Getting Data In

Discussions

Thread Info

data is not appropriate

Hi, I am using the below query which I am running for the last 7 days , but I am getting the data for only 3 days,...

by Contributor in

How can I get a list of host names that do not ingest for the last 24 hrs?

I need to get a list of host names that does not ingest for certain source for the last 24hrs compare with the same s...

by New Member in

How to parse JSON data with spath and table the data.

Hi I am trying to parse this json using spath. I am not able to parse "data" element. { "id":"eab50eea-4b3...

by New Member in

Breaking the Cyberark logs

Hi I'm using TA for CyberArk for onboarding the logs, but i see the the logs are in correct format, how can i bre...

by Builder in

Why is this linebreak is not working with JSON data?

Any ideas why this linebreak is not working with JSON data? I've even set the sourcetype to _json, but still no luck....

by Contributor in

How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers?

In our splunk environment, we have one master node (Master1) and two search head (search head 2 & search head 3) and ...

by Path Finder in

Exracting a json field data from a log

Hi All, I am trying to extact a JSON field from the log. I can able to get the data by using "spath input" command...

by Path Finder in

How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA?

Logs have already been forwarded to syslog. I started with this query: index=syslog sourcetype=syslog (host="m...

by New Member in

Is there any way to completely disable compression for frozen data or all data?

Hi, I am implementing an archive solution for our production platform and I have a question, if anyone could advise. ...

by Contributor in

Splunk with suricatanot reading eve.json

I have checked suricata TA app for reading intrusion but as I see it doesn't read eve.json but it reads only fast.log...

by New Member in

Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line."

Hello I get an error when attempting to utilize a self-signed Splunk cert generated from the splunk openssl through t...

by Engager in

Why is the Splunk_TA_nix hardware sourcetype not automatically extracted?

We are collecting sourcetype=hardware via the Splunk_TA_nix app (v5.2.3), but the data returned isn't being extracted...

by Path Finder in

Help with Line Break for log

04/19/18 12:32:17.398524 - IQ~MSG.ACCTNUM(XXXX).FUNCTION(Inquiry).CALLER(Hos tLoanExists).DATETIME(4/19/2018 12:32:17...

by Communicator in

Monitoring a remote server directory from my workstation

Hey, I am new to Splunk and I have a newbie question  I have installed Splunk (v.4.1.3) on my workstation choo...

by Motivator in

What are some of the best practices of setting up new Splunk servers?

Hello, We recently created 5 new Splunk servers with Windows Server 2016 installed, our current deployment is, 2 i...

by Engager in

How to check for data that is not present in csv lookup

I have DHCP logs and a csv which contains hostnames of devices.. I need to check the DHCP logs for the hostnames t...

by Path Finder in

How to switch between Splunk Universal Fowarders?

Hi, We have a production environment and disaster recovery environment, Splunk universal forwarder is installed on...

by Explorer in

What is the format for putting information into configuration files where the data needs to be in hex/binary?

Suppose that you need to define a rest where one of the fields will have a hex or binary value that you don't want to...

by Legend in

Is it possible to add a field that has a relation to a fieldvalue/source value?

Is it possible to add an field that has a relation to a fieldvalue/source value? I am trying to make a simple dashboa...

by Path Finder in

Change File/Directory Input Index

In our distributed environment, we've got our File/Directory data inputs configured on our deployment server, and our...

by New Member in

Scripted input printing System.object[] instead of string?

I have a batch file that executes PowerShell like so: inputs.conf [script://.\bin\myscript.bat] disabled = 0 in...

by Path Finder in

How to collect data from a Windows Server Container?

We are migrating an existing Microsoft ASP.net application from running on a full OS to running in a Windows Server C...

by Splunk Employee in

What is the proper use of (*) wildcard in a file monitor path?

So I am confused about how to write a wildcard path for the following. I have a UF set up to monitor a file locati...

by Builder in

How to grab data from a the search result for an API call script?

I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The...

by New Member in

splunk --filtering and corelation

We are having NPS auth logs from our VPN service. Requirement : In NPS logs first when auth request come in it gets ...

by Observer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

data is not appropriate

How can I get a list of host names that do not ingest for the last 24 hrs?

How to parse JSON data with spath and table the data.

Breaking the Cyberark logs

Why is this linebreak is not working with JSON data?

How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers?

Exracting a json field data from a log

How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA?

Is there any way to completely disable compression for frozen data or all data?

Splunk with suricatanot reading eve.json

Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line."

Why is the Splunk_TA_nix hardware sourcetype not automatically extracted?

Help with Line Break for log

Monitoring a remote server directory from my workstation

What are some of the best practices of setting up new Splunk servers?

How to check for data that is not present in csv lookup

How to switch between Splunk Universal Fowarders?

What is the format for putting information into configuration files where the data needs to be in hex/binary?

Is it possible to add a field that has a relation to a fieldvalue/source value?

Change File/Directory Input Index

Scripted input printing System.object[] instead of string?

How to collect data from a Windows Server Container?

What is the proper use of (*) wildcard in a file monitor path?

How to grab data from a the search result for an API call script?

splunk --filtering and corelation

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions