Getting Data In

Ask a Question

Discussions

Thread Info

Windows Event Logs Not Forwarding Security Events to Splunk

I've got Splunk Universal Forwarder up and running on my DC-01, and it's set to forward all Windows event logs to Sp...

by Explorer in

Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore?

Hello, I'm experiencing some issues on kvstore: [conn4556] SCRAM-SHA-1 authentication failed for __system o...

by Path Finder in

Help on strftime

Hi I have a field time called LastLogonDate with this format 6/28/2023 1:47.35 PM I want to format this field i...

by Motivator in

Old log getting stored as .csv format even before retention?

Hi Team, We have defined the index retention as 420 days but when we are trying to access the logs those are in .c...

by New Member in

Where does token gets stored when created by splunk UI

Hi Everyone, I have enabled token based authentication and created few tokens. I can see them in UI but wanted to ...

by Explorer in

How can I ingest BitWarden event logs to Splunk?

Hi, I would like to ask how to ingest BitWarden event logs into Splunk Cloud. I could not find any apps for this purp...

by New Member in

How can I take the second timestamp in props.conf?

how can i in the props.conf file tell Splunk to take the second timestamp as opposed to the first

by Explorer in

Active Directory AD actual logs collection

Hello, community, I wanted to ask a fundamental question regarding specific logs collection. The question is: Do ...

by Communicator in

Why is _time in my JSON payload parsed correctly with milliseconds via manual upload but not via HEC?

Hello! I have a JSON payload whose _time field gets parsed no issue when I perform a manual upload, but when that s...

by Motivator in

Just installed SA-Eventgen and get the following error: Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1)

Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=mod...

by New Member in

Add-on for Cisco Webex video conference

Hello, I would like to find an add-on for my webex devices. I know there's the Cisco WebEx Meetings Add-on for Spl...

by Path Finder in

How to forward txt files or data from window server using Splunk forwarder to remote server?

Hi Team, i want to check whether is it feasible to send data or txt files exist in a folder using splunk forwarder...

by Explorer in

How to query a List of Domain Controllers?

I'd like to pull a complete listing of all domain controllers in my environment and I'd like to do it through Splunk....

by Communicator in

Notification when indexes stop receiving data

Hi, we’ve had a problem recently where data has stopped flowing to an index, and it’s a few days before we find out a...

by Path Finder in

Powershell scripts giving blank / no outputs

Hello, I have observed a strange issue in few of my universal forwarders. This is with Splunk addon for windows. I ha...

by Loves-to-Learn in

Add-on or app for wireless lan controller

Hello, I'm trying to find an app or add-on for my cisco wlc. Should I use the current cisco IOS add-on to index wl...

by Path Finder in

Unique CSV Regex- Process Alarm issue?

I have raw data file (similar to a CSV) with various records as follows: Process alarm,5/31/2023,23:19:45,20,11P...

by Engager in

transform.conf

how can i modify the transforms.conf file so that when i ingest the data it throws away all the events that have the ...

by Explorer in

How can I table format data from csv raw data?

I have the below events getting generated which has list of file counts on diffrent directories with date. creating a...

by Explorer in

syslog facility and severity (loglevel)

I've added the following to etc/system/local/limits.conf [udp://514] no_priority_stripping = true no_appending_tim...

by Engager in

Indexes in an Index Cluster

Hi, we have an Indexer Cluster with a dedicated Cluster Manager. The indexers have an additional hard drive attached ...

by Path Finder in

Forward logs to third party and no duplicates in splunk

I want to forward logs to third party system (syslog) without index these data into splunk but i can't accomplish it,...

by Explorer in

"search head Timed out waiting for peer" How can I check the network health between a search head and indexer?

Our environment consists of 1 indexer and 1 search head. Our indexer is currently indexing close to 400GB per day, si...

by Path Finder in

What is the setting for TCP Line Breaking?

what could be the settings to break the tcp data in splunk. Need to break after @sign to another event. L202308710...

by Explorer in

Which configuration file/s holds all notable's/alert settings?

Hi community, I am trying to identify where all settings defining an alert/notable are stored at the backend? Sav...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Windows Event Logs Not Forwarding Security Events to Splunk

Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore?

Help on strftime

Old log getting stored as .csv format even before retention?

Where does token gets stored when created by splunk UI

How can I ingest BitWarden event logs to Splunk?

How can I take the second timestamp in props.conf?

Active Directory AD actual logs collection

Why is _time in my JSON payload parsed correctly with milliseconds via manual upload but not via HEC?

Just installed SA-Eventgen and get the following error: Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1)

Add-on for Cisco Webex video conference

How to forward txt files or data from window server using Splunk forwarder to remote server?

How to query a List of Domain Controllers?

Notification when indexes stop receiving data

Powershell scripts giving blank / no outputs

Add-on or app for wireless lan controller

Unique CSV Regex- Process Alarm issue?

transform.conf

How can I table format data from csv raw data?

syslog facility and severity (loglevel)

Indexes in an Index Cluster

Forward logs to third party and no duplicates in splunk

"search head Timed out waiting for peer" How can I check the network health between a search head and indexer?

What is the setting for TCP Line Breaking?

Which configuration file/s holds all notable's/alert settings?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?