Getting Data In

Thread Info

How to integrate BeyondTrust Retina to Splunk and find log source?

I am planning to integrate BeyondTrust Retina to Splunk and would like to know the process. Currently, the logs are c...

by New Member in

Import CSV with column that has "Change %" (percent symbol) in it. How do I search on this field?

Hello, I have been importing a CSV that has a column that has a percent symbol in it. How do I search on this...

by Communicator in

HTTP Event collector not working for .NET logging

We are getting authorization error while calling the service from dot net or java client. It is working fine with cur...

by Communicator in

How to create automatic wildcard lookups against more than one field in a CSV file?

Hi, I have defined a Automatic Lookup to a CSV File with several values per line. I would create automatic wildcar...

by Explorer in

Is it possible to send all data from Splunk Light to Splunk Cloud?

i want to use splunk universal forwarder to send all data to one instance of splunk ligth locally and then use anothe...

by Explorer in

Creating dashboards based on field-names rather than field-values in nested-JSON

Hi Splunkers, I have events coming to Splunk Enterprise in the following JSON format: { "ip" : "1.1.1.1" ...

by Explorer in

I have a CSV that I import daily and some values decide to not show as "0", and some do.

I have a CSV that I import daily and some values decide to not show as "0", and some do. Here's my search: index="...

by Communicator in

Deployment server only showing 1 client at a time

I have only a deployment server at the current time and to get ahead of the game we going to roll the UF to our windo...

by Path Finder in

Shorten a URL to it's Primary Domain Name from Bluecoat Logs

I'd like to shorten a URL collected from bluecoat logs so that it only lists the primary domain name. For example:...

by Engager in

Splunk UF forwarding to a unidirectional data diode which then forwards logs to Splunk server. No longer receiving logs from UF. (air gapped environment)

Here's a quick rundown of the environment: Virtual Machines (linux splunk instances), No internet connection, air gap...

by Explorer in

Splunk universal forwarder not reporting data from SQL server

Hi everyone , We have issue with Splunk universal forwarders , we installed recently on SQl servers , i have all i...

by Explorer in

Bandwidth usage for 200 GB of data from heavy forwarder to indexers

Hello, I understand from some of the links that using UFs as intermediate forwarding layer add metadata at stream lev...

by Explorer in

Universal forwarder configured to collect application event logs

Trying to collect specific GPO event codes so we've created an app on the universal forwarder with the below in the i...

by Engager in

Is it possible to change/delete tags via search?

Hi, Can anyone tell me if it is possible to change and delete tags by Splunk search? Let me tell you why. I import...

by Path Finder in

How can we extract a json document within an event?

We have events such as - 10.10.2017 09:40:39.651 *INFO* [10.86.208.119 [1507646439651] POST /apps/xxxx/yyyy HTTP/...

by Ultra Champion in

Forwarding syslogs from ESX

Hi! I've followed this guide to forward syslogs from ESX 4.0 U2 (http://www.splunk.com/wiki/Community:VMwareESXSyslog...

by Explorer in

db connect timestamp conversion

Hello, We are running queries directly in the splunk db connect and not doing an input but the timestamps are gett...

by Splunk Employee in

Line splitting at a regular expression for ""

I'm needing to split a stream of data (from a REST API call) that is CSV data, variable line lengths at the initial s...

by Splunk Employee in

Why are date_* fields are not being extracted from Windows security logs?

We are bringing Windows Security Logs into Splunk via the universal forwarder. All of the events begin with a timesta...

by Path Finder in

Forwarder: Need to send a file with same file name ( updated every 2 hours) multiple times a day

We have a strange issue wherein the file is not being forwarded using universal splunk forwarder. For a given day...

by New Member in

Splunk Forwarder 7.0.0 -- Can I set the index that is selected before the Splunk forwarder is installed?

I installed the Splunk Forwarder x64 Windows version 7.0.0 today on a server. The behavior appears to have changed. I...

by Engager in

Is it possible to forward data to a Splunk Free license?

I am trying to forward logs from a linux server to a Splunk Free indexer instance. I know my forwarder is set up corr...

by Path Finder in

How to configure Splunk to extract key value pairs with JSON log data from Http Event Collector?

We have started using the Http Event Collector (HEC) for logging directly from our Java apps. HEC takes data in JSON ...

by New Member in

"--splunk-cooked-mode-v3-- " in the indexer

Splunkers, I am facing this issue of cooked data, I know there are many answers about it and this has been a real pai...

by Communicator in

How can I exclude a specific recurring time range from my search?

Hi all, I need to create a dashboard which can provide me the total review time taken by the analyst. I have creat...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to integrate BeyondTrust Retina to Splunk and find log source?

Import CSV with column that has "Change %" (percent symbol) in it. How do I search on this field?

HTTP Event collector not working for .NET logging

How to create automatic wildcard lookups against more than one field in a CSV file?

Is it possible to send all data from Splunk Light to Splunk Cloud?

Creating dashboards based on field-names rather than field-values in nested-JSON

I have a CSV that I import daily and some values decide to not show as "0", and some do.

Deployment server only showing 1 client at a time

Shorten a URL to it's Primary Domain Name from Bluecoat Logs

Splunk UF forwarding to a unidirectional data diode which then forwards logs to Splunk server. No longer receiving logs from UF. (air gapped environment)

Splunk universal forwarder not reporting data from SQL server

Bandwidth usage for 200 GB of data from heavy forwarder to indexers

Universal forwarder configured to collect application event logs

Is it possible to change/delete tags via search?

How can we extract a json document within an event?

Forwarding syslogs from ESX

db connect timestamp conversion

Line splitting at a regular expression for ""

Why are date_* fields are not being extracted from Windows security logs?

Forwarder: Need to send a file with same file name ( updated every 2 hours) multiple times a day

Splunk Forwarder 7.0.0 -- Can I set the index that is selected before the Splunk forwarder is installed?

Is it possible to forward data to a Splunk Free license?

How to configure Splunk to extract key value pairs with JSON log data from Http Event Collector?

"--splunk-cooked-mode-v3-- " in the indexer

How can I exclude a specific recurring time range from my search?

Get Operational Insights Quickly with Natural Language on the Splunk Platform

Stay Connected: Your Guide to August Tech Talks, Office Hours, and Webinars!

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions