Getting Data In

Discussions

Thread Info

Use script to format file while uploading

Hi, I have a python script which formats the json file and create a new file in another location. My splunk instance ...

by Builder in

Why am I unable to use token authentication on a universal forwarder

Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder...

by Engager in

Why am I unable to index contents of a text file being monitored by universal forwarder?

Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk For...

by Builder in

How to configure srchFilter for a role to limit the results by indexer?

I have a Splunk Enterprise setup, with a handful of main indexers and their own search head clusters, and a bunch of ...

by Explorer in

Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers?

Hi, I noticed that my io bandwidth is approaching 100% on my servers (though, my overall resources (cpu, mem) are ...

by Champion in

Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder?

Hi, I have a use case to forward Application logs from one universal forwarder server to particular folder of anot...

by Communicator in

What is the best way to handle json data with nested arrays?

I am having some trouble working with JSON events. I use Splunk Enterprise 6.4.1. I'm using KV_MODE=json in my props....

by Contributor in

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermediat...

by Communicator in

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux...

by Explorer in

How do I use syslogNG to replace Splunk TCP or UDP inputs?

This is a question I have the answer to, I'm posting this answer because I spent a number of hours attempting to unde...

by SplunkTrust in

How to log Watchguard into Splunk?

Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monit...

by New Member in

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

I am having trouble with being able to properly line break an event like the following: Here are the props I am u...

by Path Finder in

Importing Year/Month field

I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splu...

by New Member in

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

From indexerA I am trying to forward Windows Event Logs and IIS Logs to indexerB. The Windows Event Logs are being fo...

by Explorer in

Use of double qoutes in rex command arguments fails alerts in windows environment.

Set up an alert with the search command: source="C:\test\data\log1.txt" | rex v="(? .*)" | head 10 the a...

by Splunk Employee in

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Hello, I am trying to only capture EventIDs 400 and 800 inside the Windows PowerShell log (not the PowerShell Ope...

by Contributor in

Indexing problem

I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager v...

by Path Finder in

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Univ...

by Super Champion in

How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf?

Hello all, I've been indexing Infoblox DHCP and DNS queries for a couple of months now. Because of the amount of l...

by Path Finder in

Can I disable Splunk from indexing data for a specific time frame?

I'm one overage away from violating my licenses due to an AV scan on my QA environments and would like to temporarily...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Use script to format file while uploading

Why am I unable to use token authentication on a universal forwarder

Why am I unable to index contents of a text file being monitored by universal forwarder?

How to configure srchFilter for a role to limit the results by indexer?

Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers?

Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder?

What is the best way to handle json data with nested arrays?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

How do I use syslogNG to replace Splunk TCP or UDP inputs?

How to log Watchguard into Splunk?

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

Importing Year/Month field

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

Use of double qoutes in rex command arguments fails alerts in windows environment.

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Indexing problem

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf?

Can I disable Splunk from indexing data for a specific time frame?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Missing Windows "WinEventLog:Security" event log...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...