Getting Data In

Ask a Question

Discussions

Thread Info

External LB

Hi Team, We have the current infrastructure : UF -> HF -> Indexers Now, the question here is can we set up exte...

by Explorer in

output queues to get filled

Hi folks, What are reasons for my output queues to get filled???? I have my HF on azure cloud.It was working ...

by Path Finder in

Ingesting offline Windows Event logs from different systems

I am trying to use a Universal Forwarder to get a load of windows event logs that I need to analyse into Splunk. The ...

by Engager in

How to Trigger Time is different than Notable time?

I have Splunk on v9.0.1 and ES on v7.0.1, the issue am facing for the notable alerts is that some of the alerts have ...

by Communicator in

Properly index json files with events as elements of an array (at the example of Cloudtrail)

I would like to manually import AWS Cloudtrail logs which were stored as GZipped JSON Files on S3. Those files reside...

by Explorer in

Sample log formats for standard log4j sourcetype?

Hello, could you provide sample log formats for log4j sourcetype? Is it covered by Splunk addon for Tomcat? ...

by Motivator in

How to get list of buckets which are having issues in replicating, from API and CLI?

When my splunk multi-site indexer cluster comes up, I have some buckets belonging to _audit and _internal which are h...

by Explorer in

Why are events using the wrong 'host' value?

I have configured a Splunk HF with the following inputs.conf stanzas (details changed) for two new device logs. Note ...

by Explorer in

How to use Splunk to monitor print jobs?

Right now, we have Splunk setup to monitor Print Jobs. However, the print title in Event Viewer simply shows up as "D...

by Engager in

How can I calculate session duration?

I wanted to know how I can calculate the average daily duration of the sessions

by Explorer in

How to parse json related log file during index time?

Hi, I need help with parsing below data that is pulled from a python script. The data is pushed to system output a...

by Loves-to-Learn in

Time zone config not working as expected

Hello,I'm trying to configure an ingestion of logs that are in UTC time.We are in Geneva and timezone is Europe/Zuric...

by Path Finder in

Why am I receiving unwanted HB (Heartbeat ?) logs from my Heavy Forwarder?

Hello Splunkers, Here is my use-case : I am cloning some events that arrive to my Heavy Forwarder and then forward...

by Contributor in

What app do we use for Linux servers monitoring?

We are looking for way to monitor commands/scripts executed from Linux specific server Is there any available a...

by Contributor in

Wha is the scripted input duplicate value?

all fields duplicated which are coming in scripted input output. like below category message priority tim...

by Explorer in

Can we have Splunk UF on Splunk Indexer to forward Audit logs?

We have a requirement to send audit logs from Splunk to Another tool for security purpose. asked to install the UF on...

by New Member in

How to selectively monitor paths for hosts that contain same type of paths

Hello Experts, I need help in resolving one of the issue that I am facing while trying to discard events that below...

by Explorer in

Windows logs collection with WMI arrive with delay?

Hi Splunkers, for our customer we collect log from Windows systems. The main configuration details are: Logs go...

by Contributor in

Is it possible to dump / drop data that is currently in queue?

Production had a bug. One of the results of that bug was massive "over logging" of production nodes and those logs w...

by Explorer in

Log duplicates single event in log file hundreds of times

Hi Folks, We have a complaint from stakeholders that they are seeing duplicate events in Splunk. they shared few ex...

by Explorer in

Indexers outage - What can I do to troubleshoot?

Hello Splunkers, I am facing a problem with my indexers that are not able to index anymore. Neither the data forwarde...

by Contributor in

Splunk TA Cloud Services authentication error Cisco Umbrella user?

Hello,does anyone here have an idea why cisco cloud security umbrella addon is interfering the authentication within ...

by Influencer in

Heavy forwarder logs - Splunk Cloud & Test Indexers

Hi Team, I wanted to forward my logs from heavy forwarder to Splunk Cloud and the same logs should forward to my te...

by Path Finder in

Deployment server connection to License Master

Hi team, I have a question related to Deployment server Connection to License master. My deployment server is con...

by Path Finder in

Date Format is not recognized

The Logs I am tring to onboard in Splunk have the following time format, "YY.MM.DD HH:MM:SS" so I made a props.conf ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

External LB

output queues to get filled

Ingesting offline Windows Event logs from different systems

How to Trigger Time is different than Notable time?

Properly index json files with events as elements of an array (at the example of Cloudtrail)

Sample log formats for standard log4j sourcetype?

How to get list of buckets which are having issues in replicating, from API and CLI?

Why are events using the wrong 'host' value?

How to use Splunk to monitor print jobs?

How can I calculate session duration?

How to parse json related log file during index time?

Time zone config not working as expected

Why am I receiving unwanted HB (Heartbeat ?) logs from my Heavy Forwarder?

What app do we use for Linux servers monitoring?

Wha is the scripted input duplicate value?

Can we have Splunk UF on Splunk Indexer to forward Audit logs?

How to selectively monitor paths for hosts that contain same type of paths

Windows logs collection with WMI arrive with delay?

Is it possible to dump / drop data that is currently in queue?

Log duplicates single event in log file hundreds of times

Indexers outage - What can I do to troubleshoot?

Splunk TA Cloud Services authentication error Cisco Umbrella user?

Heavy forwarder logs - Splunk Cloud & Test Indexers

Deployment server connection to License Master

Date Format is not recognized

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures