Getting Data In

Discussions

Thread Info

How to detect regular activity from logs.

Hi, splunk community. I would like to detect regular activity with specific URL (or host) from HTTP Proxy logs. In...

by Explorer in

Splunk Universal Forwarder only forwards one csv log

Hello, I am having an issue with the universal forwarder, where only one csv log gets sent to the index. We have mult...

by Path Finder in

Can a universal forwarder make use of multiple CPUs?

I have 4 universal forwarders set up in a DMZ that receive events from other universal forwarders in the field and re...

by Path Finder in

What documentation can I use as reference to set up forwarding data from my Tomcat servers to my local instance?

I am new to Splunk and I am trying to find the right documentation to get started. My goal is to get the logs from ca...

by Path Finder in

How to track successful inbound connections to a universal forwarder?

I have a group of Universal forwarders deployed in our DMZ to relay logs from UF's in the field to our indexing clust...

by Path Finder in

How to filter out any Meraki access point messages from being indexed in Splunk?

Hello everyone. I am new to SPlunk and syslog in general, but have gotten pretty far in the past week. I've got a Bar...

by New Member in

Filter events before indexing

Hello, I'm consulting the documentation regarding filtering events before they get indexed but i have issue to und...

by Communicator in

ERROR ExecProcessor - message from "C:\SplunkUniversalForwarder\bin\splunk-winevtlog.exe" WinRegistryApi - RegKey::open - RegOpenKeyExW returned error 2: The system cannot find the file specified.

by Explorer in

How to remove headers from a custom app log file?

Hi, I'd like to remove some headers from a custom app logfile. I've tried some configs, but can't get it to work. ...

by Champion in

How to send syslog to sandbox?

How can i send syslog from my cisco asa to the splunk sandbox?

by New Member in

Can I access the REST Sandbox REST API in the Online Sandbox?

My curl requests to online sandbox are timing out. curl -u admin:foobar -k <sandbox_domain>:8089/servicesNS/admin/...

by Engager in

Failed to parse epoch timestamp for Checkpoint Opsec

Splunk isn’t recognizing the date from the opsec.logs since the date is being sent in a localized format

by Splunk Employee in

Modular Input: Do we need to parse a "name" stanza if I have defined in my spec that my named stanza is default?

I have been working on a modular input and been struggling with the way you read input stanza data from splunk all ex...

by Splunk Employee in

Is it possible to disable encryption (SSL) between a search head and indexers?

Hello Splunkers, I would like to disable SSL between our Search Head and our indexers which are distributed in locati...

by Contributor in

how to provide a status of a forwarder to a customer

Hi, I have some customers who do not have access to their servers and would like the ability to validate that the ...

by Champion in

Why does Splunk not recognize standard fields in my Apache data forwarded by syslog?

I have over 100 Apache webservers which forward their logs to a syslog-ng server, which then forwards the data a TCP ...

by Contributor in

Find Transactions that overlap a certain timestamp

I've been able to use the transaction command to group logins and logouts of users. What's the best way to find the t...

by Communicator in

Why is my host_segment monitor configuration not working properly?

Ok I read the documentation about using host_segment but it does not seem to be working properly Here is my stanza...

by Contributor in

How to get all configuration files in my deployment in a file?

Hi all, I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)...

by Path Finder in

How do I rename xml fields in props.conf?

I have a file of XML-like events that look like this: <Event Field1=foo Field2=bar Field3=baz > <Data Field4=w...

by Builder in

UDP routing on indexer

Hi All , One of our clients wats to use single Splunk instance (indexer) for both receiving and sending data. They...

by Path Finder in

Is there any way to guarantee my Forwarder collecting all data?

Hi all. We are using Splunk Enterprise version of 6.1.3. Is there any way to guarantee my Forwarder collecting all da...

by Engager in

Inputs.conf to monitor in given time range only

Hi, I have a situation: The logs are getting generated 24x7, but the client wants to monitor only during offline h...

by Communicator in

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

I want to index the splunk resultset for future use. Do I always have to store it in a file?

by Contributor in

Best way to index .csv files with some common fields

Hi I have a series of .csv files (1 for each month) where the first 100 fields are the same, but after that there are...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to detect regular activity from logs.

Splunk Universal Forwarder only forwards one csv log

Can a universal forwarder make use of multiple CPUs?

What documentation can I use as reference to set up forwarding data from my Tomcat servers to my local instance?

How to track successful inbound connections to a universal forwarder?

How to filter out any Meraki access point messages from being indexed in Splunk?

Filter events before indexing

ERROR ExecProcessor - message from "C:\SplunkUniversalForwarder\bin\splunk-winevtlog.exe" WinRegistryApi - RegKey::open - RegOpenKeyExW returned error 2: The system cannot find the file specified.

How to remove headers from a custom app log file?

How to send syslog to sandbox?

Can I access the REST Sandbox REST API in the Online Sandbox?

Failed to parse epoch timestamp for Checkpoint Opsec

Modular Input: Do we need to parse a "name" stanza if I have defined in my spec that my named stanza is default?

Is it possible to disable encryption (SSL) between a search head and indexers?

how to provide a status of a forwarder to a customer

Why does Splunk not recognize standard fields in my Apache data forwarded by syslog?

Find Transactions that overlap a certain timestamp

Why is my host_segment monitor configuration not working properly?

How to get all configuration files in my deployment in a file?

How do I rename xml fields in props.conf?

UDP routing on indexer

Is there any way to guarantee my Forwarder collecting all data?

Inputs.conf to monitor in given time range only

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

Best way to index .csv files with some common fields

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions