Getting Data In

Thread Info

I am unable to remove the standard Blue Coat heades tha begin with the # comment. I have tried several iterations of the nullQueue using REGEX and SEDCMD

This is a copy of the log header and how I currently have the props.conf and transforms.conf configured Software:...

by Path Finder in

Options on installing universal forwarders on "Windows Machines"

Hello All, Im a bit confused with the installation of a UF on the windows machine. According to the documents, there ...

by Communicator in

What's causing the error global name 'Event' is not defined after upgrading Microsoft OMS Modular Inputs TA from v1.2 to v1.3.3?

After upgrading from TA-OMS_Inputs from v1.2 to v1.3.3 on, splunk v6.5.4 we are getting the following errors when log...

by Explorer in

Splunk UDP Data Input Fails To Send Data

Hi everyone, I am working on a school project where multiple batches of students will work on the same project and...

by Explorer in

Windows Universal Forwarder Hide Domain Password

Hello I need to deploy Windows Universal Forwarders with Domain Account and I am wondering where if: There is ...

by Influencer in

What should I be sourcetyping /var/log/messages?

All, On the list of pretrained sourcetypes I see /var/log/messages as linux_messages_syslog (https://docs.splunk....

by Builder in

How to return job errors when searching via API?

When I call the Splunk API via Python SDK, I get results fine. However, when I run the same query via the UI, I somet...

by Engager in

High availability for HF scripts

I have a pair of HFs located in a DMZ that can collect data from the Internet via a script input. All other Splunk i...

by Communicator in

Why are there multiple host entries for every Splunk forwarder?

Hi We are installing splunk universal forwarder in all of our servers. It seems to be working fine, however there ...

by Explorer in

data is not appropriate

Hi, I am using the below query which I am running for the last 7 days , but I am getting the data for only 3 days,...

by Contributor in

How can I get a list of host names that do not ingest for the last 24 hrs?

I need to get a list of host names that does not ingest for certain source for the last 24hrs compare with the same s...

by New Member in

How to parse JSON data with spath and table the data.

Hi I am trying to parse this json using spath. I am not able to parse "data" element. { "id":"eab50eea-4b3...

by New Member in

Breaking the Cyberark logs

Hi I'm using TA for CyberArk for onboarding the logs, but i see the the logs are in correct format, how can i bre...

by Builder in

Why is this linebreak is not working with JSON data?

Any ideas why this linebreak is not working with JSON data? I've even set the sourcetype to _json, but still no luck....

by Contributor in

How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers?

In our splunk environment, we have one master node (Master1) and two search head (search head 2 & search head 3) and ...

by Path Finder in

Exracting a json field data from a log

Hi All, I am trying to extact a JSON field from the log. I can able to get the data by using "spath input" command...

by Path Finder in

How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA?

Logs have already been forwarded to syslog. I started with this query: index=syslog sourcetype=syslog (host="m...

by New Member in

Is there any way to completely disable compression for frozen data or all data?

Hi, I am implementing an archive solution for our production platform and I have a question, if anyone could advise. ...

by Contributor in

Splunk with suricatanot reading eve.json

I have checked suricata TA app for reading intrusion but as I see it doesn't read eve.json but it reads only fast.log...

by New Member in

Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line."

Hello I get an error when attempting to utilize a self-signed Splunk cert generated from the splunk openssl through t...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

I am unable to remove the standard Blue Coat heades tha begin with the # comment. I have tried several iterations of the nullQueue using REGEX and SEDCMD

Options on installing universal forwarders on "Windows Machines"

What's causing the error global name 'Event' is not defined after upgrading Microsoft OMS Modular Inputs TA from v1.2 to v1.3.3?

Splunk UDP Data Input Fails To Send Data

Windows Universal Forwarder Hide Domain Password

What should I be sourcetyping /var/log/messages?

How to return job errors when searching via API?

High availability for HF scripts

Why are there multiple host entries for every Splunk forwarder?

data is not appropriate

How can I get a list of host names that do not ingest for the last 24 hrs?

How to parse JSON data with spath and table the data.

Breaking the Cyberark logs

Why is this linebreak is not working with JSON data?

How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers?

Exracting a json field data from a log

How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA?

Is there any way to completely disable compression for frozen data or all data?

Splunk with suricatanot reading eve.json

Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line."

Why is the Splunk_TA_nix hardware sourcetype not automatically extracted?

Help with Line Break for log

Monitoring a remote server directory from my workstation

What are some of the best practices of setting up new Splunk servers?

How to check for data that is not present in csv lookup

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

.conf25 Registration is OPEN!

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions