Getting Data In

Discussions

Thread Info

Why are some Windows Security events not logging in Splunk?

I have a UF setup on a windows 2012 server. I am logging Win sec logs but I see some in the event viewer that are not...

by New Member in

Index freezing - event or bucket timestamp

Hi there, Quick one, does Splunk freeze data based on bucket timestamp or event timestamp? Cheers, MHibbin

by Influencer in

How to automate Splunk Universal Forwarder installation on Windows script?

Hi, Seeking for an assistance on how can I automate splunk forwarder installation using windows script? Can I add ...

by Communicator in

How will removing a heavy forwarder from my current environment affect indexing performance?

My clustered index sizes/event counts seem to occasionally mismatch a bit from indexer-to-indexer. This might result ...

by Path Finder in

Linux_audit wont transfrom node field into host

Hello all, I collect all of my *nix logs into a central server that I has a UF installed on it. I have the splunk_...

by Explorer in

Help with installing two universal forwarders on the same Windows box - service shutting down on second install

I need to install 2 separate universal forwarders on the same Windows box. I have the install built, one via msi and ...

by Path Finder in

Why isn't whitelisting for universal forwarder working in Splunk v6.6.3?

I am using UF 6.6.3.0 on my domain controller and following is my inputs.conf. The whitelisting part is not working I...

by Communicator in

Why can't I start the Splunk Forwarder on a local computer? (Error 1069, login failure)

Splunk Version 6.2.9.276372 Windows could not start the SplunkForwarder service on local computer. Error 1069: The...

by Engager in

How can I create a barchart comparing active unique users vs. total users by month?

How do I create a comparison bar chart of active unique user vs total user by month on Splunk search head? Both are ...

by Path Finder in

How to correct the future time stamp issue occurring for certain sourcetype and host?

Hi All, Currently we are facing an issue with data being logged with future time stamp for certain host and source ty...

by Motivator in

Problem splitting data, lines are lost from scripted input data.

I have a script that works fine. When I do run it from cli like this, I get correct result: /opt/splunk/bin/splunk cm...

by Builder in

Manually Importing McAfee EPO Data

So, I have been tasked with monitoring our EPO server, which is managed by a managed service. Long story short, the o...

by New Member in

How to blacklist a log data from being monitored from router device ending with host name 03r /04r and keeping other devices still monitored?

Hi All, My exact requirement, currently we need to route two router devices at the site 03r and 04r point to index=ne...

by Motivator in

Load Balancing with universal forwarders as intermediate layer

In current design, we proposed two load balanced HFs to collect the data from 200+ end-points and pass it to next lev...

by Explorer in

Getting Error from TailReader

Hello, I am trying to upload a .csv file through my auto-index and I am getting this error in my internal logs " -...

by Path Finder in

How to use K-anonymity with Splunk?

Hello, Let's say i have a csv file that contains sensitive data, I want on index to group multiple lines as one event...

by New Member in

Help needed with Search to correlate Windows Event Logs

Hi All, I have a requirement to write a Splunk query that will alert if windows event logs capture three EventCod...

by Explorer in

High Availability for Heavy forwarder configuration?

Current setup of Splunk Instance is 10 UF---->2HF---->3IDX, In HF for load balance we go with config of autoLB with ...

by New Member in

Process monitoring in Windows

Hi, In our system, there will be multiple java.exe process will be running, we are in need for monitoring the cpu ...

by New Member in

What happens if you specify two paths in a volume in indexes.conf?

What happens if you specify two paths in a volume in indexes.conf? For example: [volume:example] path = /opt/splu...

by Communicator in

Parse JSON nested inside a Windows Event

Hello, I am looking for a way to parse the JSON data that exists in the "Message" body of a set of Windows Events. Id...

by Engager in

How do I get an older version of Splunk DB Connect 1, particularly version 1.1.7?

Hi, I am unable to get DB Connect 1, version 1.2 to work, and I'd like to try 1.1.7, but I can't find it. How do I...

by Champion in

Can I forward local text log files from my laptop to Splunk (for testing purposes)? Splunk and the forwarder would be on the same laptop in this hypethical.

How to use Splunk Forwarder in my personal laptop for testing purpose and forward the data to Splunk from a monitored...

by New Member in

Search using metadata returns different results

I'm getting different search results for the metadata I added to my log events. What did I misconfigure? Added to ...

by New Member in

Splunk Forwarding audittrail data to third party system via syslog not working

Attempting to forward audittrail sourcetype data via syslog to our existing SIEM. I have a similar setup already work...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why are some Windows Security events not logging in Splunk?

Index freezing - event or bucket timestamp

How to automate Splunk Universal Forwarder installation on Windows script?

How will removing a heavy forwarder from my current environment affect indexing performance?

Linux_audit wont transfrom node field into host

Help with installing two universal forwarders on the same Windows box - service shutting down on second install

Why isn't whitelisting for universal forwarder working in Splunk v6.6.3?

Why can't I start the Splunk Forwarder on a local computer? (Error 1069, login failure)

How can I create a barchart comparing active unique users vs. total users by month?

How to correct the future time stamp issue occurring for certain sourcetype and host?

Problem splitting data, lines are lost from scripted input data.

Manually Importing McAfee EPO Data

How to blacklist a log data from being monitored from router device ending with host name 03r /04r and keeping other devices still monitored?

Load Balancing with universal forwarders as intermediate layer

Getting Error from TailReader

How to use K-anonymity with Splunk?

Help needed with Search to correlate Windows Event Logs

High Availability for Heavy forwarder configuration?

Process monitoring in Windows

What happens if you specify two paths in a volume in indexes.conf?

Parse JSON nested inside a Windows Event

How do I get an older version of Splunk DB Connect 1, particularly version 1.1.7?

Can I forward local text log files from my laptop to Splunk (for testing purposes)? Splunk and the forwarder would be on the same laptop in this hypethical.

Search using metadata returns different results

Splunk Forwarding audittrail data to third party system via syslog not working

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions