Getting Data In

Thread Info

Need Help with Group-IB Threat Intel Feeds Integration Issue

Hello Splunk Community, I'm currently facing an issue with integrating Group-IB threat intelligence feeds into my S...

by Engager in

how to edit logs to not look like raw text

Currently I am feeding Splunk Zeek logs (formerly known as bro) via the monitor command. Some of the logs in the Zeek...

by Explorer in

Monitoring OpenAI usage in Splunk

We are rolling out a customer service chatbot. Has anyone needed to collect the data such as input/output and logs be...

by Engager in

Time parsing working correctly but not able to see nanoseconds in the results

Hello I have to work on a parser which has the time format like this : "time: 2024-02-15T11:40:19.843185438Z" It...

by Path Finder in

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for unix and linux ?

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for Windows ?I am getting data once I injes...

by Path Finder in

the best way to collect Windows Defender logs?

Hi, I need to collect the logs from Windows Defender and I was looking for an official app and I couldn't find one....

by Contributor in

How to get the diag files with debug files of the UF and the HF?

Log ingesting intermittently We could not find the path referenced . We have Univerasal forwarder is Windows server a...

by Engager in

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

After upgrade to 9.0 seeing following ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>

by Splunk Employee in

Best way to extract _time from file name and text

Hello to everyone!I have a curious situation:I have log files that I collecting via SplunkUFThis log file does not co...

by Contributor in

Cloud flare TA logs are not getting parsed

Hi,we had deployed cloud flare ta app on one of our sh,could anyone help me in fixing the logs parsing issue in splun...

by Builder in

splunk hec ingestion of data file

Been struggling for a while on this one. On-prem Splunk Enterprise. v9.1.2, running on CentOS 7.9 -- Just tryi...

by Observer in

Windows universal forwarder localappdata

Hello, I need to monitor log files that are in the following directory('s'): "c:\users\%username%\appdata...

by Explorer in

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

Hello, I'm looking to change our indexing architecture We have dozens of AWS accounts. We use the Splunk AWS app ...

by Explorer in

How to add custom log file to splunk universal forwarder?

How to add custom log file to splunk universal forwarder? I have an application which generate the log. I need to ...

by Engager in

UF - WinEventLog Security collection error - GUID translation failure

Hi, We deployed an UF on a Win server 2022 and enabled the [WinEventLog://Security] log collection. The log coll...

by Engager in

Splunk forwarder does not run any script for a period of time

Good morning, Let me tell you about my case. In my company, we have five indexers, one for development and the othe...

by Explorer in

Timezone and Timestamp modification at search/report time?

We have standardized our infrastructure on UTC, but we want to generate reports in PST. Is there a way to specify a t...

by Engager in

Sourcetype - checkpoint -aad :aure

I Am having Hf and it is configured to send data via sourcetype A After sometime it stops sending data to A Then ...

by Engager in

Hidden syslog configuration on heavy forwarders

My organization has a handful of heavy forwarders that were configured to listen to syslog sources through udp://514....

by Explorer in

How to activate forwarder server?

Hi Guys, I am struggling to send data from remote machine to Splunk server. I have tried the steps mentioned in t...

by Explorer in

GPO GUID Resolve

Hi everyone. Is there any way to resolve GPO GUID or SID within Windows Security Logs? For instance, when we change...

by Explorer in

Windows Security Logs not forwarding to Splunk Cloud

Have UFs configured on several Domain Controllers that point to a Heavy Forwarder and that points to Splunk Cloud. Tr...

by Explorer in

How to use heavy forwarder to replace rather than append data.

Hello - Admitted new guy here, I have a heavy forwarder sending data from a MySql database table into Splunk once...

by Engager in

Google Drive Age Monitoring?

Hi, So I’m working on creating an alert in Splunk, but I’m having some issues with setting up the query. The goal o...

by New Member in

Ubuntu not shown up in Forwarder Management

Hello everybody  I'm new here and recently I created this : Ubuntu : splunk serverUbuntu : splunk forwarder...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Need Help with Group-IB Threat Intel Feeds Integration Issue

how to edit logs to not look like raw text

Monitoring OpenAI usage in Splunk

Time parsing working correctly but not able to see nanoseconds in the results

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for unix and linux ?

the best way to collect Windows Defender logs?

How to get the diag files with debug files of the UF and the HF?

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

Best way to extract _time from file name and text

Cloud flare TA logs are not getting parsed

splunk hec ingestion of data file

Windows universal forwarder localappdata

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

How to add custom log file to splunk universal forwarder?

UF - WinEventLog Security collection error - GUID translation failure

Splunk forwarder does not run any script for a period of time

Timezone and Timestamp modification at search/report time?

Sourcetype - checkpoint -aad :aure

Hidden syslog configuration on heavy forwarders

How to activate forwarder server?

GPO GUID Resolve

Windows Security Logs not forwarding to Splunk Cloud

How to use heavy forwarder to replace rather than append data.

Google Drive Age Monitoring?

Ubuntu not shown up in Forwarder Management

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions