Getting Data In

Discussions

Thread Info

Powershell input for universal forwarder stopped working

I am tearing my hair out trying to figure this one out... I had a powershell input on my UFs (both Win10 and Server 1...

by Explorer in

Removing a file path from an alert search

So there is a query on my splunk cloud instance. Which is below: index=windows EventCode=4688 [| inputlookup ...

by Observer in

HTTP/2 HEC

Are there any plans to support HTTP/2 for HEC inputs?

by Explorer in

DB Connect and Red Hat Satellite

Has anybody used or currently using DB Connect to their Red hat satellite Server?

by Communicator in

Eval command with like condition with greater than and less than format?

Hi I have the following command in my query My splunk search | eval message=IF((like(source,"ABC%") OR lik...

by Builder in

HEC Basic Authentication

I am attempting to use an HEC with basic authentication via HTTPS, but receiving a response 403 "Forbidden" when usin...

by Explorer in

Jira issues collector add-on

Hi, I have installed Jira issues collector add-on to onboard the jira logs in splunk. configuration is done and I a...

by Explorer in

WMI winevent log Events not being sent to nullQueue

I am trying to send the following WMI winevent log event to the Null queue as it needs to be dropped.But this dosn't ...

by New Member in

Question about host field

I'm trying to put a host in a host field before indexing the csv file below. 【CSV file】 #ServerName001#JobName,St...

by Explorer in

Universal Forwarder Dosn't forward new generated log files

Dear Friends I have installed a universal forwarder on Free_PBX to forward call queue logs to Splunk enterprise, ev...

by Engager in

Accessing restricted Windows share

Hello all, I'm not sure what I have been asked to do is achievable. I'm hoping that someone can advise. We have ...

by Communicator in

Splunk Integration with OCI

I have been trying to integrate Splunk with OCI for data collection and the Add-On provided is not working. Error: ...

by New Member in

How to filter out lines that start with #

We have logs , where first few lines start with "#" and we don't need to ingest these lines. We tired to use diffe...

by Builder in

Splunk universal forwarder

Hi I am not receiving the data from Universal forwarders . What could the possible reasons be? Thanks

by Engager in

How to ingest only those lines from the log that start with "date/time"

We have logs , where first few lines needs to be omitted from ingesting.We only need to on-board the events , that st...

by Builder in

deployment server not updating inputs.conf on clients

When pushing the Windows add on for Splunk using a deployment server, my inputs.conf files on the clients are not upd...

by Path Finder in

Who to split up $SPLUNK_DB and colddb

I have many indexes on my three indexers. I have attached NSF shares for the colddb. All the indexes are at $SPLUNK_D...

by Motivator in

Trigger alert when 1 user deletes more than 5 files

hi, I want to create an alert that will trigger when 1 user (no specific user name, just one persong from the organiz...

by Observer in

HF doesn't accept traffic from UF

Hi Splunk chaps, I'm facing problem with feeding HF from UF (HF is sending data to the cloud and this works fine)....

by Loves-to-Learn Everything in

How to divide yesterdays data with today's data?

Hello Folks , Need help. Every day new file generates with a FileSizeBytes value, I need to compare the yesterday's...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Powershell input for universal forwarder stopped working

Removing a file path from an alert search

HTTP/2 HEC

DB Connect and Red Hat Satellite

Eval command with like condition with greater than and less than format?

HEC Basic Authentication

Jira issues collector add-on

WMI winevent log Events not being sent to nullQueue

Question about host field

Universal Forwarder Dosn't forward new generated log files

Accessing restricted Windows share

Splunk Integration with OCI

How to filter out lines that start with #

Splunk universal forwarder

How to ingest only those lines from the log that start with "date/time"

deployment server not updating inputs.conf on clients

Who to split up $SPLUNK_DB and colddb

Trigger alert when 1 user deletes more than 5 files

HF doesn't accept traffic from UF

How to divide yesterdays data with today's data?

How I Instrumented a Rust Application Without Knowing Rust

Splunk Community Platform Survey

Observability Highlights | November 2022 Newsletter

May I have sample code to query Splunk data using ...

How to add metadata to UF config files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

AWS S3 Input- Ingest .csv files that are not actua...

Increased CPU on Universal Forwarder since v9