Getting Data In

Discussions

Thread Info

How to forward data from universal forwarder to Splunk light?

I have installed a universal forwarder on linux server and I have Splunk light cloud instance. I am able to find the ...

by New Member in

Feed data to the splunk index using REST API

Hello experts! I would like to configure my java application to write data directly to a splunk index, rather than wr...

by Engager in

can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis?

Hello, We currently have custom batch jobs running on EC2 instances in AWS and each of these processes creates on...

by New Member in

Help with line-breaking

Hi, I have a feed where it appears that multiple events are being sent on the same line, and I need to break them ...

by Champion in

How to do a one time file upload through conf files?

I want to upload a log file from my computer, through conf files. There will be no monitoring just uploading file onl...

by Explorer in

Multiple fields from json array

Hi! How to split JSON array elements (value) { "id": 4321, "value": [ 5, 6, 7, 8 ] } from multivalue ...

by Path Finder in

Inputlookup and Index rename returning null results

I have an index called "adusers". This index pulls in all information about enabled user accounts. For the purposes o...

by Contributor in

How to ingest data Into summary index?

Hi, I wonder whether someone may be able to help me with some advice please. I'm wanting to set up a Summary Index...

by Motivator in

How to convert GMT to EDT?

How could I convert this GMT time to EDT? index="wineventlog" host=opdc* Account_Name=*test_user EventCode=4624 |...

by Communicator in

How to remove duplicate values from one index in another index?

I have an inputlookup that provides me a list of mac addresses, I want to remove those mac addresses from another ind...

by Contributor in

How to import cef data from data source in splunk enterprise without an agent?

I tried many times to import raw data (CEF) from another SIEM (just to test) and configured to send data to a specifi...

by New Member in

How do i configure an External HEC to listen on https and secure the traffic?

We would like to send data securely from a cloud endpoint to Http Event Collector/Forwarder on our perimeter, before ...

by New Member in

How to create a script, using Powershell, to run and pull logs from splunk and export them to a file?

Hi, I was wondering if an event was to occur for a piece of hardware such as changing, going down etc. is it possible...

by New Member in

how can get syslog from F5 BIGIP with Universal Forwarder

hi all, we our splunk enterprise with this configuration: 1 universal forwarder 2 indexers in cluster 1 search...

by New Member in

Subtract date from todays date to find status of the project

Hello All, I am trying to injest into splunk a CSV which has a field called "Project End Date" and the field is in th...

by Communicator in

input output does not update

i have created an input drop down which gets a count of a column from a index. when i change the tokens , i find that...

by Builder in

Why are there multiple values on the test instance in timestartpos and timeendpos fields?

I extracted sample data from our prod instance of Splunk to be used in the test instance. The way I did it was to run...

by New Member in

Timestamp issue

Hi, I have configured inputs and props on a heavy forwarder and there is same stanza of sourcetype with no paramet...

by Builder in

Is there a way to blacklist specific event for specific index

I know we can easily blacklist specific event using regex in props.conf and transforms.conf . But I have 4 different ...

by Communicator in

Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF)

Created an app on the deployment server which is used to tell the Universal Forwarder which directories and logs to m...

by New Member in

Using a transform i cant use SEDCMD

Hi I am taking in data and making a new source type, so i need to use a transform for this. The issue is when i us...

by Influencer in

Route and Filter Data from syslog (and syslog-ng is NOT an immediate option)

I have a typical scenario that could be resolved with a UF on syslog-ng, however that is a future resolution. At t...

by Builder in

What search can I use to identify logs with future timestamps?

Hi All, Can any one guide me on how to check whether any log sources that are logging with future time stamps. I am n...

by Motivator in

Can REST API be used to execute a Bash script on Splunk server?

I have a Bash script on my deployment server to add server into the serverclass.conf. Could I execute the bash script...

by New Member in

Data is missing

Hi, Recently I am seeing new issues in Splunk Enterprise. When i do searches in Splunk it's not pulling all data b...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to forward data from universal forwarder to Splunk light?

Feed data to the splunk index using REST API

can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis?

Help with line-breaking

How to do a one time file upload through conf files?

Multiple fields from json array

Inputlookup and Index rename returning null results

How to ingest data Into summary index?

How to convert GMT to EDT?

How to remove duplicate values from one index in another index?

How to import cef data from data source in splunk enterprise without an agent?

How do i configure an External HEC to listen on https and secure the traffic?

How to create a script, using Powershell, to run and pull logs from splunk and export them to a file?

how can get syslog from F5 BIGIP with Universal Forwarder

Subtract date from todays date to find status of the project

input output does not update

Why are there multiple values on the test instance in timestartpos and timeendpos fields?

Timestamp issue

Is there a way to blacklist specific event for specific index

Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF)

Using a transform i cant use SEDCMD

Route and Filter Data from syslog (and syslog-ng is NOT an immediate option)

What search can I use to identify logs with future timestamps?

Can REST API be used to execute a Bash script on Splunk server?

Data is missing

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions