Getting Data In

Thread Info

Problem with DC windows Secure logs sending

Hello team! We have a problem with sending data from several Domain Controllers to our splunk instance. We are coll...

by Loves-to-Learn Lots in

How to determine if data sent to HEC came in on Event or Raw endpoint

Is there any way to tell whether data coming into Splunk's HEC was sent to the event or raw endpoint?You can't really...

by Communicator in

add customerID to incoming data (event & metric)

Hello, We have a few hundred hosts and a handful of customers. I have a csv file with serverName,customerID. I've...

by Explorer in

CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel.

Hi All, Has anyone managed to map CrowdStrike Falcon FileVantage (FIM) logs to a Datamodel; if so could you share y...

by Contributor in

Palo alto Strata logging service logs

Hi, I have onboarded palo-alto ...

by Observer in

Why is linecount 2 when it's clearly 1?

For multiple sourcetypes, linecount is 2, while clearly, it should be 1. Has anybody encountered this case?

by Motivator in

Filter/modify data prior to ingestion?

Not sure this is even possible, but I'll ask anyway... I have application(s) that are sending JSON data into Splunk...

by Loves-to-Learn Lots in

Unable to view value from events

Hi, Unsure what is the root cause as i was trying to do some minor adjustment to ignore the [ ] at the transforms.c...

by Path Finder in

How to avoid indexing events twice

Hi, I'm facing an issue where the same data gets indexed multiple times every time the JSON file is pulled from the...

by Path Finder in

User Disable

In earlier versions of splunk i remember there use to be an option to disable active user and it will then show as st...

by Engager in

Typo3 logs to Splunk

Hi, I need recommendations on typo3 logs source type. Be default, I set source type as "typo3" in inputs.conf but...

by Path Finder in

How to split a json array into multiple events?

I'm looking for a way to split a JSON array into multiple events, but it keeps getting indexed as a single event. I...

by Path Finder in

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Hi Community, I'm trying to extract search results using REST API and I'm facing the following problem. 1. I'm using...

by Path Finder in

Edge Processor Destination not showing up in Pipeline

I've been writing new pipelines to my Edge Processors when I discovered that no destination values are showing up for...

by Observer in

How can we determine the overall percentage of memory utilization on a Windows server?

I've read through some of the Splunk documentation and previously one of my colleagues already configured the "Window...

by Loves-to-Learn in

HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ?

We have 40 dc server sending logs to onprem indexers but i see on Deployment server i can see only on App which has o...

by Engager in

Why are we missing Windows "WinEventLog:Security" event logs?

I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se...

by Communicator in

How to parse timestamp which is in epoch and assign it to the same field timestamp

Hello All, I have log file which has the following content in json format, I would like to parse the timestamp and ...

by Loves-to-Learn Lots in

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

As we have recently enabled various audit settings on our domain, we now have 4662 events being generated on the DCs....

by Engager in

ITSI Glass Table

Hello Experts, In Splunk ITSI, we’re able to see the alerts in the Alerts table, but those alerts are not being ref...

by New Member in

Trimming data and sending it through Cribl and Datadog

So the title is pretty self explanatory. I have been approached and requested to trim logs. I had initially installed...

by Communicator in

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Based on the article provided below we have updated our Atlassian settings to pull the Bitbucket logs into our Audit ...

by Contributor in

Routing Sourcetype

We are collecting the sourtype of the data we are currently receiving by changing it as follows. [A_syslog]TRANSFOR...

by Explorer in

HEC configuration for AWS logs

We have a architecture of 3 site multi cluster which contains 6 indexers (2 in each site), 3 search heads (one in eac...

by Communicator in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Problem with DC windows Secure logs sending

How to determine if data sent to HEC came in on Event or Raw endpoint

add customerID to incoming data (event & metric)

CIM mapping CrowdStrike Falcon FileVantage (FIM) logs to a daamodel.

Palo alto Strata logging service logs

Why is linecount 2 when it's clearly 1?

Filter/modify data prior to ingestion?

Unable to view value from events

How to avoid indexing events twice

User Disable

Typo3 logs to Splunk

How to split a json array into multiple events?

Inconsistency between search results between Splunk UI and Rest API & REST API itself

Edge Processor Destination not showing up in Pipeline

How can we determine the overall percentage of memory utilization on a Windows server?

HI Team, We have 40 dc server and sending logs to UF->HF->idx but need to understand how data is flowing ?

Why are we missing Windows "WinEventLog:Security" event logs?

How to parse timestamp which is in epoch and assign it to the same field timestamp

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

ITSI Glass Table

Trimming data and sending it through Cribl and Datadog

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Routing Sourcetype

HEC configuration for AWS logs

Ask Questions, Get Help about Data Manager for Splunk Cloud

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions