = apiRequest.apiInfo.clientID AS clientID It doesn't s...

by Ultra Champion in

How to search for logins not in CSV?

I am trying to write a query in Splunk that will tell me if any user IDs in my CSV file were used to log into any mac...

by New Member in

Can splunk monitor a google drive folder as a data input?

Not sure if it is possible, but before I try, thought I would ask. I need to ingest json files uploaded to a googl...

by Builder in

Why can't I download universal forwarder credentials on macOS High Sierra 10.13.3?

When I tried to download the Universal Forwarder Credentials from my trial Splunk Cloud on to my MacBook Pro, I got a...

by Explorer in

Why does the CIDR not include all IP's in a range?

I have a big corporate network with many routers. All routes ha a loopback IP used for syslog. Ex 10.252.1.10/32 W...

by Builder in

New Universal Forwarder read timeout

We are trying to setup the universal forwarder on a Windows AD server. After configuring the index to receive on port...

by Explorer in

Remove UF from RHEL7

I need to remove UFs from some REHLs. I stopped splunk and disabled boot-start. I installed .rpms but rpm -e is...

by Builder in

Results on one value matching two AND field results

I'm trying to figure out a way to find out if an unknown user name matches two Windows Event Codes for a dashboard. ...

by Path Finder in

How to restart splunk web without starting splunk?

How to start splunk web I have tried splunk restart but still web is not up?

by Communicator in

Is rest api using encrypted authentication with Splunk cloud from windows information?

I can find plenty of information on rest API calls if using Linux and enterprise but when it comes to windows and clo...

by Explorer in

Splunk for Microsoft Azure

Hello, I have some questions regarding Splunk I am new at this. The first one is: is The add on for Azure Cloud avail...

by New Member in

Why am I getting "CERTIFICATE_VERIFY_FAILED" using splunk-sdk with python on Windows?

File "C:\Python27\Lib\ssl.py", line 840, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_...

by Explorer in

How to collect a list of all windows servers/hosts in a specific domain which are allowing domain users to have local administrative privileges?

Hello Team, I'm looking to collect a list of all windows servers/hosts in a specific domain that is allowing domain u...

by New Member in

What splunk stream forwarder is used for windows server?

I understand how to use stream with Linux machines but what forwarder do I use for windows servers? Are there any doc...

by Explorer in

Why are we having an indexing issue in folder monitoring from syslog server?

Hi Splunkers, Please help in resolving the following issue. We have a lot of folder monitoring from syslog server....

by Contributor in

How to send Windows events to indexer and also to third-party server (single line events) using Splunk Heavy Fowarder?

I am trying to send the data from Heavy Forwarder to INDEXERs and THIRD PARTY system (non splunk) but 3rd party syste...

by Loves-to-Learn in

Universal Forwarder Using High CPU?

I recently installed a Universal Forwarder on an HA Windows server the other day and the guy who owns the server was ...

by SplunkTrust in

Can we change index in the indexer?

Our heavy forwarder is forwarding logs to the Indexer. All the logs are going to the main Index. In the indexer level...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to create an If Statement in Props.conf?

Is there a way to use some sort of regular expression with field aliases?

How can I forward data from UniversalForwarder for 2 instances?

How to redirect logs to separate indexes based on host?

Why does the csv sourcetype work for upload but not via the forwarder?

how do i find where each hosts are indexing data

How to create a summary Index that will give license usage by index and sourcetype?

How to assign a field alias to a json field?

How to search for logins not in CSV?

Can splunk monitor a google drive folder as a data input?

Why can't I download universal forwarder credentials on macOS High Sierra 10.13.3?

Why does the CIDR not include all IP's in a range?

New Universal Forwarder read timeout

Remove UF from RHEL7

Results on one value matching two AND field results

How to restart splunk web without starting splunk?

Is rest api using encrypted authentication with Splunk cloud from windows information?

Splunk for Microsoft Azure

Why am I getting "CERTIFICATE_VERIFY_FAILED" using splunk-sdk with python on Windows?

How to collect a list of all windows servers/hosts in a specific domain which are allowing domain users to have local administrative privileges?

What splunk stream forwarder is used for windows server?

Why are we having an indexing issue in folder monitoring from syslog server?

How to send Windows events to indexer and also to third-party server (single line events) using Splunk Heavy Fowarder?

Universal Forwarder Using High CPU?

Can we change index in the indexer?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Syslog messages ingestion

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction