Getting Data In

Discussions

Thread Info

How to edit inputs.conf to blacklist an eventcode?

I have the following inputs.conf stanza: [WinEventLog://Security]  disabled=0  current_only=1  blackli...

by New Member in

Splunk closing TCP port 9997 (forwarder port)

I upgraded to 4.3.3 on an indexer that never had any problems before this point in time and now the indexer is droppi...

by Path Finder in

Is it possible for a universal forwarder to inject additional data into existing log stream?

I have several universal forwarders (UF) monitoring files on both Windows and Linux endpoints. I would like to "injec...

by Engager in

Is there a way to configure the Universal Forwarder to prevent duplicate events due to a log file that regenerates?

I am using the universal forwarder to index a log file that regenerates every time that a new row is added. In other ...

by New Member in

Forcepoint Proxy syslogs - Parsing questions

we're getting the syslogs exports from our Forcepoint appliances, using their standardised SIEM integration. The form...

by Path Finder in

How to write a monitor stanza in inputs.conf to monitor a file in splunk ?

Hi All, Can anyone guide us on how to create an input stanza to monitor a files through splunk. Need to monitor logs ...

by Motivator in

How to exclude logs ingesting during index time

In our IIS logs, we are getting thousands of lines like below which is of no use in ingesting into Splunk. So want to...

by Path Finder in

Universal Forwarder and forward-compatibility

In our zest to upgrade our Universal Forwarders (UF) , we have seemed to inadvertently upgrade to a version newer tha...

by Contributor in

Top-Level Domain Extraction (from URLs)

So I've searched and searched and can't find a regex that quite fits what I want to do...What I'd like to do is extra...

by Explorer in

How to fix error "Invalid key in stanza" in props.conf?

Hi, I am getting the below error. Please help me debug. Invalid key in stanza [app:BKR:PerfRest] in /opt/s...

by Path Finder in

How to remove a specific string from an events in splunk ?

Hi All, currently we are facing an issue in removing a specific values from the event list starting with the word "at...

by Motivator in

Filtering on keywords with exceptions

Hi, I am trying to figure out if there is an easy way to filter based on a word and its negative-form. For example...

by New Member in

How to index data using Rest API in splunk?

HI I have a below curl command, What is the best way to ingest data into Splunk? curl -u "abc:123" -H "X-Requested...

by Builder in

Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

How would I resolve an issue like this? There appears to be ample disk space on the server hosting the Splunk install...

by Engager in

How to filter out Windows Event Logs that have passwords sent in cleartext?

Hello Splunkers, In my environment, we currently send C:\windows\system32\winevt\Logs*.evtx on our windows servers...

by Path Finder in

True-Client-IP=[12.34.56.78]

All, I have some header information coming through like so True-Client-IP=[12.34.56.78] I'd like to correct th...

by Builder in

Received fatal SSL3 alert

I am unable to connect to my Indexer ClusterMaster on Cloud on Port 8000. On checking splunkd.log, i can observe ...

by Contributor in

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Running 6.5.0. Attempting to use a Heavy Forwarder to forward a subset of cisco:ASA events to Splunk indexers, wh...

by Engager in

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

I have a Universal Forwarder (UF) that I'd like to send out both compressed and uncompressed data streams to a single...

by New Member in

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

Hi, I used to periodically query the REST API using the search app in Splunk Web, something like so: | rest /se...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to edit inputs.conf to blacklist an eventcode?

Splunk closing TCP port 9997 (forwarder port)

Is it possible for a universal forwarder to inject additional data into existing log stream?

Is there a way to configure the Universal Forwarder to prevent duplicate events due to a log file that regenerates?

Forcepoint Proxy syslogs - Parsing questions

How to write a monitor stanza in inputs.conf to monitor a file in splunk ?

How to exclude logs ingesting during index time

Universal Forwarder and forward-compatibility

Top-Level Domain Extraction (from URLs)

How to fix error "Invalid key in stanza" in props.conf?

How to remove a specific string from an events in splunk ?

Filtering on keywords with exceptions

How to index data using Rest API in splunk?

Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

How to filter out Windows Event Logs that have passwords sent in cleartext?

True-Client-IP=[12.34.56.78]

Received fatal SSL3 alert

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Issue filtering events with regex and props.conf

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...