Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Difference between AD logs from M365 add-on app and Azure add-on app

Hey all, Is it possible for an overlap of Azure AD sign-ins? I don't want to have duplicate logs and wasting ingest...

by Loves-to-Learn in

Permissions for Linux forwarder on .gz log files

Hi everyone, I want to monitor files on a Linux server. Every hours (at minute 59), a file DATE.log is compressed i...

by Engager in

Why is stream:http not showing

I'm very new too splunk and using the botsv1-attack-only file to begin learning, please be gentle. When I do an i...

by New Member in

Newbie question: Push changes from UI to Indexers

I used Azure/Splunk Enterprise deployment to set up Splunk on my Azure instance. I then did this: Settings > Show...

by Explorer in

Filter an event where first 2 characters are in uppercase

I am ingesting a text file and I have created a field called Flag. I am looking to create a filter which only shows m...

by Explorer in

Does Splunk Http Event Collector supports Server Name Indication (SNI)?

We have a requirement to collect the logs using client Certs (mTLS) authentication, and we are using Splunk HTTP Even...

by New Member in

splunk data input

This is data file( ip -- [time] text &&& ip -- [time] text &&& ip -- [time] text &&&) 41.146.8.66 - - [13/Jan/2016 ...

by Explorer in

Importing CSV field into an existing index field

I've recently installed an add on in my dev instance which created various fields, including user and NormalizedUser....

by Explorer in

how to change timezone for splunk-add-onn for google cloud platform

hi, please i would like to ask for help to determine how to convert the timezone of events i am indexing with the gcp...

by Explorer in

Splunk log masking regex help

Hi, We have this same log entry, 2021-09-14 13:20:08.325 DEBUG [,88538eaa548c8b64,88538eaa548c8b64,true] 1 --...

by Path Finder in

first Splunk install - cannot get HEC working

I set up a sample VM for myself to test out Splunk configuration. I wanted a stand-alone service just to make sure I ...

by Explorer in

Heavy forwarder

we have indexer , search head and heavy forwarder in a vessel , the heavy forwarder will send the data to a head offi...

by New Member in

Alerts data model

Hi, I'am trying to map alerts for mitre_technique_id from one of my APIs, and I see a strange behaviour from splunk...

by New Member in

Read from inputs.conf file

Hi there, I want to be able to allow a dashboard of my app read the hostname stored in inputs.conf, which is provid...

by Path Finder in

Getting data from dynamodb to Splunk

Hello, what is the best way to get data from dynamoDB to Splunk?

by Explorer in

onboarding azure signin logs to splunk

I want to onboard azure signin logs to my splunk. I installed MS azure add-on for splunk on one HF and completed the ...

by New Member in

Log Ingestion - Custom Log Source

Good morning everyone, I am trying to ingest a log that does not roll over after a new, only when the service t...

by Path Finder in

Upload csv file with escaped quotes

Hello together, I have a csv file which looks like this: "Time";"Comment" "15:53:21";"Here stands something...

by New Member in

Monitoring inputs not parsing logs to indexers

Hello Team, As we are parsing logs from Linux machine to Splunk indexer via Splunk Universal Forwarder in Linux mac...

by Path Finder in

Nested if

Hi, In a field status contains two values one is failure and another is success. Where in failure it contains som...

by Engager in

Getting Data In

Discussions

Difference between AD logs from M365 add-on app and Azure add-on app

Permissions for Linux forwarder on .gz log files

Why is stream:http not showing

Newbie question: Push changes from UI to Indexers

Filter an event where first 2 characters are in uppercase

Does Splunk Http Event Collector supports Server Name Indication (SNI)?

splunk data input

Importing CSV field into an existing index field

how to change timezone for splunk-add-onn for google cloud platform

Splunk log masking regex help

first Splunk install - cannot get HEC working

Heavy forwarder

Alerts data model

Read from inputs.conf file

Getting data from dynamodb to Splunk

onboarding azure signin logs to splunk

Log Ingestion - Custom Log Source

Upload csv file with escaped quotes

Monitoring inputs not parsing logs to indexers

Nested if

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Files can't be ingested while being in transit via...

Using Splunk with NiFi

Pulsar vs Kafka

Specific DNS queries from Splunk Stream to nullQue...

How is WinHostMon data gathered?

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >