Getting Data In

Discussions

Thread Info

Json source type produces duplicated data

Hello, I'm sending JSon data to the Http Event collector. When I exectute searches, all the non-metadata fields hav...

by Explorer in

What is the default compression method in the outputs.conf file

In outputs.conf you can configure compressed = <boolean> to compress the data, but the documentation doesn't specify ...

by Explorer in

How do I Download and Setup DB Connect?

Hello again, I am back to ask for your help, I feel that DB Connect is a headache, I am very confused about its ...

by Builder in

How to forward indexes to different port of the same server?

Dear Support, I have 2 indexes (indexA, indexB) and one receiving server with 2 different ports (10.10.10.10:xx, ...

by Loves-to-Learn Everything in

How to use Lookup table to analyze events?

I created a lookup table for blacklisted DNS queries. I need a query that uses the lookup table to see if domains in ...

by Path Finder in

Is it possible to have multiple hosts for one LDAP Strategy?

Hi all, We have Splunk connected to 5 LDAP domains and each one with at least 10 servers. Today Splunk is pointin...

by Engager in

Cisco Mobility Express data into Splunk

Hi. I've tried to get Splunk to understand syslog messages coming from a Cisco Mobility Express setup. Mobility E...

by Loves-to-Learn in

How to send data to two different Cloud instances?

Hi folks, I have a HF already sending data to one cloud instance, however I'd like to start sending data to a...

by Path Finder in

How to use props.conf to parse json file in splunk

Hi I am new to splunk. I set up a single-site cluster to parse a JSON-formatted log. I use cm in the path of /opt/s...

by Engager in

deployment server not updating inputs.conf on clients

When pushing the Windows add on for Splunk using a deployment server, my inputs.conf files on the clients are not upd...

by Path Finder in

Deployed apps to Windows Forwarders are malformed

Sometimes after an app has a change made to it when it is deployed to our Universal Forwarders on Windows computers t...

by New Member in

CSV file ingest, exclude header

I'm ingesting logs from DNS (Next DNS via API) and struggling to exclude the header. I have seen @woodcock resolv...

by Path Finder in

How can I use CLONE_SOURCETYPE to send a cloned modified event to a 3rd party without indexing the cloned event?

How can I use the CLONE_SOURCETYPE feature to clone an event that I need to modify and send to a 3rd party without in...

by Splunk Employee in

Sometime the logs are missing, and it's not tracked the logs in consistence way- Mulesoft Logs

Hello All, I am using splunk to store the logs in one of my projects. While I am using the developer org for my PO...

by New Member in

Is it possible read content of /etc/passwd in machines which Splunk is agent installed?

Hi there, Our system administration wanted something from Blue Team. They want to view root privilege users except ...

by Engager in

How to Forward Data from Splunk Enterprise to TCP Syslog Server?

Hi, I have a simple TCP syslog server in the same network where I have setup my Splunk Enterprise platform 9.10. I...

by Explorer in

How to make a search for some analytics with SPL?

Hi, I need some analytics result in Splunk but i couldn't achieve. Here what i need. 1) Which EventIDs is repeate...

by Engager in

How do you create saved search using REST API call?

Works in curl: curl -k -u admin:changeme http://localhost:8089/servicesNS/admin/search/saved/searches -d name=MySa...

by New Member in

How to rename sourcetype at index time?

Hi Experts, I would like rename sourcetype at index time with below config. props.conf [source::test/source....

by Engager in

Fields not recognized in Events from HTTP Event Collector (HEC)

We are noticing that that same data received via the HTTP Event Collector is not searchable by Field like data receiv...

by Loves-to-Learn Lots in

How to create Python Script to get logs from an API in ERROR ExecProcessor?

Hello,we are a from a software editor integration team and we would like to help our customer to integrate easily our...

by New Member in

Why is San server not sending logs to syslog?

I have a Dell Equallogic Group Manager (san server) that's hasn't been sending logs to syslog. I've added all the ...

by Path Finder in

How to get docker system events (not container logs) into Splunk?

We have already enabled the Splunk logging driver, but this forwards logs from inside the containers. I want to ca...

by Path Finder in

How to breakup data that has no timestamp?

Here is a sample of my data. I want to separate each hours/min/sec since I have no timestamp I'm unable to make it w...

by Communicator in

Splunk_ta_windows: Why are Index, source, and sourceType missing from my search?

Hi I have installed splunk_ta_windows using deployment server using UF on windows clients and everything is fine. ...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Json source type produces duplicated data

What is the default compression method in the outputs.conf file

How do I Download and Setup DB Connect?

How to forward indexes to different port of the same server?

How to use Lookup table to analyze events?

Is it possible to have multiple hosts for one LDAP Strategy?

Cisco Mobility Express data into Splunk

How to send data to two different Cloud instances?

How to use props.conf to parse json file in splunk

deployment server not updating inputs.conf on clients

Deployed apps to Windows Forwarders are malformed

CSV file ingest, exclude header

How can I use CLONE_SOURCETYPE to send a cloned modified event to a 3rd party without indexing the cloned event?

Sometime the logs are missing, and it's not tracked the logs in consistence way- Mulesoft Logs

Is it possible read content of /etc/passwd in machines which Splunk is agent installed?

How to Forward Data from Splunk Enterprise to TCP Syslog Server?

How to make a search for some analytics with SPL?

How do you create saved search using REST API call?

How to rename sourcetype at index time?

Fields not recognized in Events from HTTP Event Collector (HEC)

How to create Python Script to get logs from an API in ERROR ExecProcessor?

Why is San server not sending logs to syslog?

How to get docker system events (not container logs) into Splunk?

How to breakup data that has no timestamp?

Splunk_ta_windows: Why are Index, source, and sourceType missing from my search?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions