Getting Data In

Discussions

Thread Info

first Splunk install - cannot get HEC working

I set up a sample VM for myself to test out Splunk configuration. I wanted a stand-alone service just to make sure I ...

by Explorer in

Heavy forwarder

we have indexer , search head and heavy forwarder in a vessel , the heavy forwarder will send the data to a head offi...

by New Member in

Alerts data model

Hi, I'am trying to map alerts for mitre_technique_id from one of my APIs, and I see a strange behaviour from splunk...

by New Member in

Read from inputs.conf file

Hi there, I want to be able to allow a dashboard of my app read the hostname stored in inputs.conf, which is provid...

by Path Finder in

Getting data from dynamodb to Splunk

Hello, what is the best way to get data from dynamoDB to Splunk?

by Explorer in

onboarding azure signin logs to splunk

I want to onboard azure signin logs to my splunk. I installed MS azure add-on for splunk on one HF and completed the ...

by Engager in

Log Ingestion - Custom Log Source

Good morning everyone, I am trying to ingest a log that does not roll over after a new, only when the service t...

by Communicator in

Upload csv file with escaped quotes

Hello together, I have a csv file which looks like this: "Time";"Comment" "15:53:21";"Here stands something...

by New Member in

Monitoring inputs not parsing logs to indexers

Hello Team, As we are parsing logs from Linux machine to Splunk indexer via Splunk Universal Forwarder in Linux mac...

by Path Finder in

Nested if

Hi, In a field status contains two values one is failure and another is success. Where in failure it contains som...

by Engager in

Sourcetype and indexes

Hi I am trying to understand how indexes and sourcetype are defined. Let's say I have an app with a web component a...

by Engager in

Making HTTP get requests with splunk

How can i create a scheduled report that runs every hour and makes GET requests to fetch data from an open source. ...

by Explorer in

Kaspersky EDR Optimum and Kaspersky Sandbox integration with Splunk

Hello, Pls could you provide the integration steps for Kaspersky EDR Optimum and Kaspersky Sandbox with Splunk

by Path Finder in

Backfill Scripted Input Data

I'm running Splunk 8.2.2 in a docker container. I'm using a separate app with a scripted input to get data into Spl...

by Communicator in

how to anonymize and route specific events

I want to anonymize one sourcetype before routing it to 3rd party system with Syslog. what is the proper config for p...

by Path Finder in

Unable to import Windows Event logs

Hi, I'm new to Splunk and was unable to find an answer to this exact question so sorry if it has been asked before or...

by Observer in

How come my forwarders appear frozen and are unable to send data to the indexers?

We have a lot of forwarders, of universal forwarders and heavy forwarders mostly, in version 7.0.x, which are configu...

by Splunk Employee in

useACK problem from UF above version 7.1.4 causing stuck forwarder / stop sending data

Hello, we have problem with useACK, there are known bugs with our UF 7.3.4 : https://docs.splunk.com/Documentation/...

by Motivator in

Source types in /var/log

I would like to retrieve the data in /var/log as correctly as possible. Currently I am simply monitoring the entire...

by Path Finder in

Splunk monitoring Roxio Secure Burn logs

Hello, Roxio Secure Burn stores a history of its burn logs to C:\ProgramData\Roxio Log Files I have a report set up...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

first Splunk install - cannot get HEC working

Heavy forwarder

Alerts data model

Read from inputs.conf file

Getting data from dynamodb to Splunk

onboarding azure signin logs to splunk

Log Ingestion - Custom Log Source

Upload csv file with escaped quotes

Monitoring inputs not parsing logs to indexers

Nested if

Sourcetype and indexes

Making HTTP get requests with splunk

Kaspersky EDR Optimum and Kaspersky Sandbox integration with Splunk

Backfill Scripted Input Data

how to anonymize and route specific events

Unable to import Windows Event logs

How come my forwarders appear frozen and are unable to send data to the indexers?

useACK problem from UF above version 7.1.4 causing stuck forwarder / stop sending data

Source types in /var/log

Splunk monitoring Roxio Secure Burn logs

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

how splunk can detect wineventlog for "remote desk...

Delay in Access Logs from S3

Why is universal forwarder phonehome not interpret...

Why can't I see FortiAP logs?

Why am I having this issue with HEC guid?