Getting Data In

Discussions

Thread Info

Install TA for Microsoft Windows Defender on Splunk Light

I've downloaded the above TA to try and collect windows defender logs from my universal forwarders but I have no idea...

by Explorer in

How to extract json fields?

This is my Logs { [-] line: 2019-03-20T11:33:06.942Z info: Response: ServiceName: Pharmacy.findPharmacy; URI: /fi...

by Contributor in

Is there a script to automate installing universal forwarders on multiple Windows servers?

I have a use case to install Splunk Universal Forwarders in 600+ Windows servers at a time. Is there any script to au...

by Communicator in

Nested JSON Parsing and SPATH

I am trying to add the JSON file onto splunk. The file is not getting added effectively. I am attaching a brief of my...

by Explorer in

data missing in the index after session log out

I have added data through "ADD Data" after completing and i could able to search data. But data getting missed or sea...

by Builder in

Help with monitoring stanza

Below are the files to monitor /Backup/HealthCheck/Reports/Auto_HC_Mar_19_19_08_26_25.log /Backup/HealthCheck/Repo...

by Builder in

Why is there Splunk indexers data replication failure?

I have index clustering using site1 and site2. I have 3 indexers in site 1 and 3 indexers in site 2. I had a disk spa...

by Explorer in

How does Splunk Cloud handle frozen data and format logs?

Hi, I am evaluating Splunk Cloud and I have two questions which answers I could not find on the web: How does Splu...

by New Member in

What should be the deploy location for props.conf shcluster?

I have a props.conf I want to make it available to all search apps on the searchhead. what location should it be plac...

by Explorer in

How to alert if the last indexed log from a host is older than 15 mins from the search time?

I have a requirement where a log file from my application hosts will get updated every 15 mins if the application is ...

by Explorer in

Why am I experiencing indexer congestion after 6.5.0 upgrade?

I have four independent indexers in a round robin, 2 are fairly old, 1 is a year old and my newest is maybe 3-4 month...

by Path Finder in

indexed_extractions=json not working for FIFO file

Hi everyone, In my inputs.conf I am monitoring a fifo file receiving json events. Inputs.conf : [fifo:///tmp/a....

by Explorer in

How can we use the Splunk API better?

We ended up mapping api-splunk.<company>.com to a certain search head. Our concern with giving it to the users is the...

by Ultra Champion in

Why are there duplicated Windows Security Logs?

Hi, My problem is duplicated windows security logs. 2 or more log same as each other. why do that ? 03/18/2019...

by Path Finder in

Ingest IIS Appcmd into table visualization

I apologize if this has been asked before, I couldn't find it via the search/google/youtube. I'm outputting IIS A...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Install TA for Microsoft Windows Defender on Splunk Light

How to extract json fields?

Is there a script to automate installing universal forwarders on multiple Windows servers?

Nested JSON Parsing and SPATH

data missing in the index after session log out

Help with monitoring stanza

Why is there Splunk indexers data replication failure?

How does Splunk Cloud handle frozen data and format logs?

What should be the deploy location for props.conf shcluster?

How to alert if the last indexed log from a host is older than 15 mins from the search time?

Why am I experiencing indexer congestion after 6.5.0 upgrade?

indexed_extractions=json not working for FIFO file

How can we use the Splunk API better?

Why are there duplicated Windows Security Logs?

Ingest IIS Appcmd into table visualization

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

Lopping Off Dot Notation Field Names

Splunk on GCP: what's the benefit of running dataf...

scheduler.log broken korean

Suggestions Please: REST Api, csv,html

Can you use ingest actions against _raw?