Getting Data In

Community Activity

Is there are default approach for journald syslog? We're updating our Linux Servers to Debian 12. A few host went "missing" afterwards in Splunk.While investigating int... by dsfyxcasdcertzu Explorer in Getting Data In 07-26-2023 0 2	0	2
kvstore import - fastest way what's the fastest way to import into KVStore?I have about 650 000 rows and import is slow over "Lookup File Editig" ... by jbanAtSplunk Communicator in Getting Data In 07-26-2023 0 3	0	3
VectraAI syslog to Splunk via SC4S I have taken over a project from 2 colleagues to install and integrate VectraAI and Splunk.We have a Vectra X29 as Br... by tkrjukoff New Member in Getting Data In 07-26-2023 0 0	0	0
Enable Logging for IIS Fields Currently we have Microsoft IIS Web-Servers out in the environment, but the fields they are logging is spotty. Is the... by matthew-miller Loves-to-Learn in Getting Data In 07-25-2023 0 3	0	3
Getting xml data into Splunk consistently? I am having trouble with ingesting my data into Splunk consistently. I have an XML log file that is constantly being ... by Strangertinz Path Finder in Getting Data In 07-25-2023 0 3	0	3
How to integrate threat intel platform in splunk (OpenCTI) Hi!i want to integrate OpenCTI intel feeds to splunk and i don't find any Add-on for this integration .OpenCTI provid... by splk_user Path Finder in Getting Data In 07-25-2023 0 1	0	1
Redirecting logs to 3party only for One index Hi, I am trying to redirect logs only for a specified index of mine to 3rd party. But The target destination is recei... by nikk Engager in Getting Data In 07-25-2023 0 2	0	2
Retrieve Windows DNS Logs - best practices ? Hello Splunkers,Whats is "the best practice" to ingest DNS logs inside a distributed Splunk environment. I hesitate ... by GaetanVP Contributor in Getting Data In 07-25-2023 0 4	0	4
Splunk search to check forwarder status based on last connected time Hi Team,i am using this search to check the status of UF"down based on last connection time.but when i am removing th... by sekhar463 Path Finder in Getting Data In 07-24-2023 0 2	0	2
Jira Issue Input: Why is Add-on data not indexing? hello, I have installed the add-on (Jira issue input add-on: https://splunkbase.splunk.com/app/6168) for collecting j... by sweetie Explorer in Getting Data In 07-24-2023 0 6	0	6
Certificate error while integrating Sailpoint with Splunk Hello Experts, We are trying to integrate Sailpoint with Splunk. We used the required add-on and all the necessary in... by manishchoudhary Loves-to-Learn in Getting Data In 07-24-2023 0 2	0	2
Need to export the records morethan 50,000 from a job. Hi all,I am working on one application which needs to export the records into a CSV using splunk job.i have checked t... by gumma Loves-to-Learn in Getting Data In 07-24-2023 0 1	0	1
Change Index name of some data from HEC I have a HEC token sending various logs from AWS Cloudwatch. HEC token is set to have two indexes paloalto and aws.An... by karthikm Loves-to-Learn Everything in Getting Data In 07-23-2023 0 1	0	1
No data is getting displayed on dashboard No data is getting displayed on the dashboard. Following is the query.index=main sourcetype=wms_oracle_sessions \| bu... by pratapa Explorer in Getting Data In 07-22-2023 0 11	0	11
How to write json log data to be ingested? I have a script that I am generating a json formatted log file entries. I want to get this data into Splunk. What is ... by rufflabs Explorer in Getting Data In 07-22-2023 0 4	0	4
Windows Event Logs Not Forwarding Security Events to Splunk I've got Splunk Universal Forwarder up and running on my DC-01, and it's set to forward all Windows event logs to Sp... by abdallah_bakr Explorer in Getting Data In 07-22-2023 0 14	0	14
Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? Hello, I'm experiencing some issues on kvstore: [conn4556] SCRAM-SHA-1 authentication failed for __system on local fr... by tokio13 Path Finder in Getting Data In 07-22-2023 1 2	1	2
Help on strftime HiI have a field time called LastLogonDate with this format6/28/2023 1:47.35 PMI want to format this field in a new f... by jip31 Motivator in Getting Data In 07-21-2023 0 10	0	10
Old log getting stored as .csv format even before retention? Hi Team, We have defined the index retention as 420 days but when we are trying to access the logs those are in .csv ... by anil28 New Member in Getting Data In 07-21-2023 0 1	0	1
Where does token gets stored when created by splunk UI Hi Everyone, I have enabled token based authentication and created few tokens. I can see them in UI but wanted to kno... by rishav Explorer in Getting Data In 07-21-2023 0 3	0	3
How can I ingest BitWarden event logs to Splunk? Hi, I would like to ask how to ingest BitWarden event logs into Splunk Cloud. I could not find any apps for this purp... by libra04ts New Member in Getting Data In 07-21-2023 0 1	0	1
How can I take the second timestamp in props.conf? how can i in the props.conf file tell Splunk to take the second timestamp as opposed to the first by lorscardala985 Explorer in Getting Data In 07-21-2023 0 3	0	3
Active Directory AD actual logs collection Hello, community,I wanted to ask a fundamental question regarding specific logs collection.The question is: Do we rea... by DanAlexander Communicator in Getting Data In 07-21-2023 0 4	0	4
Why is _time in my JSON payload parsed correctly with milliseconds via manual upload but not via HEC? Hello!I have a JSON payload whose _time field gets parsed no issue when I perform a manual upload, but when that same... by andrewtrobec Motivator in Getting Data In 07-21-2023 0 6	0	6
Just installed SA-Eventgen and get the following error: Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1) Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=mod... by scaglietti New Member in Getting Data In 07-20-2023 0 5	0	5