Getting Data In

Discussions

Thread Info

LINE_BREAKER- how to add

How to add the LINE_BREAKER in propd .conf for the below events to get it split to different events . Currently these...

by Path Finder in

How can I only display results where a field is in a table returned by another query

I have data in two different applications. I need to get fields from one query to use as filters for another, like th...

by Engager in

Reassign Knowledge Object app

Hi Splunkers, in our Splunk Cloud environment we had 2 need: Reassign knowledge object ownerReassign Knowledge obje...

by Contributor in

Splunk Free- Exporting/Importing Data

Hello, I am looking to use Splunk free edition to teach students about searching through logs. I plan on setting up S...

by Loves-to-Learn in

Get list of active indexes that are ingesting logs

Hello, We have a splunk instance where we have configured security related logs. There are hundreds of indexes crea...

by Explorer in

Onboarding AWS Cloudwatch logs

We followed the steps in https://docs.splunk.com/Documentation/DM/1.8.1/User/AWSAbout to onboard the data from a sing...

by Engager in

Use CLONE_SOURCETYPE only for matching events

Hello, I'm currently trying to convert some mixed-text events into JSON. The log file is made of some pure text log l...

by Path Finder in

A better way to extract JSON?

Hello, I want to get Rspamd logs into Splunk with every info available. The best I could do with Rspamd config yiel...

by Path Finder in

Azure Service Bus

Hello, I have installed the Add on for Microsoft Azure.How can i get data in from Azure Service Bus?

by Engager in

My splunk agent service runs as NT SERVICE/SplunkForwarder user and I want to move it to a local account.

I'm installing Splunk Universal Frowarder using the following command: choco install splunk-universalforwarder --ve...

by Engager in

regex

Can someone help me with these regex on inputs.conf on universal forwarder?For some reason, isn't working. Much appre...

by Path Finder in

IMAP Connect exchange to read email

Anyone figure out how to use Splunk SOAR IMAP app to connect to exchange mailbox ?The goal is to read new email comin...

by Loves-to-Learn in

define input.conf

Hi Splunkers! I would like to know how to define a .evtx file, I had defined in this way, but it didn't wor...

by Contributor in

Get data using python script

Hello, I want to schedule a python script which uses pandas and beautifulsoup4 as librairies. But my splunk does no...

by New Member in

How do i disable forwarding for one sourcetype

Hi, We need to send some security events to an external party. We also need this for our internal use. On my tes...

by Engager in

How to blacklist a host (hosts is sending logs to Splunk via TCP)?

Hello, I have a data input of TCP type, and is associated with an index. I have a request to remove 2 hosts that k...

by New Member in

Configure Splunk to get the aide log file

I am trying to configure Splunk to read the aide.log file, which file(s) do I need to modify in Splunkforwarder to g...

by New Member in

Want to replace column name with today's date

I have a query to display following 3 fields | table pp_user_action_name,Today_Calls,Avg_today i want to replace...

by Explorer in

Open Telemetry Errors in Windows

Getting a ton of these Telemetry errors in Event Log of a windows server with at UF installed. They started a few day...

by Explorer in

How to clean Duplicates from Index?

Hello, We have a use case. Using the Splunk DB Connect, we ingest data from the various systems especially from...

by Engager in

Add a new field in indexing time from data received via HEC

Hi, I am using Splunk 9.0.6, and I configured HEC + Syslog Connector for Splunk for the data ingestion. At the mo...

by Contributor in

Additional fields extraction from json data

I have field CI extracted from json payload {"Name": "zSeries","Severity":5,"Category":"EVENT","SubCategory":"Serv...

by Explorer in

Endpoint data Model Services Hashes, DLLs and executables

Hello Comunity I am trying to identify the following. What would be the best data source/s on Win Systems to gain...

by Communicator in

Handling breaking and field extraction from Header section plus Repeated sections in XML

Hi, We need to forward XML documents from a UF to indexers that have key fields both in a one-time header section an...

by Explorer in

ITSI no services and N/A in tree view

I am very new to ITSI, the operational task is to create a business service in ITSI. I have created a test service ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

LINE_BREAKER- how to add

How can I only display results where a field is in a table returned by another query

Reassign Knowledge Object app

Splunk Free- Exporting/Importing Data

Get list of active indexes that are ingesting logs

Onboarding AWS Cloudwatch logs

Use CLONE_SOURCETYPE only for matching events

A better way to extract JSON?

Azure Service Bus

My splunk agent service runs as NT SERVICE/SplunkForwarder user and I want to move it to a local account.

regex

IMAP Connect exchange to read email

define input.conf

Get data using python script

How do i disable forwarding for one sourcetype

How to blacklist a host (hosts is sending logs to Splunk via TCP)?

Configure Splunk to get the aide log file

Want to replace column name with today's date

Open Telemetry Errors in Windows

How to clean Duplicates from Index?

Add a new field in indexing time from data received via HEC

Additional fields extraction from json data

Endpoint data Model Services Hashes, DLLs and executables

Handling breaking and field extraction from Header section plus Repeated sections in XML

ITSI no services and N/A in tree view

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025 🎉

Getting Data In

Are you a member of the Splunk Community?

Discussions