Getting Data In

Discussions

Thread Info

Is there any repository for sample raw audit logs for various software platforms?

We are planning to procure several software platforms (e.g. Workday, Salesforce, Contact Center CX etc) in the near f...

by Communicator in

How convert time which has time and milliseconds to %Y-%m-%d %H:%M:%S?

How to I convert the following time to 2023-05-18 08:11:522023-05-18T08:11:52.000-07:00

by Communicator in

Onboarding local MS Exchange Server with audit and activity data like O365?

Hi all, i have already integrated O365 using the O365 management API and collecting the user, admin, system, and p...

by Path Finder in

INGEST_EVAL replace changes the visible _raw shown in search results but does not impact license/ingestion?

We have been trying to address a problem that exists between our Splunk deployment and AWS Firehose, namely that Fire...

by Communicator in

Why are users being seen as services accounts at logon?

I am using a virtual server and all users are being seen as service accounts. Which is causing my logon and admin ac...

by Explorer in

How to convert an event into JSON?

[Not really a question, but wanted to document and share with the community...] So, I had a customer that liked ho...

by Path Finder in

Why is field is not extracted properly for Windows event log?

Field is not extracted properly for Windows event log where Ip address mark as "Client IP" Try to extract Field b...

by Loves-to-Learn Everything in

Splunk Cloud: HEC is not receiving data from cribl?

Hello, i need urgent help. I’m connecting cribl to splunk through HEC i’m using the free trial of splunk clou...

by Loves-to-Learn Lots in

Connection error with Splunk HEC data input?

Hello, I'm trying to create a data input as HEC to receive data from cribl. In cribs I created a dest...

by Loves-to-Learn Lots in

How do I effectively filter information?

**I want to preface with the fact that I am a total noob at Splunk, so please bear with me.** I am trying to make ...

by New Member in

How to determine which events came from HEC?

I want to work on cleaning up data quality issues specific to data received on HEC inputs. Various teams send data in...

by Splunk Employee in

The Search Works but the Dashboard is Erroring Out

When I search this on its own it comes up with what I need but when I put it into the Dashboard it comes up with " Aw...

by Explorer in

Splunk forwarder behind a one way data diode. UDP help

Hello, So as a high level overview, I have a raspberry pi 4 that i will use to configure a forwarder to purel...

by Communicator in

Why does linebreaking regex have no capturing groups?

Hi Need help to fix the below error My Props : Sample events:

by Path Finder in

Is it recommended to place external load-balancer between UF and HWF to HA?

Splunk UF does the load balancing for based on frequency/time.Does load balancing on UF works for file-based inputs a...

by Explorer in

What is the most stable version of Splunk presently?

Hello All, Hope you are doing good.. 1. Can anyone please let me know what is the most stable versio...

by Path Finder in

How to monitor missing sourcetypes/hosts?

I was tasked with the job to monitor our endless amounts of sourcetypes and sourcetypes per host to be alerted when o...

by Communicator in

Forwarding raw data to third party systems with Syslog from an HF?

Hi Splunkers, today I'm here not for an issue, or better, not yet, but to "pull all togheter" the components of my...

by Contributor in

How to enable query string authorization on cloud instance?

Hi! I'm trying to set up HEC with my app outgoing webhook. There's no way to pass token in auth header, so I intended...

by Engager in

Why can't Splunk run a scripted input on Windows even though it has full access to that script?

Hi all! My question is, why splunk can't run a scripted input on Windows even though it has full access to that scrip...

by Path Finder in

How to check if an HEC is up or not before posting any data to it?

Hi, I am trying to post data to Splunk using HEC. But before posting I want to check if the endpoint I'm trying to po...

by Engager in

How Can I Get My Splunk Container to Monitor its Host?

Hello all! I am unable to ingest log data from the host on which my docker container resides. Since it is a co...

by Loves-to-Learn in

How to find out if the host is forwarding logs by syslog or UF?

We have multiple devices forwarding the logs to Splunk which syslog mechanism and UF, as it's difficult to identify t...

by Loves-to-Learn Everything in

How do I ignore few keyword contained events at forwarder not to send?

I want to ignore few keyword contained events at forwarder level NOT at indexer. Below are the sample log: to Ignore ...

by Explorer in

How to show customized data in output?

Hi, I've recently started using Splunk logs. I have a query to fetch client IDs who call my APIs. These client IDs ar...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there any repository for sample raw audit logs for various software platforms?

How convert time which has time and milliseconds to %Y-%m-%d %H:%M:%S?

Onboarding local MS Exchange Server with audit and activity data like O365?

INGEST_EVAL replace changes the visible _raw shown in search results but does not impact license/ingestion?

Why are users being seen as services accounts at logon?

How to convert an event into JSON?

Why is field is not extracted properly for Windows event log?

Splunk Cloud: HEC is not receiving data from cribl?

Connection error with Splunk HEC data input?

How do I effectively filter information?

How to determine which events came from HEC?

The Search Works but the Dashboard is Erroring Out

Splunk forwarder behind a one way data diode. UDP help

Why does linebreaking regex have no capturing groups?

Is it recommended to place external load-balancer between UF and HWF to HA?

What is the most stable version of Splunk presently?

How to monitor missing sourcetypes/hosts?

Forwarding raw data to third party systems with Syslog from an HF?

How to enable query string authorization on cloud instance?

Why can't Splunk run a scripted input on Windows even though it has full access to that script?

How to check if an HEC is up or not before posting any data to it?

How Can I Get My Splunk Container to Monitor its Host?

How to find out if the host is forwarding logs by syslog or UF?

How do I ignore few keyword contained events at forwarder not to send?

How to show customized data in output?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures