Getting Data In

Ask a Question

Discussions

Thread Info

How to edit inputs.conf to prevent WinNetMon from using up all my license?

I enabled WinNetMon and need to throttle it back. Here is my inputs.conf: ###### Network monitoring ###### [WinNet...

by Builder in

How do I resolve the error: The lookup file could not be saved

I am trying to save a lookup file in the Splunk App for lookup file editing and I get the error: The lookup file cou...

by Path Finder in

Map fields to sourcetype

Hi All, I need help building a SPL that would return all available fields mapped to their sourcetypes/source L...

by Communicator in

How to monitor application services

Hi All, we have some process related service like application services running in windows, how can i get those stat...

by Path Finder in

Why is my powershell script for input-stanza not working?

Hi community! I've tried and exhausted all my brain cells but I still couldn't make this work. Any ideas? Below is ...

by Builder in

sending specific events to nullqueue using props & transforms

I am trying to setup props & transforms to send DEBUG events to null queuei tried below regex but that doesnt seem to...

by Explorer in

Data Models CIM compliance how to indetify data sources needed for the Data Sets individual fields

Hi All, trying to identify what data source/sourcetype is needed for each individual field while performing Data Mode...

by Communicator in

Data onboarding, splunk-server field massing up the whole data

can someone help me with this issue where splunk is reading the file, but 'adding' a information that is NOT in the o...

by Path Finder in

Line breaker

Hi Team, my requirement is write request is one event and Change Item into another event, please help me how to...

by Loves-to-Learn Everything in

transforms.conf conditional statement for INGEST_EVAL

I am attempting to setup an INGEST_EVAL for the _time field. My goal is to check if the _time field is in the future ...

by Explorer in

Currently not seeing any eve.json data coming from the suricata box to the Splunk server

[monitor:///var/log/suricata/eve.json] disabled=true sourcetype= suricata index = suricata Currently not seeing...

by Engager in

Query that lists systems that are using default passwords.

I am looking for a query that can help me list or audit systems that are using default passwords or any other method ...

by Path Finder in

How to troubleshoot "SSL Validation Failed for <VPC S3 Private Endpoint>" in Splunk AWS Add-on?

While configuring an S3 input in the Splunk Add-on for AWS, I received an error message stating that "SSL Validation ...

by Communicator in

Is Splunk Universal Forwarder compatible with Amazon Linux?

by Explorer in

Kafka-connect-Splunk: Issue in SetUp Connection in Confluent

Hi Team, I am trying to create a topic manually using Confluent Control Center (localhost:9021) and then using Conn...

by New Member in

No fields or timestamps extracted when indexing TSV from S3 bucket

I have a standalone Splunk Enterprise (not Splunk Cloud) set up to work with some log data that is stored in an AWS S...

by Path Finder in

require(['splunkjs/mvc'], function() { ... } gives me "require is not defined" Javascript error (SE 9.1.1)

In a modified search_mrsparkle/templates/pages/base.html, we have a <script> tag inserted just before the </body> ta...

by Explorer in

parsing logs from logstash

at all, I have to parse logs extracted from logstash. I'm receiving logstash logs and they are in json format and...

by SplunkTrust in

Syslog

I have been tasked with cleaning up the catchall directory in the syslog directory of our Heavy Forwarders. The path ...

by Engager in

We have installed a Universal forwarder on one of our servers, Can we add another instance of Splunk and use it as a deployment server too?

We have a server where we have universal forwarder, and I am planning to install a splunk enterprise version so that ...

by Explorer in

How to filter events from Eventlog?

We are using the Splunk Universal Forwarder on Windows servers to capture event viewer logs into Splunk. We have a k...

by New Member in

Monitor Windows event log via WMI to splunk

Hi, Is it possible to monitor Windows event log via WMI to splunk instead of using Universal Forwarder? if yes, h...

by Path Finder in

2 of my indexer are configured but inactive state is showing . The data is not going to ingest in 2 indexers.

Two of my indexer is not working they are not receiving data from Universal forwarder.when i run the command ./splunk...

by Loves-to-Learn Lots in

Is splunk-appinspect package broken?

I do a local splunk-appinspect on packages before uploading them to Splunk Cloud.Each jenkins run will 'pip install s...

by New Member in

Splunk UF cant forward data to HF

Hi, ii had recently install UF v9.0.5 on our windows hosts to send logs to a heavy forwarder, and is getting below ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to edit inputs.conf to prevent WinNetMon from using up all my license?

How do I resolve the error: The lookup file could not be saved

Map fields to sourcetype

How to monitor application services

Why is my powershell script for input-stanza not working?

sending specific events to nullqueue using props & transforms

Data Models CIM compliance how to indetify data sources needed for the Data Sets individual fields

Data onboarding, splunk-server field massing up the whole data

Line breaker

transforms.conf conditional statement for INGEST_EVAL

Currently not seeing any eve.json data coming from the suricata box to the Splunk server

Query that lists systems that are using default passwords.

How to troubleshoot "SSL Validation Failed for <VPC S3 Private Endpoint>" in Splunk AWS Add-on?

Is Splunk Universal Forwarder compatible with Amazon Linux?

Kafka-connect-Splunk: Issue in SetUp Connection in Confluent

No fields or timestamps extracted when indexing TSV from S3 bucket

require(['splunkjs/mvc'], function() { ... } gives me "require is not defined" Javascript error (SE 9.1.1)

parsing logs from logstash

Syslog

We have installed a Universal forwarder on one of our servers, Can we add another instance of Splunk and use it as a deployment server too?

How to filter events from Eventlog?

Monitor Windows event log via WMI to splunk

2 of my indexer are configured but inactive state is showing . The data is not going to ingest in 2 indexers.

Is splunk-appinspect package broken?

Splunk UF cant forward data to HF

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions