Getting Data In

Discussions

Thread Info

Need help on Timestamp extraction while parsing the log data at Indexer

I have a log file to be monitored and i need to extract timestamp. Example events: Fri Feb 02 2018 10:22:37 aaaaaaa b...

by Path Finder in

Script input Error - No module named splunklib.client

I am trying to index data from my python script. Everything set up correctly but I still don't see data coming in. So...

by Contributor in

Monitor AD Group Changes?

Hi All, Trying to understand how I can get the recent membership changes, query working for Domain Admins group. I...

by New Member in

How to correlate data between two different sourcetypes when one is in JSON format?

I have one index and two sourcetypes. I want to be able to count the actions from sourcetypeA and correlate the data ...

by New Member in

Looking for examples for splitting syslog data to separate indexes and transforming sourcetype

I'm having a trouble splitting syslog data coming in over UDP:514 to their own index and transforming the respective ...

by Communicator in

How to reduce the hot volume size?

Hi, We are using volume partitions for the indexes.conf and the hot volume is getting full around 90% on the disk....

by Builder in

Hi I got this issue while forwarding the data? Can someone please explain me?

by Engager in

Extract timestamp from the logs

I've logs where events are not starting with time. Log format is 10.100.28.108 - - 2018-04-25--02-31-14 "PUT /mifs/c...

by Path Finder in

Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster

Hello, We implemented collecting Docker logs using splunk logging driver, It pushes the docker logs very well and...

by Engager in

Should props.conf match inputs.conf?

Does the props.conf file of an indexer has the same contents as the inputs.conf file of the forwarder from which it i...

by Path Finder in

Script input troubleshoot

Hi, I am trying to index from my python script. I followed the steps in this page to setup my data: http://docs.splun...

by Contributor in

Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ?

I installed SplunkForwarder and during the installation wizard, I checked all the logs for Windows (Application, Secu...

by Explorer in

How do I configure a UF on Linux to receive and forward windows events?

I need to configure a Linux based UF to receive Windows events and then forwarder those to the indexers. I am guessin...

by Path Finder in

How to index data from AWS into Splunk?

We want to move files from Amazon s3 to Splunk server (ex: /opt/splunk/logs ) continuously and display those details ...

by New Member in

After matching 2 different data sources based on srcip, why is the output none?

Hi, I try to match two events in one search. one event must match virus and the other android. because the clearpa...

by Engager in

Syslog from switch to indexer

Hello, we want to send syslog from cisco switches directly to the splunk indexer. So I made a NAT from UDP 514 to ...

by Path Finder in

Splunk internal logs stopped logging; can you please provide information about permission setup for log files?

Hello Splunkers: This question is for the splunkers who are running their instances with splunk user. Three logs have...

by New Member in

I need a config to direct outputs to two different Splunk stacks?

All, I have a legacy install of Splunk and a new Splunk ES stack. Transition is going to take a year. So far I ju...

by Builder in

CSV file with last 2 fields XML payloads

Need help with the following CSV (everything I am trying, the XML fields are getting parsed incorrectly) so I have...

by Engager in

How to reindex data which is coming from syslog server to splunk ?

Please hlep me how I can reindex data which is coming from syslog server to splunk? Thanks , splunker969

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Need help on Timestamp extraction while parsing the log data at Indexer

Script input Error - No module named splunklib.client

Monitor AD Group Changes?

How to correlate data between two different sourcetypes when one is in JSON format?

Looking for examples for splitting syslog data to separate indexes and transforming sourcetype

How to reduce the hot volume size?

Hi I got this issue while forwarding the data? Can someone please explain me?

Extract timestamp from the logs

Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster

Should props.conf match inputs.conf?

Script input troubleshoot

Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ?

How do I configure a UF on Linux to receive and forward windows events?

How to index data from AWS into Splunk?

After matching 2 different data sources based on srcip, why is the output none?

Syslog from switch to indexer

Splunk internal logs stopped logging; can you please provide information about permission setup for log files?

I need a config to direct outputs to two different Splunk stacks?

CSV file with last 2 fields XML payloads

How to reindex data which is coming from syslog server to splunk ?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?