Getting Data In

Thread Info

Modify Security Events for EventCode 4624)

Hello! I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logon...

by Explorer in

error on dbx connect : DBX Server is not available, please make sure it is started and listening on 9998 port or consult

Hello, im facing a problem on my Dbx connect : Cannot communicate with task server, please check your s...

by Explorer in

About Upload File

Hi guys, I am new here and I want to explore some things in splunk. I have a txt file, I uploaded it and I want to ...

by New Member in

Need help receiving and parsing IPFIX data in Splunk using Splunk Stream

Hello everyone, I have a network monitoring system that exports data via IPFIX using Forwarding Targets. I am try...

by Explorer in

Cannot parse linux logs

My linux logs cannot parsed in dashboard. My renderxml is setted to false

by Observer in

Data not reaching Splunk Cloud after Migrating to new Universal Forwarders

Hello, I am having issues getting data into Splunk Cloud with two new Universal forwarders. I have two existing U...

by Explorer in

How to forward csv data files from sharepoint online to splunk cloud

I don't mean SharePoint activity, admin or audit logs. I mean actual data files (that will be converted later to look...

by Path Finder in

Log formatting not as expected

Jun 26 13:46:12 128.23.84.166 [local0.err] <131>Jun 26 13:46:12 GBSDFA1AD011HMA.systems.uk.fed ASM:f5_asm=PROD vs_nam...

by Communicator in

Why for f5 data we use [UDP://9514] instead of using syslog?

I came across in our repo a monitoring stanza for f5, which is [UDP://9514]. I wonder if there is any reason not to u...

by Motivator in

Splunk HEC/kafka raw logs parsing / addons

Hello, is it possible in Splunk HEC from Kafka to receive raw events on HF in order to parse fields with addons? It...

by Motivator in

Index time based retention - based on indexed time or event time?

This information is probably located in one of the docs but didn't find it in anything I've read just now. Under norm...

by Motivator in

Filter events on UF

I have a data source of significant size and I want to filter a large percentage of the data on the UF so it isnt sen...

by SplunkTrust in

Perfmon counters not coming in after Universal Forwarder update to 9.2.6.0 from 9.2.0.1

Thought I would post here in the community as well since I have this opened with support. A couple weeks ago, another...

by Explorer in

using mcollect to collect metric data

Hi, I am using mcollect to collect data from certain metrics into another metric index. I have created the new metr...

by Contributor in

Struggling to correctly parse JSON data

Hello, We have multiple fortigate devices forwarding to a logstash server that is storing all the device's logs in ...

by Explorer in

Warnings

Hey mates, I'm new to Splunk and while ingesting the data from my local machine to Splunk this message shows up. "T...

by New Member in

Windows UF stop after batch mode is finished

Hello, I have a Windows machine with an UF installed that logs various logs such as wineventlog. These logs work corr...

by Explorer in

Finding forwarders that have not sent data

Hello , Can anyone please provide me a query which lists out all forwarders that have not send data over the last...

by Loves-to-Learn Lots in

Rest apis for metric data/ values

I am trying to fetch metric values of the infra i am monitoring using rest apis, so far all the apis i have tried are...

by New Member in

exclude winevent older than 7 days from ingest

Hello, I am about to onboard 1000+ Windows UF. Those have windows event logs going back many years. Is there a way ...

by Path Finder in

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Hi Splunk Community, We’re currently onboarding SUSE Linux (SLES/OpenSUSE) logs into Splunk Enterprise Security (ES...

by Observer in

Lost AWS events after ingestion

I am in the middle of a Splunk migration. One of the tasks is to moved data from some sourcetypes onto the new server...

by Communicator in

splunk enterprise | services start error

why this issues I was trying to upgrade the splunk enterprise Checking prerequisites... Checking http port ...

by Loves-to-Learn in

update to Splunk Add-on for Infoblox?

I'm struggling to get data in from Infoblox using Splunk Add-on for Infoblox. I looked at the documentation and real...

by Path Finder in

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Hello all Is the Nutanix TA (version 2.5.0) compatible with Splunk 9.3.4+? It is listed as such on the splunk b...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Modify Security Events for EventCode 4624)

error on dbx connect : DBX Server is not available, please make sure it is started and listening on 9998 port or consult

About Upload File

Need help receiving and parsing IPFIX data in Splunk using Splunk Stream

Cannot parse linux logs

Data not reaching Splunk Cloud after Migrating to new Universal Forwarders

How to forward csv data files from sharepoint online to splunk cloud

Log formatting not as expected

Why for f5 data we use [UDP://9514] instead of using syslog?

Splunk HEC/kafka raw logs parsing / addons

Index time based retention - based on indexed time or event time?

Filter events on UF

Perfmon counters not coming in after Universal Forwarder update to 9.2.6.0 from 9.2.0.1

using mcollect to collect metric data

Struggling to correctly parse JSON data

Warnings

Windows UF stop after batch mode is finished

Finding forwarders that have not sent data

Rest apis for metric data/ values

exclude winevent older than 7 days from ingest

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Lost AWS events after ingestion

splunk enterprise | services start error

update to Splunk Add-on for Infoblox?

Splunk Nutanix TA and Splunk Enterprise 9.3.4

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!