Getting Data In

Discussions

Thread Info

Archsight to Splunk via UF /Syslog

We are planning to migrate archsight to Splunk via Collection of UF , syslog to HF. How many UF we need to install...

by Path Finder in

Why did our Windows Universal Forwarder stop forwarding?

I have the universal forwarder installed on one of our Windows servers and it has been forwarding logs with no issue ...

by Path Finder in

Can I get the iframe embed URL for a report via the REST API?

I'm hoping to build a product that allows users to easily select a report from their Splunk instance and embed it in ...

by Path Finder in

Unable to authenticate to search heads: "Global key files are invalid. This server cannot distribute searches..."

After a long-overdue upgrade from 6.x to 7.1.3 -- this release it the latest one supported by my vendor, who interope...

by Communicator in

UFs new pointer after restart

If I gracefully shutdown the UF, it will send all logs from output queue and from internal parsing queue. Suppose I...

by Communicator in

forwarder dropping events

Currently, I have 2 seperate clusters. One 'old' 6.0 cluster, and a new cluster for 6.2. The idea is to have our forw...

by Communicator in

Send a hostname tag via universalforwarder using Docker-Compose

Hi. I'm configuring a docker-compose responsible to start a cluster of an application and then Splunk and the u...

by Engager in

Logs sending being cutoff

Hello, I have had an issue where specifically the firewall logs were cutoff for about 5 hours and then reconnected ...

by Engager in

How do I schedule a CSV Report?

Hello! I have a scheduled report that I have running monthly that exports my results into a PDF format that is emai...

by Loves-to-Learn in

Default apps in Universal Forwarder, is any of them unnecessary?

I just installed universal forwarder, And was deploying my first app using DS, I came accros few apps in place prio...

by Communicator in

mv extraction in props.conf

I need to extract (at search time) a multivalue field in some JSON data in a manner that will allow me to perform add...

by Path Finder in

Failed to reap viewstate

I find these in splunkd.log and the inputs.conf doesn't seem to be working INFO ViewstateReaper - Failed to rea...

by Engager in

Using props.conf and transforms.conf to exclude 'USERID' events in Palo Alto logs

Hello All, I'm trying to prevent the 'USERID' events from getting indexed by making the following changes on my Heavy...

by Path Finder in

ServiceNow Add-on 'sys_updated_on' field error

Hi, Splunk server: 7.3.5 snow_ta version: 6.0.0 I'm trying to collect data from the snow cmdb input with the ta...

by Explorer in

How to send a data source to specific indexers?

Hi I am looking for an example to follow, where I can specify which data source goes to which indexers. I am trying...

by Contributor in

Removing newline and carriage return

Hi, I am new to splunk. I am trying to make my logging message format good. I have log message with newline or ...

by Explorer in

Removing Backslash

Good morning. Trying to replace a "\" (backslash) from a string. Below is my example ... # Perform Global Replac...

by Path Finder in

host override not working

Hello, We are using the Splunk app for checkpoint to ingest checkpoint logs via a heavy forwarder. The host is al...

by Explorer in

Log fetching issues - Http event collector

Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.if i run the curl c...

by Explorer in

Detect unusual login at work-off time

Hi Guys , I want to check login behavior on a per-app basis. In short to look at when most logins happen, for exam...

by Loves-to-Learn Lots in

Getting Data In

Discussions

Archsight to Splunk via UF /Syslog

Why did our Windows Universal Forwarder stop forwarding?

Can I get the iframe embed URL for a report via the REST API?

Unable to authenticate to search heads: "Global key files are invalid. This server cannot distribute searches..."

UFs new pointer after restart

forwarder dropping events

Send a hostname tag via universalforwarder using Docker-Compose

Logs sending being cutoff

How do I schedule a CSV Report?

Default apps in Universal Forwarder, is any of them unnecessary?

mv extraction in props.conf

Failed to reap viewstate

Using props.conf and transforms.conf to exclude 'USERID' events in Palo Alto logs

ServiceNow Add-on 'sys_updated_on' field error

How to send a data source to specific indexers?

Removing newline and carriage return

Removing Backslash

host override not working

Log fetching issues - Http event collector

Detect unusual login at work-off time

Issue with getting data to Splunk App for Hyperled...

Splunk fundamental training lab 4

unable to get MS Azure event hub using Splunk Addo...

Citrix TA-XD7-Broker - ps script requires cloud lo...

Using Splunk Universal Forwarder and scripted inpu...