Getting Data In

Community Activity

	REST API - Search targetResources from Azure Audit via Java SDK I am trying to query audit logs from Splunk. The logs are for azure but when I hit the below query, it only returns t... by swaprks Loves-to-Learn Lots in Getting Data In 04-21-2024 0 1	0	1
	How to drop specific lines from an event not the whole event we are getting WAF log and the events are very big we need to drop some lines from the events that has no meaningful ... by Mfmahdi Path Finder in Getting Data In 04-21-2024 0 3	0	3
	Logs from PaloAlto I have Splunk Installed on a windows machine and configured PaloAlto app along with Add on. I have done configuration... by Rabab Loves-to-Learn Lots in Getting Data In 04-21-2024 0 13	0	13
	Specific Indexer is overused!! HI, I'm working in splunk team.Environment:3 SH 10 IDX (1 of 10 IDX overused)Replication factor 3Search factor 3 Coul... by dongwonn Explorer in Getting Data In 04-20-2024 0 8	0	8
	Formatting timestamp field extracted from CSV file for post processing Hi, I'm currently ingesting CSV files to Splunk. One of the fields record actual Event Timestamp in this format YYYYm... by gaurav10 Engager in Getting Data In 04-20-2024 0 5	0	5
	REST API - error "Invalid earliest_time." Use Splunk SDK JAVA, I'd use the REST API. If the settings as follows causes an error. code: Args queryArgs = new A... by jetzt82 Explorer in Getting Data In 04-19-2024 0 4	0	4
	How do you install and configure a Splunk Universal Forwarder on OS X? Hello, I need help installing the Universal Fowarder for OS X as well as configuring it. Is there a guide online tha... by cpreasbeck Engager in Getting Data In 04-19-2024 0 5	0	5
	Add-On for OpenTelemetry Collector in enterprise Hello all,I am trying to ingest metrics via Opentelemetry in an enterprise environment. I have installed the Splunk A... by Be_JAR Path Finder in Getting Data In 04-19-2024 0 4	0	4
	Splunk Connect for Syslog I was following the documentation of splunk connect for syslog so that I could ingest syslog in Splunk Cloud setup.I ... by matcher123 Loves-to-Learn Everything in Getting Data In 04-19-2024 0 8	0	8
	How do use the Splunk REST API to update macros that live under a different app? Hiya, I'm trying to use the Splunk REST API to update macros that I've recently had to move to live under a different... by starbuck New Member in Getting Data In 04-18-2024 0 1	0	1
	What is the server role of heavy forwarder and indexers in cluster? In the monitoring console what is the best practice of server role for heavy forwarders? I used Indexer but not sure ... by dkrichards16 Path Finder in Getting Data In 04-18-2024 0 6	0	6
	SQS-Based-S3 Input for Cloudtrail black list events I'm currently using SQS Based s3 input for cloudtrail and I'm trying to drop nosey events such as GET and LIST.The do... by pstephens93 Explorer in Getting Data In 04-17-2024 0 1	0	1
	What are the blacklist/config options to stop events from being transferred across the network to the Indexer I have a cloud-based server sending events to the Indexer over my WAN link via Http Event Collector (HEC). We have l... by rob_gibson Path Finder in Getting Data In 04-17-2024 0 10	0	10
	appserver folder is not created automatically I am a beginner in splunk and I have created a new app in the Splunk Enterprise.I am not able to see appserver folder... by dhruvisha2345 Engager in Getting Data In 04-17-2024 0 2	0	2
	Unusable Filesystem I'm setting up a lab instance of Splunk Ent in prep to replace our legacy instance in a live environment and getting... by jessieb_83 Path Finder in Getting Data In 04-17-2024 0 5	0	5
	How to read cloudtrail logs from an s3 bucket? I know there is Splunk Add-on for AWS, but I heard there is a simpler and easier way to read the buckets directly wit... by dc18 Explorer in Getting Data In 04-16-2024 0 2	0	2
	Splunk onboarding Custom Views from EventViewer Hello, I am trying to create a custom view (also via Xpath) from EventViewer and later insert it into Splunk via a "W... by dc17 Explorer in Getting Data In 04-16-2024 0 5	0	5
	Extract fields from json and nested json I am using regex to extract the field from the below json data. I want to extract the fields in key-value pair specia... by gemrose Explorer in Getting Data In 04-16-2024 0 2	0	2
	Limitation of Heavy Forwarder outputs? I wonder if a Heavy Forwarder can be the intermediate instance among 1000 Universal Forwarders and 1000 Indexers? The... by LuanNguyen Engager in Getting Data In 04-15-2024 0 3	0	3
	How to configure fortinet fortigate add on if using syslog server UF to get logs into indexer from fortigate analyzer? Hello All,We have log flow from fortigate to splunk as follows:Fortigate Analyzer> Syslog server with UF>Deployment s... by Satyams14 Loves-to-Learn Lots in Getting Data In 04-15-2024 0 1	0	1
	Underscore in props.conf stanza with source meta key Hi Splunkers, I have a doubt about underscores and path in props.conf.Suppose, in my props.conf, I have:[source::/aaa... by SplunkExplorer Contributor in Getting Data In 04-15-2024 0 1	0	1
	How to configure Splunk forwarder to receive FortiGate logs? I have a Splunk universal forwarder installed. The Splunk Enterprise is seeing the forwarder, now I want to send netw... by jejohnson New Member in Getting Data In 04-14-2024 0 4	0	4
	How to configure an app's outputs.conf to forward data to a specific indexer? Hi Experts, We deployed 4 apps on Splunk Universal Forwarder. 3 apps having same outputs.conf and sending data to sa... by chanduira Explorer in Getting Data In 04-14-2024 0 7	0	7
	is my syslog-ng wrong ? 我想使用 syslog-ng 將資料從通用轉寄器輸入到我的搜尋頭我將使用 TCP，但我不知道哪裡出了問題，我無法在搜索頭中顯示我的數據這是我的syslog-ng splunk.conf template syslog { ... by ryanaa Explorer in Getting Data In 04-12-2024 0 1	0	1
	TIME_PREFIX Can you please let me know the TIME_PREFIX & TIME_FORMAT for the below log type.00:0009:00000:00000:2024/04/12 12:14... by sathiyasun Explorer in Getting Data In 04-12-2024 0 1	0	1