Getting Data In

Discussions

Thread Info

How to configure the forwarding of Microsoft Windows Print Server logs?

Hi Guys, I have installed universal forwarder on Print server, Windows Server 2012 R2 and configured the receiver IP ...

by New Member in

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline?

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline? F...

by New Member in

Why are events with equal timestamps merged into one event?

I have a few files in which the log events happen to not be in chronological order. Specifically, an event with sa...

by Path Finder in

How to remove logs from specific sourcetype being indexed?

Hi Everyone, Im trying to stop the following index from being indexed into Splunk using the props/transforms confs...

by Path Finder in

Can a Heavy-Forwarder just raw forward and not parsing?

Hi all. Like the subject, can i tell an HF not to PARSE the events, just do a banal tcp forwarding of the raw data...

by Contributor in

How to send aws eventbridge events to a specific index on splunk cloud

We have been trying to ingest aws eventbridge events to splunk cloud using API destination partners provided by aws b...

by New Member in

Does the data flow through those same queues at the indexer?

If an HF is used for a intermediate / aggregation tier and the data is parsed, what does the ingestion pipeline look...

by Path Finder in

Why does UF still require clientCert when requireClientCert is already disable in indexer?

Hello Splunkers, I would like to understand why a cert is need for the UF, when indexer already has requireClientCert...

by Explorer in

How to forward an index to another Splunk instance (n00b)?

I found this Index and Forward data into another splunk instance and then found the current version of the reference...

by Explorer in

How to add multiple _meta from one field?

Hi all, I want to have on a HF (8.1.4) multiple _meta of one field values in one stanza.Any sugestion how?Example:...

by Explorer in

Upgraded Indexer shuts down pipeline and has to be restarted?

We have recently upgraded an indexer from 8.2.6 to 9.0.2 (running on Windows) and since then we have been plagued by ...

by Communicator in

How to blacklist server from heavy forwarder?

Currently my Heavy Forwarder is receiving unwanted logs from a lot of different devices, and it is taking up a lot of...

by Engager in

What’s the recommended batch size per request for sending to HEC?

Is there a limit to how many events can be sent to Splunk HEC per event? What’s recommended, are there any guideline ...

by Contributor in

inputs.conf blacklist format- Is there a format that needs to be adhered to when using a blacklist with regex?

is there a format that needs to be adhered to when using a blacklist with regex? I am trying to format "New Proce...

by Loves-to-Learn Everything in

Telegraf - How to solve this HEC SSL Issue?

Hi, I am trying to use Telegraf to send data to Splunk HEC. However not sure how to get past the certificate issue. ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure the forwarding of Microsoft Windows Print Server logs?

Regarding Windows Print Monitoring, what do each of the "operation" field values mean, i.e., add, set, baseline?

Why are events with equal timestamps merged into one event?

How to remove logs from specific sourcetype being indexed?

Can a Heavy-Forwarder just raw forward and not parsing?

How to send aws eventbridge events to a specific index on splunk cloud

Does the data flow through those same queues at the indexer?

Why does UF still require clientCert when requireClientCert is already disable in indexer?

How to forward an index to another Splunk instance (n00b)?

How to add multiple _meta from one field?

Upgraded Indexer shuts down pipeline and has to be restarted?

How to blacklist server from heavy forwarder?

What’s the recommended batch size per request for sending to HEC?

inputs.conf blacklist format- Is there a format that needs to be adhered to when using a blacklist with regex?

Telegraf - How to solve this HEC SSL Issue?

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

scheduler.log broken korean

Batch file Input not removing files.

Suggestions Please: REST Api, csv,html

Can you use ingest actions against _raw?

Can Data Manager import Cloudwatch ECS Fargate log...