Getting Data In

Thread Info

Is there an Event ID in Windows or ways to monitor privilege escalation?

To test this, I tried Control Panel > User Accounts > Change Account Type to and fro Standard account and Administrat...

by Path Finder in

Indexer hosts with shared storage

I am planning to build a Splunk 6.5.x indexer "farm" to balance the workload. The "farm" can be either a bunch of ind...

by Explorer in

Possible to retrieve all results of a completed search (by search id) using the REST api?

I'm hoping someone can prove me wrong... It looks to me as though it is not possible to retrieve all results of a ...

by Explorer in

How can I use sparkline for single value visualization?

I want to display the total event count for the current month and then compare it to the total event for the last mon...

by Contributor in

Which forwarder version should I install on Solaris 5.10?

I see the following on our server, which needs a forwarder - uname -a SunOS <hostname> 5.10 Generic_Virtual sun4v...

by Ultra Champion in

How to configure time zone settings for firewall data coming from a different timezone?

Hi All, Currently we got a request to adjust the time zone based on the Plant location from where the firewall logs a...

by Motivator in

Choosing an approach for sending metrics to Splunk

Hi, I have just started exploring Splunk. My requirement is to capture metrics from the a set of micro services...

by New Member in

Getting data from prowershell script

Hello, I am having some trouble getting data into Splunk from a powershell script. The script is a Nagios script c...

by Explorer in

How does Splunk get logs from Linux or Windows servers?

i am a beginner how do splunk get log from linux server or window server? do (Active) splunk actively get log f...

by Explorer in

How can I create a role with the capability to delete Splunk apps through REST API?

Hi, I wants to delete Splunk apps through REST API. I don't want to use admin credentials in HTTPS request,Kindly sug...

by New Member in

Validate logs to CIM Validation (S.o.S.)

For example, I have task "validate fortinet logs to CIM Validation (S.o.S.)". 1) What it's mean and why we need do it...

by Builder in

How to edit my datetime.xml to extract the date from a filename to use as the date for indexed events?

I have read multiple blogs and answers and couldn't find anything that helps. The filename will be something like...

by Path Finder in

How do I add a dynamic _meta field pushed from deployment server to monitored files on Heavy Fowarders?

I am working with a heavy forwarder tier that is running syslog where network devices are sending data. For ease of t...

by Motivator in

Splunk architecture question

Hello, Could you let us know if it’s possible to connect one cluster master to another cluster indexers using dis...

by Motivator in

Using Splunk to help define required Cisco ASA rules

Hello folks, Is Splunk able to help me generate rules to put on an ASA? We're running an ASA in transparent mod...

by New Member in

Securing Communications between Deployment Server to Forwarder (upgraded from 6.5.3 to 6.6.x (Deprecated SSL Stanzas) Windows 2012, Windows 2008R2

I have recently upgraded from 6.5.x to 6.6.x and I am now encountering openSSL communication errors between my Deploy...

by Splunk Employee in

Has anyone successfully parsed Exim logs into Splunk?

I'm trying to get Exim logs parsed into Splunk to log inbound/outbound mail. I'm very new using RegEx and have been f...

by Path Finder in

Data is not getting indexed through Universal Forwarder

Hello All, We are forwarding data to indexer from Universal forwarder for couple of months perfectly. Recently we are...

by Explorer in

How to extract two different fields on same timestamp based on the type of log statement?

Hi there, I have the following two different sample logger statements, the first statement written at the beginning o...

by New Member in

Why are separate events combined as a single event from the 1st to the 9th of every month, but are parsed correctly as individual events starting on the 10th?

From the 1st until the 9th 23:59:59 of every month, individual events are being combined into one event. As soon as t...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is there an Event ID in Windows or ways to monitor privilege escalation?

Indexer hosts with shared storage

Possible to retrieve all results of a completed search (by search id) using the REST api?

How can I use sparkline for single value visualization?

Which forwarder version should I install on Solaris 5.10?

How to configure time zone settings for firewall data coming from a different timezone?

Choosing an approach for sending metrics to Splunk

Getting data from prowershell script

How does Splunk get logs from Linux or Windows servers?

How can I create a role with the capability to delete Splunk apps through REST API?

Validate logs to CIM Validation (S.o.S.)

How to edit my datetime.xml to extract the date from a filename to use as the date for indexed events?

How do I add a dynamic _meta field pushed from deployment server to monitored files on Heavy Fowarders?

Splunk architecture question

Using Splunk to help define required Cisco ASA rules

Securing Communications between Deployment Server to Forwarder (upgraded from 6.5.3 to 6.6.x (Deprecated SSL Stanzas) Windows 2012, Windows 2008R2

Has anyone successfully parsed Exim logs into Splunk?

Data is not getting indexed through Universal Forwarder

How to extract two different fields on same timestamp based on the type of log statement?

Why are separate events combined as a single event from the 1st to the 9th of every month, but are parsed correctly as individual events starting on the 10th?

Summing epoch values within a JSON field

how to onboard data from tableau to splunk?

How does Splunk collect data?

unable to search index="_internal" for heavy forwarder instance from search head console but splunkd.log is functional

Source vs Sourcetype: What's the difference?

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions