Getting Data In

Thread Info

Can we upload PPT into Splunk

I have a 5 slide PPT which shows the different recommendations of tools. Can i upload such similar PPT's and generate...

by Explorer in

iso-2022-jp でエンコードされたデータがインデクスされない

iso-2022-jp でエンコードされた電子メールを Splunk で Index しようと props.conf に下記の設定をしました。 [sample_mail] CHARSET = ISO-2022-JP そ...

by Communicator in

How to ignore some data from getting indexed?

Hi, I have this data that I'd like to index 000d6f0004349d51.1: Label: Front Door Manufacturer: SAMSUN...

by Motivator in

Is it recommended to install Universal Forwarder on all Workstations?

Hi Is it the best way to install Universal Forwarders on all Workstations and enable windows security events , Rig...

by Builder in

How to change the host name in inputs.conf on Linux?

I need to change the host name in inputs.conf in Linux, can anyone tell me the Linux commands I need? Also, are there...

by New Member in

Does changing of logs permissions require a forwarder restart?

We lost the read permission on numerous servers. When the permissions were restored, it appears that a forwarder rest...

by Ultra Champion in

Why is my WS_FTP XML Log not parsing correctly?

I am attempting to import a ws_ftp log, but I am having issues parsing the log data. I can either get it to have no f...

by Explorer in

CSV Indexed Extractions in Distributed Environment

Hi, Here is my scenario: UF1-> UF2->HF-> IDX1;IDX2;IDX3 ->SH1 Note: Connections are all good and...

by Communicator in

How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format?

I've seen lots of different solutions for converting time from epoch but I have not come across a solution that works...

by Explorer in

Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature?

Is there a way to forward data collected using [script] to multiple indexers using Splunk's load balancing feature? T...

by Engager in

Universal Forwarder Crash _initCrcLen' failed.

I have a universal forwarder running that picks up bluecoat logs from a directory. Everything works as expected, howe...

by Communicator in

What are good backup strategies for indexer buckets?

What strategies do people use for backups of their buckets? Is there a clean way to identify "new" buckets for a give...

by Path Finder in

Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this?

We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2...

by Contributor in

What is the best way to monitoring too many files in Splunk?

Hello everybody. I have a problem with monitoring multiple files in a Heavy Forwarder. I mounted a folder with ss...

by Communicator in

How to alter data using SEDCMD in props.conf?

We have the DNS debug logs coming onto the indexer. Now each events will have an alpha-numeric pattern for 'domain na...

by Explorer in

Is it possible to assign different timestamps based on log line contents within the same sourcetype?

I am sending "pan:traffic" logs from our Palo Alto 3050 firewall to Splunk. I want the "_time" fields to be the same ...

by Path Finder in

How to configure props/transforms.conf for this data

Hi, I have this data and need to know what I need to configure for props/transforms.conf to parse the data correct...

by Motivator in

How to parse a field that has flat log text and in JSON format?

Need some help here. I have the following event: Feb 14 14:40:01 10.64.61.104 {"protocol": {"protocol": "ip", "app...

by Builder in

How to force Splunk to add additional (local) timestamp to events?

I'd like to have Splunk add an additional (current) timestamp field to the events that I'm sending so that I can comp...

by Engager in

Log pre processing

Hi guys, I defined my source type as follow (in props.conf): [anomalies] DATETIME_CONFIG = FIELD_NAMES = COL1, COL...

by Communicator in

Timestamp from GPS data..

Hi, I get data from source via TCP. Below you can see raw data; 2017-02-13T12:20:18.000Z;d7:86:47:6a:f7:84;so...

by Explorer in

How should I configure the Stream app to have streamfwd not use SSL when connecting to HEC endpoints?

I am trying to use Splunk Stream with the HTTP Event Collector. I have set HEC to not use SSL. In inputs.conf on the ...

by Explorer in

Logging practices for security logging.

I would like to create log messages that would be used for log analysis using Splunk such as checking for occurence o...

by Communicator in

forwarder input and ouput conf priority

i have an universal forwarder that has 2 apps . both the apps have their inputs and outputs. Both the apps are forwar...

by Communicator in

How to monitor remote logs in a centerized heavy forwarder

New to splunk. We have a clustered environment with 100 of serveres involved. Without installing universal forwarder ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can we upload PPT into Splunk

iso-2022-jp でエンコードされたデータがインデクスされない

How to ignore some data from getting indexed?

Is it recommended to install Universal Forwarder on all Workstations?

How to change the host name in inputs.conf on Linux?

Does changing of logs permissions require a forwarder restart?

Why is my WS_FTP XML Log not parsing correctly?

CSV Indexed Extractions in Distributed Environment

How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format?

Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature?

Universal Forwarder Crash _initCrcLen' failed.

What are good backup strategies for indexer buckets?

Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this?

What is the best way to monitoring too many files in Splunk?

How to alter data using SEDCMD in props.conf?

Is it possible to assign different timestamps based on log line contents within the same sourcetype?

How to configure props/transforms.conf for this data

How to parse a field that has flat log text and in JSON format?

How to force Splunk to add additional (local) timestamp to events?

Log pre processing

Timestamp from GPS data..

How should I configure the Stream app to have streamfwd not use SSL when connecting to HEC endpoints?

Logging practices for security logging.

forwarder input and ouput conf priority

How to monitor remote logs in a centerized heavy forwarder

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions