Getting Data In

Discussions

Thread Info

Using Transfroms.conf to drop parts of a file path

I am new to using the Transfroms.conf and props.conf to manipulate data. The issue we are experiencing is in our WinE...

by Explorer in

sourcetype edit page is missing

I have two Splunk environments with the same Splunk Version 7.3.3. On one environment I see the sourcetype edit lin...

by Explorer in

Column wise Percentage in a pivot table

I have pivoted my dataset to generate a table. The row and column header are auto generated based on attributes of da...

by Loves-to-Learn in

Windows Subsystem for Linux logging

Hi all, Any idea what type of logs we can onboard for WSL2 and how we can do that.

by New Member in

What type of data in addition to sysloag should be ingested into Splunk to help SOC team? I already have the ePO add on

What type of data in addition to sysloag should be ingested into Splunk to help SOC team? I already have the ePO add ...

by Contributor in

SplunkD Service randomly stopping on Windows Server 2012

My SplunkD Service randomly stops on my Windows Server 2012 making it so that I cannot reach the web interface. I hav...

by Engager in

Index all and selective forward

Hi all. I need some help to index all data coming into one server and only forward 3 sourcetypes to a 2nd server. Rec...

by Loves-to-Learn Lots in

f5 Silverline ASM

Has anyone ingested f5 Silverline asm data? I've got the data from f5 Silverline via syslog, but wondering how I shou...

by Engager in

why am I seeing duplicate events in my metrics indexes?

I am seeing duplicate events in a metrics index, help! deployment flow:hec client--->load balancer--->HFs (hec ...

by Splunk Employee in

JMS Messaging Modular Input

Hi All, I have installed and setup JMS Modular input add-on on Splunk HF and given below inputs- Activation key ...

by New Member in

How do i index only specific lines from my log file?

Hi, I have the log file,i need to search the part of line in bold(which as only EmployeeServices/com) and index on...

by Communicator in

Index Performance

Hi, We have an index that is feeding in data from an EKS/K8s infrastructure and getting roughly 4million events / 1...

by New Member in

Setting indexes on windows universal forwarder

Hi All, i am trying to configure the splunk universal forwarders on a windows machine to send to an index that isnt m...

by New Member in

Best method for pulling Microsoft DNS logs with Splunk

What is the best method for pulling Windows DNS Logs with Splunk. I am looking at the following methods: Send dire...

by Splunk Employee in

Is it possible to index a different timestamp based on a field value in the same log?

I'm a new Splunk user that needs to perform some analysis on a set of logs with the following format: Status, Start...

by Engager in

Issue Executing Python Script on Windows UF

I'm having an issue running a python script to generate the contents of an email body to splunk. I've had to instal...

by Loves-to-Learn in

index time extraction for json logs

Hi Splunkers , I'm collecting logs from S3 through heavy forwarder which are in json format . After indexing i see ...

by Explorer in

SmartStore on Azure?

Has anyone managed to get SmartStore working with an Azure Storage Account? I know the requirement is S3 compatibi...

by Explorer in

OKTA TLS requires TLS/cipher

“BLUF: Looks like a TLS/cipher problem in addition to ca_bundel. I was able to connect without errors after specifyin...

by Path Finder in

Do not index file based on content

Greetings All, I'm indexing a bunch of metrics files written every 10 minutes. Just after midnight I get a file con...

by Engager in

Getting Data In

Discussions

Using Transfroms.conf to drop parts of a file path

sourcetype edit page is missing

Column wise Percentage in a pivot table

Windows Subsystem for Linux logging

What type of data in addition to sysloag should be ingested into Splunk to help SOC team? I already have the ePO add on

SplunkD Service randomly stopping on Windows Server 2012

Index all and selective forward

f5 Silverline ASM

why am I seeing duplicate events in my metrics indexes?

JMS Messaging Modular Input

How do i index only specific lines from my log file?

Index Performance

Setting indexes on windows universal forwarder

Best method for pulling Microsoft DNS logs with Splunk

Is it possible to index a different timestamp based on a field value in the same log?

Issue Executing Python Script on Windows UF

index time extraction for json logs

SmartStore on Azure?

OKTA TLS requires TLS/cipher

Do not index file based on content

Parse log which contain unstructured and inner-jso...

Using Splunk Universal Forwarder and scripted inpu...

why Splunk is not able to index all the data from ...

Collect Perfmon counters data for ASP.NET & Paging...

Splunk eStreamer for FMC version 4.011 setup page...