Getting Data In

Discussions

Thread Info

the best way to collect Windows Defender logs?

Hi, I need to collect the logs from Windows Defender and I was looking for an official app and I couldn't find one....

by Contributor in

How to get the diag files with debug files of the UF and the HF?

Log ingesting intermittently We could not find the path referenced . We have Univerasal forwarder is Windows server a...

by Engager in

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

After upgrade to 9.0 seeing following ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>

by Splunk Employee in

Best way to extract _time from file name and text

Hello to everyone!I have a curious situation:I have log files that I collecting via SplunkUFThis log file does not co...

by Contributor in

Cloud flare TA logs are not getting parsed

Hi,we had deployed cloud flare ta app on one of our sh,could anyone help me in fixing the logs parsing issue in splun...

by Builder in

splunk hec ingestion of data file

Been struggling for a while on this one. On-prem Splunk Enterprise. v9.1.2, running on CentOS 7.9 -- Just tryi...

by Observer in

Windows universal forwarder localappdata

Hello, I need to monitor log files that are in the following directory('s'): "c:\users\%username%\appdata...

by Explorer in

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

Hello, I'm looking to change our indexing architecture We have dozens of AWS accounts. We use the Splunk AWS app ...

by Explorer in

How to add custom log file to splunk universal forwarder?

How to add custom log file to splunk universal forwarder? I have an application which generate the log. I need to ...

by Engager in

UF - WinEventLog Security collection error - GUID translation failure

Hi, We deployed an UF on a Win server 2022 and enabled the [WinEventLog://Security] log collection. The log coll...

by Engager in

Splunk forwarder does not run any script for a period of time

Good morning, Let me tell you about my case. In my company, we have five indexers, one for development and the othe...

by Explorer in

Timezone and Timestamp modification at search/report time?

We have standardized our infrastructure on UTC, but we want to generate reports in PST. Is there a way to specify a t...

by Engager in

Sourcetype - checkpoint -aad :aure

I Am having Hf and it is configured to send data via sourcetype A After sometime it stops sending data to A Then ...

by Engager in

Hidden syslog configuration on heavy forwarders

My organization has a handful of heavy forwarders that were configured to listen to syslog sources through udp://514....

by Explorer in

How to activate forwarder server?

Hi Guys, I am struggling to send data from remote machine to Splunk server. I have tried the steps mentioned in t...

by Explorer in

GPO GUID Resolve

Hi everyone. Is there any way to resolve GPO GUID or SID within Windows Security Logs? For instance, when we change...

by Explorer in

Windows Security Logs not forwarding to Splunk Cloud

Have UFs configured on several Domain Controllers that point to a Heavy Forwarder and that points to Splunk Cloud. Tr...

by Explorer in

How to use heavy forwarder to replace rather than append data.

Hello - Admitted new guy here, I have a heavy forwarder sending data from a MySql database table into Splunk once...

by Engager in

Google Drive Age Monitoring?

Hi, So I’m working on creating an alert in Splunk, but I’m having some issues with setting up the query. The goal o...

by New Member in

Ubuntu not shown up in Forwarder Management

Hello everybody  I'm new here and recently I created this : Ubuntu : splunk serverUbuntu : splunk forwarder...

by Engager in

Adding an Interval to a Monitor Stanza

Is there a way to add an interval setting to define the polling for a flat file? Not sure why it was requested but i ...

by Engager in

Error occurred during trying to delete an Data TCP Input

I have the problem that I can't delete an input filter that I probably formulated incorrectly so that I can take it o...

by Engager in

Create fields for a csv log

Hi, I have ingested an csv file by creating an input on a windows server. But the challenge is the logs are n...

by Engager in

Halp! My data is being rolled to frozen and I don't know why!

I need to know why my data is being rolled to frozen - is it because of time or disk space?

by Splunk Employee in

WinEventLog vs XmlWinEventLog

Good Morning, I am running into an issue where my two newest Server 2022 endpoints have events that are showing up ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

the best way to collect Windows Defender logs?

How to get the diag files with debug files of the UF and the HF?

Why this error after upgrade to 9.0 "ERROR TcpOutputQ [<thread id> TcpOutEloop] - Unexpected event id=<eventid>"?

Best way to extract _time from file name and text

Cloud flare TA logs are not getting parsed

splunk hec ingestion of data file

Windows universal forwarder localappdata

Using INDEX_EVAL Lookup to Route Data to New Index and Sourcetype

How to add custom log file to splunk universal forwarder?

UF - WinEventLog Security collection error - GUID translation failure

Splunk forwarder does not run any script for a period of time

Timezone and Timestamp modification at search/report time?

Sourcetype - checkpoint -aad :aure

Hidden syslog configuration on heavy forwarders

How to activate forwarder server?

GPO GUID Resolve

Windows Security Logs not forwarding to Splunk Cloud

How to use heavy forwarder to replace rather than append data.

Google Drive Age Monitoring?

Ubuntu not shown up in Forwarder Management

Adding an Interval to a Monitor Stanza

Error occurred during trying to delete an Data TCP Input

Create fields for a csv log

Halp! My data is being rolled to frozen and I don't know why!

WinEventLog vs XmlWinEventLog

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions