Getting Data In

Community Activity

	Splunk licensing pool warning not clearing Hi,I accidentally uploaded too much data on one day (a jsonl file) and violated the 500mb limit in place for the splu... by Ghostoverflow25 Engager in Getting Data In 10-05-2025 0 5	0	5
	Splunk File Monitoring Hello Splunkers,I have a question around Monitoring a same File from different server, The situation is Server1, Serv... by mohsplunking Path Finder in Getting Data In 10-05-2025 0 2	0	2
	Issue with my search query Greeting,I am trying to identify users who have not had any activity in O365 for over 180 days, however my search is ... by GattyBiggz Loves-to-Learn in Getting Data In 10-01-2025 0 1	0	1
	Using different indexes in splunk app for jenkins Hi all;Regarding the Splunk App for JenkinsWe have multiple jenkins instances in our environment; Each project is in ... by ivohechmann Explorer in Getting Data In 09-30-2025 0 3	0	3
	How to set the _time in SC4S events to the current time/time event was recieved? Some data would be mistagged as a different time zone, or would come in very late and would miss our alarms, since th... by davidoff96 Path Finder in Getting Data In 09-29-2025 0 1	0	1
	Forwarding all logs from HF to third-party using syslog and discard tcp output to indexers My goal is to:1. Default send everything from UF agent (excluded syslog source) to syslog group: chron-autolb group.2... by frank_yin Loves-to-Learn Lots in Getting Data In 09-26-2025 0 1	0	1
	AD & DC Logs Hello Splunkers,Appreciate if anyone can help me here, I'm after a Best practices guide/ article for Windows Server L... by mohsplunking Path Finder in Getting Data In 09-26-2025 0 2	0	2
	syslog-ng configuration I need to onboard CISCO IOS switch logs with splunk, we have a syslog-ng installed on HF, could somebody explain the ... by maheshnc Path Finder in Getting Data In 09-26-2025 0 4	0	4
	DELL Switch Configuration I need to integrate Dell Switches with Splunk using syslog-ng which is installed on, On-Prem HF, what are the prerequ... by maheshnc Path Finder in Getting Data In 09-26-2025 0 1	0	1
	Request for Guidance on Running PROD Index Servers in another site without Cold Storage I would like to run a copy of PROD Indexer servers’ VMs in another site (DR setup) without mapping Cold Storage, to ... by Nraj87 Explorer in Getting Data In 09-24-2025 0 4	0	4
	Ingest old security.evtx files I am running windows version of Splunk Enterprise 9.4.2 stand alone. I have 17 older security logs saved in a separa... by sswigart Explorer in Getting Data In 09-24-2025 0 1	0	1
	Dynatrace Audit logs This is a comment rather than a question. Please add the ability to ingest audit logs in to the Dynatrace add-on. by _joe Contributor in Getting Data In 09-22-2025 0 1	0	1
	Splunk Add-On Builder UI is Blank/Won't Load I've installed the Splunk Add-On Builder but the UI is blank/won't load...I've tried installing on my HF (Heavy Forwa... by marycordova SplunkTrust in Getting Data In 09-22-2025 0 10	0	10
	Forward logs to syslog with metadata Hello everyone, I have a splunk server installed locally and there are logs being ingested already. I'd like to forwa... by prioska Loves-to-Learn in Getting Data In 09-21-2025 0 1	0	1
	How to improve indexing thruput if replication queue is full? Here are the configs for on-prem customers willing to apply and avoid adding more hardware cost.9.4.0 and above most ... by hrawat Splunk Employee in Getting Data In 09-20-2025 0 6	0	6
	Regex works but transforms.conf extracts only part of the last field I'm working on a transforms.conf to extract fields from a custom log format. Here's my regex:REGEX = ^\w+\s+\d+\s+\d+... by sigma Path Finder in Getting Data In 09-20-2025 0 3	0	3
	Is there away to find the exact hostname from the (SQUASHED) details in Splunk? index=_internal [`set_local_host`] source=license_usage.log type="Usage" \| eval h=if(len(h)=0 OR isnull(h),"(SQUAS... by rickymckenzie10 Explorer in Getting Data In 09-19-2025 0 1	0	1
	Props.conf Extractions Not Applied to Saved Search (collect) Output in New Index Hi All, i do create new index but the source data is from savedsearch let say i create savedsearch from index=ABC the... by zksvc Contributor in Getting Data In 09-19-2025 0 6	0	6
	How can I clone data from a HF to two different splunk instances? How can I clone data from a HF to two different splunk instances? Doubling defaultgroup in outputs.conf does not work... by lucacaldiero Path Finder in Getting Data In 09-16-2025 0 4	0	4
	How to use STOP_PROCESSING_IF in transforms.conf Can anyone give me some examples of using STOP_PROCESSING_IF in transforms.conf? Seems there is no examples exists wi... by vincentwhn Engager in Getting Data In 09-16-2025 0 6	0	6
	Sending logs from F5 Big-IP to Splunk How can I configure my F5 BIG-IP to forward logs from a load-balanced server pool to Splunk? by Fares_Hossam Engager in Getting Data In 09-16-2025 0 1	0	1
	filtering search results not working as expected I have a not-very-complicated query that returns a table of my roles and associated default search indexes. One role ... by utoddl Explorer in Getting Data In 09-15-2025 0 1	0	1
	sc4s app_parsers don't seem to work Hello,We're currently having an issue of SC4S tagging Cisco firepower data as nix:syslog, but I was having this issue... by davidoff96 Path Finder in Getting Data In 09-15-2025 0 2	0	2
	I wanna forward all data from a single hf to 2 diffenrent splunk instances Hello,I wanna forward all data from a single HF to two splunk different instances. How can i do that? Thanks #splunk ... by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 10	0	10
	Specify all hosts or sources in props How can I specify all host or sources in a stanza of props.conf?Thank you @gcusello by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 3	0	3