Getting Data In

Thread Info

Find HEC inputs

How to find endpoints of our Splunk instance

by New Member in

Help in Splunk query urgent plz - merge results in 2 deferent source and same index csv files

Dears, Need assistance with a Splunk query to retrieve data from two sources: source X and source Y. I want to matc...

by Explorer in

How to add BOM to alert attached CSV file?

Hi experts, One of my customer wants to add UTF-8 BOM info to CSV files which are attached to email alerts. In cas...

by Splunk Employee in

we need to setup alert for montoring java processes

we need to set up an alert if a server no java process for 15mins, only one alert was sent until the issue was solved...

by Explorer in

Integration of Backbase (Fintech) with Splunk for logging and monitoring

Hello community members, Has anyone successfully integrated the Backbase fintech product with Splunk for logging an...

by Explorer in

Can anyone share details on how to monitor BackBase (https://backbase.com/) with Splunk?

Can anyone share details on how to monitor BackBase (https://backbase.com/) with Splunk? What are you doing today and...

by Splunk Employee in

HEC timestamp parsing

Hello there. I noticed lately (in a kinda painful way ) that if the time field is present in json sent to a HE...

by SplunkTrust in

Host with Splunk Universal Forwarder not forwarding to Splunk Cloud

Hi! We have been installing Splunk Universal Forwarder on different servers in the on-prem environment of the c...

by Engager in

How to optimize alerts for changes made to the Administrators group in "MF Local Admin Group Member Changes"

Hello, One of our MF Local Administrative Group Member rule is generating a significant number of alerts because sc...

by Builder in

How can I automate the downloading of universal forwarder?

Everything I am reading is that to download via wget, cURL, etc, that you have to specify the full path that contains...

by Explorer in

Can I have multiple specs (host, source, sourcetype) in props.conf?

In props.conf, I see you can have the spec as host, source, sourcetype etc. Can you combine them? Can I have host AND...

by Path Finder in

forwarding logs to a gcp bucket

Hi, I am trying to to forward logs from a heavy forwarder to a gcp bucket using the outputs.conf, but it has been ...

by Engager in

Palo Alto App not doing sourcetype transform

Hello I have data being sent from Palo Alto to our syslog server. I have set it up following the guide here: https...

by Explorer in

HEC HttpInputAckService pending queries

Hello, We set HEC http input for several flows of data and related tokens, and we added ACK feature to this config...

by Explorer in

orig_time field missing from the windows event logs

Hi, Has anyone else encountered a situation where the 'orig_time' field isn't showing up in the Windows event logs ...

by Builder in

How to monitor and index actively?

Hi, I have problem with my Splunk indexing. I found an index haven't been running and updated for 2 days. But it h...

by Path Finder in

Getting Error while upload CSV : "Encountered the following error while trying to save: File has no line endings"

While I'm trying to upload my csv file as lookup, encountering the error like - "Encountered the following error whi...

by Path Finder in

Powershell Script to Poll for IIS AppPool consuming large amount of memory- is there a better way?

Our application developers were looking to poll the service states of their IIS Application Pools. This would be jus...

by Explorer in

AWS Logs via Lamda to HF drop preceding key from fieldname

Hello, I've got a Lamda function exporting AWS logs via HEC to my HF's to my indexers.Unfortunately, the AWS logs are...

by Explorer in

Set a user timezone through REST API

Is there a way to set another user's timezone from the REST API? My user account with edit_user capability cannot cha...

by Path Finder in

Indexqueue blocked on Heavy Forwarder

I know there are similar posts about this, but I am not sure on what to do or tweak here. Messages I am getting are...

by Path Finder in

deployment-app controlled outputs.conf not working

Hello, I have a standalone Splunk Enterprise system (version 9.x) with 10 UFs reporting (Splunk Enterprise and the ...

by Path Finder in

How to troubleshoot why my PowerShell scripted input is not being run?

I've set up a new scripted input using powershell as follows: Inputs.conf: [script://$SPLUNK_HOME\bin\scripts\R...

by New Member in

Splunk Blacklist DesktopExtension.exe addition inputs.conf

Hello all, I am trying to blacklist this app that is generating a ton of Windows Event logs; till I find what app i...

by Engager in

Only first line from logfile is logged.

Hi. We are seeing weird behaviour on one of our universal forwarders. We have been sending logs from this forwarder...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Find HEC inputs

Help in Splunk query urgent plz - merge results in 2 deferent source and same index csv files

How to add BOM to alert attached CSV file?

we need to setup alert for montoring java processes

Integration of Backbase (Fintech) with Splunk for logging and monitoring

Can anyone share details on how to monitor BackBase (https://backbase.com/) with Splunk?

HEC timestamp parsing

Host with Splunk Universal Forwarder not forwarding to Splunk Cloud

How to optimize alerts for changes made to the Administrators group in "MF Local Admin Group Member Changes"

How can I automate the downloading of universal forwarder?

Can I have multiple specs (host, source, sourcetype) in props.conf?

forwarding logs to a gcp bucket

Palo Alto App not doing sourcetype transform

HEC HttpInputAckService pending queries

orig_time field missing from the windows event logs

How to monitor and index actively?

Getting Error while upload CSV : "Encountered the following error while trying to save: File has no line endings"

Powershell Script to Poll for IIS AppPool consuming large amount of memory- is there a better way?

AWS Logs via Lamda to HF drop preceding key from fieldname

Set a user timezone through REST API

Indexqueue blocked on Heavy Forwarder

deployment-app controlled outputs.conf not working

How to troubleshoot why my PowerShell scripted input is not being run?

Splunk Blacklist DesktopExtension.exe addition inputs.conf

Only first line from logfile is logged.

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions