Getting Data In

Thread Info

Why are we missing Windows "WinEventLog:Security" event logs?

I have 40 Windows 2012 domain controllers (forwarding through heavy forwarders to cloud), that intermittently stop se...

by Communicator in

How to parse timestamp which is in epoch and assign it to the same field timestamp

Hello All, I have log file which has the following content in json format, I would like to parse the timestamp and ...

by Loves-to-Learn Lots in

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

As we have recently enabled various audit settings on our domain, we now have 4662 events being generated on the DCs....

by Engager in

ITSI Glass Table

Hello Experts, In Splunk ITSI, we’re able to see the alerts in the Alerts table, but those alerts are not being ref...

by New Member in

Trimming data and sending it through Cribl and Datadog

So the title is pretty self explanatory. I have been approached and requested to trim logs. I had initially installed...

by Communicator in

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Based on the article provided below we have updated our Atlassian settings to pull the Bitbucket logs into our Audit ...

by Contributor in

Routing Sourcetype

We are collecting the sourtype of the data we are currently receiving by changing it as follows. [A_syslog]TRANSFOR...

by Explorer in

HEC configuration for AWS logs

We have a architecture of 3 site multi cluster which contains 6 indexers (2 in each site), 3 search heads (one in eac...

by Communicator in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Splunk DB Connect Addon

Dear Splunk Community, I need some advice on how to get DB Connect configured. I'm hitting a brick wall trying to g...

by New Member in

"Akamai Security Incident Event Manager API" not found

Upon installing the Akamai SIEM I am not seeing the data input option for "Akamai Security Incident Event Manager AP...

by Explorer in

Critical Bucket size and range

Hi There, I have noticed that the cloud monitoring console is reporting a critical bucket. I only have one and have...

by Communicator in

change timestamp for extra data

We are collecting various data from security equipment.The data is being stored in index=sec_A and received as sourty...

by Explorer in

Good example of a working custom REST endpoint (but not an admin:* one)

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note...

by SplunkTrust in

Netskope onboarding

Hi, I have a question on Netskope onboarding to Splunk. I installed to TA-NetSkopeAppForSplunk (4.1.0) on Spl...

by Path Finder in

cloudwatch logs tagging

Expert advice needed. I was able to ingest cloudwatch logs for ecs and lambda with data manager Now i need to add...

by Loves-to-Learn Lots in

pull Azure event hub logs to Splunk

How can we pull Azure event hub logs to Splunk? I check that we cannot use HEC configuration for pulling the data. Wh...

by Communicator in

Why doesn't my Ingest Action work?

I have written and tested some rules using "Ingest Actions". I used the "Sample" indexed data and everything seems fi...

by Explorer in

How do I set up a KV Store lookup?

I created a KV Store lookup using the "Splunk App for Lookup File Editing" app, however when I look at Settings>Looku...

by Motivator in

Splunk and Cisco Firepower Audit Logs

Hello folks, My organization is struggling with ingesting the Cisco Firepower audit (sys)logs into Splunk, we've be...

by Explorer in

Splunkforwarder Startup Error in Docker containers

Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUN...

by Explorer in

Turning off chunked encoding in Universal Forwarder

Hi, We're setting up a Splunk enterprise instance in an air-gapped environment. In addition to this, the server is ...

by Explorer in

Creating service account in splunk to re-assign the orphaned knowledge object

Hi, I am a splunk admin and we are re-assigning the orphaned knowledge object to my name as a temporary solution. I...

by Communicator in

AWS logging to our Splunk

AWS logs to Splunk We need to onboard AWS cloud watch logs (from Kinesis) to our Splunk. We have all our Splunk ins...

by Communicator in

Regex for multiline events where skipping lines is required.

I have multiline events where it is required to capture the error messages. The events are separated by "FAILED". ...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why are we missing Windows "WinEventLog:Security" event logs?

How to parse timestamp which is in epoch and assign it to the same field timestamp

Trying to blacklist all 4662 events except if they match any of the dcsync related GUIDs

ITSI Glass Table

Trimming data and sending it through Cribl and Datadog

Integrating and Ingesting Atlassian Audit Logs into Splunk?

Routing Sourcetype

HEC configuration for AWS logs

Ask Questions, Get Help about Data Manager for Splunk Cloud

Splunk DB Connect Addon

"Akamai Security Incident Event Manager API" not found

Critical Bucket size and range

change timestamp for extra data

Good example of a working custom REST endpoint (but not an admin:* one)

Netskope onboarding

cloudwatch logs tagging

pull Azure event hub logs to Splunk

Why doesn't my Ingest Action work?

How do I set up a KV Store lookup?

Splunk and Cisco Firepower Audit Logs

Splunkforwarder Startup Error in Docker containers

Turning off chunked encoding in Universal Forwarder

Creating service account in splunk to re-assign the orphaned knowledge object

AWS logging to our Splunk

Regex for multiline events where skipping lines is required.

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions