Getting Data In

Discussions

Thread Info

how to connect Azure Event Grid to Splunk using Webhooks and Cloud Events

I am the technical lead for a product that we hope to integrate to Splunk instances using webhooks. As an intermedia...

by New Member in

Indexer Cluster Fixup Tasks Stuck (fsck failed: exitCode=24)(bucket is already registered)

After the Splunk Master enters maintenance mode, one of the indexers goes offline and then back online, and disables ...

by Path Finder in

Splunk HEC Data Ingestion Issue from Azure Web Apps to Customer Cloud Instance

Environment Sending from: Azure Web Apps (Kudu CLI)Target: Two Splunk instances Personal trial Splunk (working)...

by Explorer in

$_index_name in indexes doesn't expand when moving indexes to frozed

Hi, I have issues with Splunk Enterprise 9.4.2 not expanding $_index_name from etc/system/local/indexes.conf. ...

by Explorer in

Splunk Cisco encore Events with no Timestamp

Hello friends, Splunk is cranky with errors stating: Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (40...

by Path Finder in

Need to exclude or discard specific field values which contains sensitive info from indexed events

I Need to exclude or discard specific field values which contains sensitive info from indexed events. Users should no...

by Communicator in

Solaris UFs have different build hash than others

This just makes things confusing - why do the RPM and DEB versions (both x86 and ARM) and Windows of v9.3.3 have buil...

by Communicator in

XmlWinEventLog:ForwardedEvents sourcetype field extraction issue

Hi, I’m currently receiving Windows logs in Splunk via the (UF → HF → Splunk Cloud). The logs are being assigned to...

by Path Finder in

Indexed Extractions not working properly

Hi all, we collect some json data from a logfile with a universal forwarder.Most times the events were indexed corr...

by Loves-to-Learn in

Timestamp extractor issue on UF

I have two time stamps in each record 2025-08-20 17:37:00.317 and SEN_20250820153640.1703351.txt. And want to use f...

by Path Finder in

Event Time does not match

We are using SC4S to collect local logs from FortiAnalyzer. We've noticed a error: the timestamp within the log file ...

by Path Finder in

Filter TCP traffic on Heavy Forwarder to Drop a Sourcetype

I have noticed that my vmware logs which are forwarded to my HF via TCP are very large. We would like to filter out ...

by Observer in

UF Data

by Explorer in

Splunk Observability Cloud/SignalFx - Related Content Feature is not immediately shown

Hello Splunkers!After deploying the Splunk Otel Collector I wanted to check all of the traces and metrics send from o...

by New Member in

Power Platform audit logs

We are looking for Power Platform audit logs to ensure that these logs will automatically show up in SPLUNK if they a...

by New Member in

Inputs not getting deleted when the mapped global account is deleted

I have developed splunk add on using splunk ucc. Where the inputs can be created adding a global account value. [It...

by Loves-to-Learn Lots in

Install Universal Forwarder on Exchange Server

I’ve installed the Universal Forwarder on an Exchange Server 2016. It successfully collects most of the logs defined ...

by Path Finder in

XML Parsing in transforms.conf

Hi, I am having some big issues trying to parse certain XML logs into Splunk. A sample online log which is in...

by Explorer in

timestamp and itime does not match

We’re using Splunk Cloud and have configured SC4S to collect logs from FortiAnalyzer, which receives logs from both F...

by Path Finder in

Add on for IIS: sourcetypes

I am wondering why the search-time configurations for this app have been deprecated. You can't do additional parsin...

by New Member in

Configure Alert Actions to collect data for the Splunk Add-on for Microsoft Security

In the documentation to configure an alert action for Advanced Hunting it says to Navigate to Add-on UI > Settings...

by Path Finder in

user specific browser timeout

I want to create a dedicated role with its own browser timeout settings, while keeping the default timeout settings f...

by Explorer in

Role or User Specific Web Session Timeout

Hi all, I have read through the splunk documentation for session timeout here, but these seems to be for splunk ove...

by Path Finder in

Data missing from universal forwarder on a Linux host

I have a puzzle with a Linux host running RHEL 8.10, which is running Splunk Universal Forwarder 9.4.1, configured to...

by Contributor in

Trying to extract fields from a hybrid log Syslog/JSON nested logs

Trying to extract some data from a hybrid log where the log format is <Syslog header> <JSON Data>. Have had success...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Getting Data In

Discussions

how to connect Azure Event Grid to Splunk using Webhooks and Cloud Events

Indexer Cluster Fixup Tasks Stuck (fsck failed: exitCode=24)(bucket is already registered)

Splunk HEC Data Ingestion Issue from Azure Web Apps to Customer Cloud Instance

$_index_name in indexes doesn't expand when moving indexes to frozed

Splunk Cisco encore Events with no Timestamp

Need to exclude or discard specific field values which contains sensitive info from indexed events

Solaris UFs have different build hash than others

XmlWinEventLog:ForwardedEvents sourcetype field extraction issue

Indexed Extractions not working properly

Timestamp extractor issue on UF

Event Time does not match

Filter TCP traffic on Heavy Forwarder to Drop a Sourcetype

UF Data

Splunk Observability Cloud/SignalFx - Related Content Feature is not immediately shown

Power Platform audit logs

Inputs not getting deleted when the mapped global account is deleted

Install Universal Forwarder on Exchange Server

XML Parsing in transforms.conf

timestamp and itime does not match

Add on for IIS: sourcetypes

Configure Alert Actions to collect data for the Splunk Add-on for Microsoft Security

user specific browser timeout

Role or User Specific Web Session Timeout

Data missing from universal forwarder on a Linux host

Trying to extract fields from a hybrid log Syslog/JSON nested logs

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions