Getting Data In

Discussions

Thread Info

What is the best practice for forwarding events to splunk cloud?

In a typical splunk cloud environment do logs get forwarded from onprem directly to the cloud indexer or is best prac...

by Explorer in

configured the Home Monitor app - only firewall statiscics. No bandwidth data

I'm able to push my syslog info from my asus (RT-AC88U) to a splunk server running Ubuntu 18.04 in my network. I rece...

by New Member in

Problem with scripted alert

Hello plp, I am making an alert, that export a csv , the problem here is when this .csv is exported, only have rw...

by Engager in

Can some one explain what are aggregation issues?

we on-boarded an application recently, Now we are seeing there are 100K aggregation issues(Log level= WARN) and 30k t...

by Path Finder in

Is this a correct way to measure AWS CloudTrail ingest lag?

Using the following search, I'm seeing AWS CloudTrail ingest lag between 4 and 9 hours. index=ibpaws sourcetype=aw...

by Explorer in

How to setup splunk on home wireless network?

I want to learn splunk. How can I setup splunk on my home WiFi network to learn and practice? I have Verizon route...

by Explorer in

need to consider special format in csv as same field value

Is there a way to let splunk know when ever the format like "32770": ALLREQ:2 | CTFLAG(32768) keep it as a single fie...

by Explorer in

I noticed script alert action is officially deprecated. No easy way to setup a script triggered by log keyword?

The run a script alert action is officially deprecated. Create a custom alert action to package a custom script inste...

by Engager in

Multi field combination for JSON file question

I'm totally new to splunk, I have this JSON file already indexed: {"EventType":2,"EventData":{"Values":[{"Status":...

by New Member in

Forward raw syslog to third party server from Splunk Enterprise instance

Hi, I have an all in one splunk enterprise environment with only Universal Forwarders. My requirement is to send a...

by New Member in

JSON file event breaking parsing on universal forwarder

I have a JSON file. Once I upload the file on the search head using the below stanza in props.conf it's indexed prop...

by Path Finder in

issue with Splunk batch input

Hello All, I am ingesting compressed(.gz) log files into Splunk by putting it in $SPLUNK_HOME/var/spool/splunk fol...

by New Member in

web gateway filter activity to urls

i have 117 sites listed from homeland security. i need to check if any of our machine have visited them. We have McAf...

by New Member in

What are the pros and cons of running thousands of UFs as root

We have thousands of UFs running as Unix root and we have discussions whether to keep it like that or run the UFs as ...

by Motivator in

Unable to initialize modular input "WinEventLog" after server restart

Having this intermittent problem with UF on multiple servers where it occasionally fails to start up the WinEventLog ...

by Explorer in

How to group multiple machines and user session time into a readable chart

Hi all! I am currently working on a dashboard metrics project that involves me attempting to create a dashboard pa...

by New Member in

Service item.update causes modular input to restart

In my modular input I want to update a configuration setting between runs so I don't poll for the same data again and...

by New Member in

Help with converting epoch to human readable at index time

I have json format data with a field called uploadDate .This has values like /Date(1584037059228)/ , /Date(1584033289...

by Builder in

How to send a specific index from one indexer to another without a heavy forwarder

So we have a client system that has their own Splunk indexer. For certain reasons they do not want their splunk univ...

by Explorer in

How to assign "source" during a search after a conditional statement?

I am creating a dashboard to show all Linux command line history per user and I would like to create an input where y...

by Path Finder in

Getting Data In

Discussions

What is the best practice for forwarding events to splunk cloud?

configured the Home Monitor app - only firewall statiscics. No bandwidth data

Problem with scripted alert

Can some one explain what are aggregation issues?

Is this a correct way to measure AWS CloudTrail ingest lag?

How to setup splunk on home wireless network?

need to consider special format in csv as same field value

I noticed script alert action is officially deprecated. No easy way to setup a script triggered by log keyword?

Multi field combination for JSON file question

Forward raw syslog to third party server from Splunk Enterprise instance

JSON file event breaking parsing on universal forwarder

issue with Splunk batch input

web gateway filter activity to urls

What are the pros and cons of running thousands of UFs as root

Unable to initialize modular input "WinEventLog" after server restart

How to group multiple machines and user session time into a readable chart

Service item.update causes modular input to restart

Help with converting epoch to human readable at index time

How to send a specific index from one indexer to another without a heavy forwarder

How to assign "source" during a search after a conditional statement?

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure

How to match join on certain conditions within the...

Prevent duplicates from generic S3 input