Getting Data In

Thread Info

Several small log files - sourcetype = local-too_small

Hi, I've got a problem with monitoring several log files generated by syslog-ng. There are 50+ switches. I am coll...

by Communicator in

What are search command alternatives to mvxpand for expansion with filter?

I have a log line logically looking something like this: f1=a f2=b f3=c custom=[]{ c1{f=x} c2{f=y} c3{f=x}} I n...

by Explorer in

Is it possible to send application logs at the universal forwarder directly to my searchhead?

I want to fetch DNS and DHCP logs from my server directly to my local system, where I have my Splunk enterprise, with...

by New Member in

What is the feasibility of using Splunk REST calls from an Angular application running HTLM5 to send data into Splunk directly from the browser?

We have a partner who wants an extremely light interface to send data into a Splunk instance. They prefer to make a s...

by Path Finder in

Is there an easy way to monitor disk size from a remote Windows machine?

Hi, i have a windows environment and universal forwarder installed on the servers and forwarding different type of...

by Contributor in

How can I add src_asset_tag to my inventory?

I have a master asset list and I need to give them tagging so that when I type something like src_asset_tag=firewall ...

by New Member in

Exchange CAS IIS timezone conversion issue?

I'm working with Exchange IIS data from our CAS servers and am having trouble with Splunk translating the time from U...

by Path Finder in

Is it possible to set the TZ in props.conf on a Universal Forwarder?

Hi, I have an issue with a sourcetype that logs in UTC/GMT but does not include TZ information, so I would like to...

by Builder in

forwarding Windows and syslog event logs to rsyslog

Need to send certain Windows security and audit files to a RHEL rsyslog server. This is what I have so far (based on ...

by Communicator in

How do you change the URL of the Splunk Enterprise shortcut in Windows start menu?

How to change the URL of the Splunk Enterprise shortcut in Windows start menu? I have already updated ports using "sp...

by Explorer in

Unable to index mulesoft logs from Main index to another customized index.

Hi, We have integrated Mulesoft with splunk and logs are sending to the heavy forwarder and indexing into "Main" i...

by New Member in

Splunk Adaptive Response sending post command in REST API

Hi, I am trying to create a new app which will be used to send a Splunk Adaptive response via REST API. I am able ...

by Path Finder in

Why am I getting "⚠ cannot concatenate 'str' and 'NoneType' objects" for every sample log file I try to import into Splunk?

Every sample log file that I attempt to import as my data source returns the exception: ⚠ cannot concatenate 'str...

by Engager in

Can I store hot/warm/cold buckets on different drives in Windows environment?

is it possible to store buckets in different drives? this is all windows environment hot buckets on drive D:\ warm bu...

by New Member in

Error when routing data to index and sourcetype based upon incoming hosts: "Undocumented key used in transforms.conf"

Hi, I'm trying to route data to different indexes and sourcetypes based upon hosts coming, but getting errors, and...

by Champion in

How can I identify login and logoff times for users using Windows Security Event-IDs 4624 and 4634?

Hello, I want to identify the login and logouts for each user on a server. I use the event_id 4624 (logon) and 4634(l...

by Explorer in

Blacklist log events (not log filenames) using a string to limit events forwarding to Splunk Indexers

I have a dns log that is very chatty with internal requests (e.g. localserver5.internal). I would like to forward dns...

by Contributor in

How to configure the input to index Task scheduler logs from a windows machine?

Hello All, can any one please help me out in how to index the Task scheduler logs from the windows box..?? Need...

by Explorer in

Windows XP, Splunk keeps converting User Account Name to some random ID, how to avoid the converting?

[WinEventLog://Security] disabled=0 start_from=oldest current_only=0 evt_resolve_ad_obj=0 checkpointInterval=5 whitel...

by Path Finder in

Will monitored files that are renamed be reindexed?

I have an application that uses rolling logging. The rolling logging works as such: logs are initially written to ...

by Path Finder in

How to monitor and index tar.gz files in Splunk?

I have a tar.gz file and I wan't to continuously monitor it. I tried to index it to Splunk Enterprise via Settings>Da...

by Communicator in

Persistent Queue not working for Heavy Forwarder on Splunk Enterprise 6.3.2

Hi all, I am current trying to test persistent queue to see whether it works on heavy forwarder. However, it doesn...

by Explorer in

How do you get data into Splunk Enterprise with a universal forwarder?

I installed a Splunk Enterprise 7.0 on a Unix machine and wish to get data from a Windows machine (any data would suf...

by Path Finder in

Trouble getting data to indexer from fortigate

I am not getting data to my indexer(centos) from fortigate firewall. Port 514 is open but i am unable to telnet. Is t...

by Path Finder in

Data masking using heavy forwarders

Been trying to mask data before indexing into indexer using heavy forwarders. below is the log sample and data am try...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Several small log files - sourcetype = local-too_small

What are search command alternatives to mvxpand for expansion with filter?

Is it possible to send application logs at the universal forwarder directly to my searchhead?

What is the feasibility of using Splunk REST calls from an Angular application running HTLM5 to send data into Splunk directly from the browser?

Is there an easy way to monitor disk size from a remote Windows machine?

How can I add src_asset_tag to my inventory?

Exchange CAS IIS timezone conversion issue?

Is it possible to set the TZ in props.conf on a Universal Forwarder?

forwarding Windows and syslog event logs to rsyslog

How do you change the URL of the Splunk Enterprise shortcut in Windows start menu?

Unable to index mulesoft logs from Main index to another customized index.

Splunk Adaptive Response sending post command in REST API

Why am I getting "⚠ cannot concatenate 'str' and 'NoneType' objects" for every sample log file I try to import into Splunk?

Can I store hot/warm/cold buckets on different drives in Windows environment?

Error when routing data to index and sourcetype based upon incoming hosts: "Undocumented key used in transforms.conf"

How can I identify login and logoff times for users using Windows Security Event-IDs 4624 and 4634?

Blacklist log events (not log filenames) using a string to limit events forwarding to Splunk Indexers

How to configure the input to index Task scheduler logs from a windows machine?

Windows XP, Splunk keeps converting User Account Name to some random ID, how to avoid the converting?

Will monitored files that are renamed be reindexed?

How to monitor and index tar.gz files in Splunk?

Persistent Queue not working for Heavy Forwarder on Splunk Enterprise 6.3.2

How do you get data into Splunk Enterprise with a universal forwarder?

Trouble getting data to indexer from fortigate

Data masking using heavy forwarders

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions