Getting Data In

Discussions

Thread Info

Splunk is truncating the last key/value pair on line if the value contains a space

We are ingesting Aruba CearPass logs. The ClearPass Appliances send their syslog to a syslog server that writes the l...

by Path Finder in

Splunk download corrupted

Splunk windows x64 download file splunk-4.3-115073-x64-release.msi is corrupted. Please upload again. Thanks.

by New Member in

Define custom sourcetype XML

I'm trying to define a custom sourcetype. I have one file with multiple XML files. For example MyFile.xml: <?xm...

by Engager in

How do I override source types in SplunkCloud

I know that I can override source types dynamically per event based on this documentation link here: (docs.splunk.com...

by Explorer in

Fetching data from webpage

Hi All, Is their way to fetch data from the webpage for lookup in splunk search. Please provide if we have any wor...

by Contributor in

How to make sure that the data forwarded is loading in the searchhead/indexer completely?

I have a forwarder installed on a server and I am extracting the data for indexes like Name,Class etc and while extra...

by SplunkTrust in

Splunk ingesting Yara Rules

Can Splunk natively ingest Yara rules? Our goal is to possibly have Splunk grab Yara rules from a directory, and have...

by New Member in

Json parsing - Failed to parse timestamp

I'm trying to parse the following json input. I'm getting the data correctly indexed but I am also getting a warning....

by Engager in

Can we process the timestamp in an event sent to the HTTP event collector?

The HTTP event collector supports an optional timestamp: { "time": "1426279439", "host": "localhost", ...

by Motivator in

How to configure multiple sourcetypes for a single monitored file?

Hi. I have a single very huge file with different formats. So I decided to create 3 different sourcetypes for thi...

by New Member in

How can i split a json array in mutiple events?

Hello Im trying to split a json Array into multiple Events in the props.conf Whats the best way to do this? He...

by New Member in

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Hello, I am using the Optiv Threat Intel app, but my Splunk install is on a different drive. Found one .py file I...

by Communicator in

Where on a Windows machine should I store logs generated from custom scripts for Splunk Universal Forwarder to forward?

Running a log-generating script locally on a Windows machine with a Splunk UF, I am looking for best practices for wh...

by Motivator in

How to monitor multiple source types in same folder

BlackBerry servers have many different .txt log files all created in the one folder. I have a universal forwarder...

by Explorer in

Why do I get "Unable to remove disabled indexes.." when trying to delete an index, but then get "deleted, cannot enable.." when I try to enable it?

Hello, I was having a problem with an index created by an app, so I manually created one as a test. I went to dele...

by Path Finder in

If I POST events to a heavy forwarder using the REST API receivers/simple web service, will the HF be able to parse and forward the data?

If I POST events to a Heavy Forwarder using the receivers/simple web service, will the Forwarder then be able to pars...

by New Member in

Field names in lowercase, transforms.conf

Hi! I have some different sourcetypes defined by me where I'm extracting some of the fields with stanzas in transf...

by Communicator in

How to troubleshoot why I received an alert saying "indexer is not reachable"?

I am pretty new to Splunk. Guess what, the consultant has left and I was supposed to take care of Splunk. I got an al...

by Engager in

Why are my indexers reporting "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX..."?

Anybody find a solution to this? I'm seeing this over lots of indexers! ERROR EAIOutParameters - invalid entry ti...

by Path Finder in

Syntax to update my scheduled search using REST?

I'm trying to update the max_concurrent instances on my scheduled search from the default of 1 to 2. But the REST com...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk is truncating the last key/value pair on line if the value contains a space

Splunk download corrupted

Define custom sourcetype XML

How do I override source types in SplunkCloud

Fetching data from webpage

How to make sure that the data forwarded is loading in the searchhead/indexer completely?

Splunk ingesting Yara Rules

Json parsing - Failed to parse timestamp

Can we process the timestamp in an event sent to the HTTP event collector?

How to configure multiple sourcetypes for a single monitored file?

How can i split a json array in mutiple events?

How to configure the Optiv Threat Intel app on Windows with Splunk on a different drive?

Where on a Windows machine should I store logs generated from custom scripts for Splunk Universal Forwarder to forward?

How to monitor multiple source types in same folder

Why do I get "Unable to remove disabled indexes.." when trying to delete an index, but then get "deleted, cannot enable.." when I try to enable it?

If I POST events to a heavy forwarder using the REST API receivers/simple web service, will the HF be able to parse and forward the data?

Field names in lowercase, transforms.conf

How to troubleshoot why I received an alert saying "indexer is not reachable"?

Why are my indexers reporting "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX..."?

Syntax to update my scheduled search using REST?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?