Getting Data In

Discussions

Thread Info

How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format?

I've seen lots of different solutions for converting time from epoch but I have not come across a solution that works...

by Explorer in

Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature?

Is there a way to forward data collected using [script] to multiple indexers using Splunk's load balancing feature? T...

by Engager in

Universal Forwarder Crash _initCrcLen' failed.

I have a universal forwarder running that picks up bluecoat logs from a directory. Everything works as expected, howe...

by Communicator in

What are good backup strategies for indexer buckets?

What strategies do people use for backups of their buckets? Is there a clean way to identify "new" buckets for a give...

by Path Finder in

Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this?

We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2...

by Contributor in

What is the best way to monitoring too many files in Splunk?

Hello everybody. I have a problem with monitoring multiple files in a Heavy Forwarder. I mounted a folder with ss...

by Communicator in

How to alter data using SEDCMD in props.conf?

We have the DNS debug logs coming onto the indexer. Now each events will have an alpha-numeric pattern for 'domain na...

by Explorer in

Is it possible to assign different timestamps based on log line contents within the same sourcetype?

I am sending "pan:traffic" logs from our Palo Alto 3050 firewall to Splunk. I want the "_time" fields to be the same ...

by Path Finder in

How to configure props/transforms.conf for this data

Hi, I have this data and need to know what I need to configure for props/transforms.conf to parse the data correct...

by Motivator in

How to parse a field that has flat log text and in JSON format?

Need some help here. I have the following event: Feb 14 14:40:01 10.64.61.104 {"protocol": {"protocol": "ip", "app...

by Builder in

How to force Splunk to add additional (local) timestamp to events?

I'd like to have Splunk add an additional (current) timestamp field to the events that I'm sending so that I can comp...

by Engager in

Log pre processing

Hi guys, I defined my source type as follow (in props.conf): [anomalies] DATETIME_CONFIG = FIELD_NAMES = COL1, COL...

by Communicator in

Timestamp from GPS data..

Hi, I get data from source via TCP. Below you can see raw data; 2017-02-13T12:20:18.000Z;d7:86:47:6a:f7:84;so...

by Explorer in

How should I configure the Stream app to have streamfwd not use SSL when connecting to HEC endpoints?

I am trying to use Splunk Stream with the HTTP Event Collector. I have set HEC to not use SSL. In inputs.conf on the ...

by Explorer in

Logging practices for security logging.

I would like to create log messages that would be used for log analysis using Splunk such as checking for occurence o...

by Communicator in

forwarder input and ouput conf priority

i have an universal forwarder that has 2 apps . both the apps have their inputs and outputs. Both the apps are forwar...

by Communicator in

How to monitor remote logs in a centerized heavy forwarder

New to splunk. We have a clustered environment with 100 of serveres involved. Without installing universal forwarder ...

by Path Finder in

How to change the font size

I have a row to display the test time, it showed huge font for the time displayed (while the label before it is small...

by New Member in

Why are Search Filters not being applied in scripted authentication?

Using Splunk Enterprise 6.4.1. I am attempting to use scripted authentication to apply search filters to my users. I ...

by Contributor in

Sourcetype won't split on monitored file after changing transforms.conf and props.conf.

I am testing splitting sourcetypes for a one time indexed file on my test box. All time formats are parsed correctly ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format?

Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature?

Universal Forwarder Crash _initCrcLen' failed.

What are good backup strategies for indexer buckets?

Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this?

What is the best way to monitoring too many files in Splunk?

How to alter data using SEDCMD in props.conf?

Is it possible to assign different timestamps based on log line contents within the same sourcetype?

How to configure props/transforms.conf for this data

How to parse a field that has flat log text and in JSON format?

How to force Splunk to add additional (local) timestamp to events?

Log pre processing

Timestamp from GPS data..

How should I configure the Stream app to have streamfwd not use SSL when connecting to HEC endpoints?

Logging practices for security logging.

forwarder input and ouput conf priority

How to monitor remote logs in a centerized heavy forwarder

How to change the font size

Why are Search Filters not being applied in scripted authentication?

Sourcetype won't split on monitored file after changing transforms.conf and props.conf.

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...