Getting Data In

Thread Info

Splunk Blacklist inputs.conf for desktopexentsion.exe assistance

Trying to blacklist an event that is generating a lot of logs.Previously asked this question here Solved: Re: Splunk ...

by Engager in

Need assistance with a command for application.

I keep getting an error message when I am attempting to this command * EventCode=* user=* WinEventLog:Applicat...

by Path Finder in

Indexer queue sizes

Hi all, We have been facing some errors with Splunk indexers, where it says something like below. ``` Failed pr...

by Path Finder in

How to Declare ENV Variable in Alert

Hello, I'm trying to create an alert in DEV Environment to include "DEV" with subject something like Splunk Alert: ...

by Path Finder in

Not getting data in Edge Processor

Hello everyone, I am trying to send syslog data to my Edge Processor and it is the first time and it seems that i...

by Engager in

INGEST_EVAL for data coming from HEC at indexer layer

Hello, Please, in Splunk Enterprise, I would like to know if it is possible to apply an INGEST_EVAL processing at ...

by Communicator in

Not getting data from universal forwarder (ubuntu)

Not getting data from universal forwarder (ubuntu). 1) Installed Splunk UF version 9.2.0 and credential package fr...

by Path Finder in

customize log event to splunk hec

I were able to send my application log to splunk via HTTP event using the splunk java logging library. But somehow th...

by New Member in

How to merge lines based on timestamps?

Attached is a screenshot of the way my logs are appearing in Splunk. They match the log files themselves exactly, sep...

by New Member in

Why do variations in sourcetype appear?

I have an Splunk indexer that receives IIS input from several sources. Why is the sourcetype set to "iis.1" instead o...

by Legend in

Why is different tsidx file's size in same index?

Hi. I'm working on splunk operations team. version: Enterprise 7.3.4, centos7 Environment : 3 SH, 10 IDX cluste...

by Explorer in

Can't see data coming in from UF to Indexer

Hi Guys, I am very new to Splunk Cloud and how things work here. Our current setup is: 1. UF(Linux) -> Heavy Fo...

by Loves-to-Learn Everything in

Need Help with Group-IB Threat Intel Feeds Integration Issue

Hello Splunk Community, I'm currently facing an issue with integrating Group-IB threat intelligence feeds into my S...

by Engager in

how to edit logs to not look like raw text

Currently I am feeding Splunk Zeek logs (formerly known as bro) via the monitor command. Some of the logs in the Zeek...

by Explorer in

Monitoring OpenAI usage in Splunk

We are rolling out a customer service chatbot. Has anyone needed to collect the data such as input/output and logs be...

by Engager in

Time parsing working correctly but not able to see nanoseconds in the results

Hello I have to work on a parser which has the time format like this : "time: 2024-02-15T11:40:19.843185438Z" It...

by Path Finder in

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for unix and linux ?

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for Windows ?I am getting data once I injes...

by Path Finder in

the best way to collect Windows Defender logs?

Hi, I need to collect the logs from Windows Defender and I was looking for an official app and I couldn't find one....

by Contributor in

How to get the diag files with debug files of the UF and the HF?

Log ingesting intermittently We could not find the path referenced . We have Univerasal forwarder is Windows server a...

by Engager in

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

After upgrade to 9.0 seeing following ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>

by Splunk Employee in

Best way to extract _time from file name and text

Hello to everyone!I have a curious situation:I have log files that I collecting via SplunkUFThis log file does not co...

by Contributor in

Cloud flare TA logs are not getting parsed

Hi,we had deployed cloud flare ta app on one of our sh,could anyone help me in fixing the logs parsing issue in splun...

by Builder in

splunk hec ingestion of data file

Been struggling for a while on this one. On-prem Splunk Enterprise. v9.1.2, running on CentOS 7.9 -- Just tryi...

by Observer in

Windows universal forwarder localappdata

Hello, I need to monitor log files that are in the following directory('s'): "c:\users\%username%\appdata...

by Explorer in

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

Hello, I'm looking to change our indexing architecture We have dozens of AWS accounts. We use the Splunk AWS app ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Splunk Blacklist inputs.conf for desktopexentsion.exe assistance

Need assistance with a command for application.

Indexer queue sizes

How to Declare ENV Variable in Alert

Not getting data in Edge Processor

INGEST_EVAL for data coming from HEC at indexer layer

Not getting data from universal forwarder (ubuntu)

customize log event to splunk hec

How to merge lines based on timestamps?

Why do variations in sourcetype appear?

Why is different tsidx file's size in same index?

Can't see data coming in from UF to Indexer

Need Help with Group-IB Threat Intel Feeds Integration Issue

how to edit logs to not look like raw text

Monitoring OpenAI usage in Splunk

Time parsing working correctly but not able to see nanoseconds in the results

Can I injest CPU, memory,eventID data in metric index by using SPLUNK app for unix and linux ?

the best way to collect Windows Defender logs?

How to get the diag files with debug files of the UF and the HF?

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

Best way to extract _time from file name and text

Cloud flare TA logs are not getting parsed

splunk hec ingestion of data file

Windows universal forwarder localappdata

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions