Getting Data In

Discussions

Thread Info

What could prevent the monitoring of papercut logs?

I'm collecting all other logs ie. wineventlogs, splunkd logsthe inputs.conf is accuratethe splunk user has full acces...

by Engager in

Duplicated values on count

When I do an stats count my field it return the double of the real number index=raw_fe5_autsust Aplicacao=HUB ...

by New Member in

Spike in log ingestion only on weekends

Hello, Can anyone assist in determining why my splunk instance ingest large amounts of data ONLY on the weekends? ...

by New Member in

How to consolidate Thousand Eyes into Splunk to centralize alerts on the dashboard?

Hi Team,Hi Splunk Team, could you guide me through the process on how to consolidate Thousand Eyes into Splunk to cen...

by Loves-to-Learn Everything in

Splunk Not ingesting

Referring to the below inputs.conf for one of my windows server , as you can see, there is some whitespace at the en...

by Explorer in

Whitelisting/Allow list for IP for HEC ingestion

I tried to whitelist an ip address for HEC log ingestion and got the error message "Subnet overlaps Private IP bloc...

by New Member in

send log to bucket s3

hello all, I would need the logs to be sent to my S3 bucket smartstorage after 1 month from my security index, but ...

by Explorer in

How to Traverse Nested JSON Structures in Splunk for Process Event Analysis

This is my JSON data. How should I write a query syntax to directly traverse to the last parentProcess, and then prov...

by Engager in

Question about inputs.conf [monitor:///...]

Hi there. A simple question, it's not for a real usage, just a curiosity  Does UF block inputs for system pa...

by Builder in

Azure Devops Git activity logs in Splunk

Has anyone tried this integration, I am facing issues while integrating this using this app https://splunkbase.splunk...

by Explorer in

Manually adding static file into paloalto index with Splunk_TA_paloalto

We had a problem with our syslog server and a bunch of data went missing in the ingest. The problem was actually caus...

by Path Finder in

TrackMe - Remote Deployment Account - SplunkCloud

Dear Splunk Community, I am here seeking your thoughts and suggestions on the error I am facing with TrackMe ...

by Engager in

splunk universal forwarder error installation on Windowa via PowerShell

Getting this error via Power Shell for the Splunk Universall installation Error below The term 'C:\Program...

by Loves-to-Learn Lots in

how to get Logs from Azure servers to On-prem splunk?

Hello, What is the best way to get windows logs and linux logs from aroung 200+ servers in Azure to on-prem splunk...

by Builder in

Pie chart colors not changing when only one value

I have a query where I am counting the PASS and fail and displaying it as a pie-chart.Also I modified the search so t...

by Communicator in

Which resources are affecting Splunk Enterprise Data Pipeline?

When the index pipeline begins backing up at any stage, which resources are responsible for the bottleneck. Obviously...

by Explorer in

How can i integrate Workspace one logs into Splunk?

Can someone guide me on ingestion of Workspace one logs into splunk

by Explorer in

Specific index stopped receiving logs. the SH _internal logs had an error"Unable to read from raw size file"

Hello, We had an index that stopped receiving logs. Since we do not manage the host sending the logs I wanted to g...

by Path Finder in

logs with no timestamp automatically show +15 hrs of time stamp

"CEF:0|Bitdefender|GravityZone|6.35.1-1|35|Product Modules Status|5|BitdefenderGZModule=modules dvchost=xxx Bitd...

by Path Finder in

splunk_hec exporter is failing "net/http: request canceled while waiting for connection

Trying to setup splunk otel collector using the image quay.io/signalfx/splunk-otel-collector:latest in docker desktop...

by New Member in

Missing Splunk Logs - same configuration in development and production enviroment

Hello, We have been investigating on missing 30% of Splunk logs in our production environment. I'm thinking it mayb...

by Engager in

Why is my LINE_BREAKER parameter not breaking properly with multiple capture groups?

Hello, I need help with perfecting a sourcetype that doesn't index my json files correctly when I am defining ...

by Motivator in

Unable to monitor a windows file.

What are some reasons why a UF wouldn't monitor a windows file assuming there is nothing wrong with any configs and t...

by Engager in

Memory Spike on Universal Forwarder when specific inputs.conf stanza is included

Hello, We have the universal forwarder running on many machines. In general, the memory usage is 200MB and below. ...

by Engager in

Data inputs details for each index

Hi, I'd lilke to create a detailed report with info including the type of forwarder, the average KB/s, the OS, the ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What could prevent the monitoring of papercut logs?

Duplicated values on count

Spike in log ingestion only on weekends

How to consolidate Thousand Eyes into Splunk to centralize alerts on the dashboard?

Splunk Not ingesting

Whitelisting/Allow list for IP for HEC ingestion

send log to bucket s3

How to Traverse Nested JSON Structures in Splunk for Process Event Analysis

Question about inputs.conf [monitor:///...]

Azure Devops Git activity logs in Splunk

Manually adding static file into paloalto index with Splunk_TA_paloalto

TrackMe - Remote Deployment Account - SplunkCloud

splunk universal forwarder error installation on Windowa via PowerShell

how to get Logs from Azure servers to On-prem splunk?

Pie chart colors not changing when only one value

Which resources are affecting Splunk Enterprise Data Pipeline?

How can i integrate Workspace one logs into Splunk?

Specific index stopped receiving logs. the SH _internal logs had an error"Unable to read from raw size file"

logs with no timestamp automatically show +15 hrs of time stamp

splunk_hec exporter is failing "net/http: request canceled while waiting for connection

Missing Splunk Logs - same configuration in development and production enviroment

Why is my LINE_BREAKER parameter not breaking properly with multiple capture groups?

Unable to monitor a windows file.

Memory Spike on Universal Forwarder when specific inputs.conf stanza is included

Data inputs details for each index

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions