Getting Data In

Discussions

Thread Info

transforms.conf not working as expected

I have below configurations in transforms and props config files to change the source name of my events from upd:9514...

by Explorer in

How to resolve "SSL23_GET_CLIENT_HELLO:unknown protocol" error on our indexer?

I'm setting up a Splunk Indexer (Splunk Enterprise 6.4.1) on CentOS 6.8 64-bit. I do have the Splunk Add-on for Micro...

by Explorer in

Some Windows UF not sending Security logs

I’ve inherited a fleet of about 150 Windows Servers, all configured identically — same Deployment Server, TAs, inputs...

by Observer in

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux Can someone...

by Path Finder in

splunk alert triggering multiple incidents instead of single incident

Hi All,I have a splunk alert that is having this search query:index="dcn_b2b_use_case_analytics" sourcetype=lime_proc...

by Explorer in

Configuring Logstash to send files to Splunk

Hello all, So I'm very new to Splunk, like I've been playing around with it for less than 3 months. I have been ta...

by Engager in

Sending Appdyanmics CPU, Memory and Disk metrics to Splunk

Hi All, We have requirement to onboard the Infrastructure metrics (CPU, Memory and Disk ) monitored using Appdyanic...

by Loves-to-Learn Everything in

splunk alert raising multiple SNOW tickets that are not stopping until I disable the alert

when I run this search query in splunk search and reporting apps my output looks like this as mentioned be...

by Explorer in

How to configure the load balancer to handle HEC data?

We are in a transition from sending the data through HFs to sending the data directly to the indexers and we wonder h...

by Motivator in

Do we need to run an indexer rolling restart when getting new HEC data stream?

We are transitioning from getting the HEC data through HFs to getting it directly to the indexers and we are wonderin...

by Motivator in

New source type with regex not working correctly

I've created a new source type with a regex. It was working but I found an edge case where it was broken. I rewrote t...

by Explorer in

Creating a new sourcetype and performing transforms on it in the same TA

If I have a transforms.conf like the below: [ORIGIN2]REGEX = (?:"id":"32605")FORMAT = sourcetype::test-2DEST_KEY = ...

by Explorer in

AIX UF extract checksum error

When I try to install the UF for AIX, it fails to extract to with a checksum error AIXSERVER:/nim/media/SOFTWARE/sp...

by New Member in

Line breaking source types

I am trying to fix the issue of my zeek logs not being broken into separate events. These logs are in json format and...

by New Member in

Change a sourcetype at the indexer

Hello, I'm to try changing the sourcetype at the indexer level based on the source. First question is that possibl...

by Path Finder in

ERROR: Tor IP are not updating in lookup

If you download https://splunkbase.splunk.com/app/7208 Full Tor Node List Lookup App, it comes already with a csv fil...

by Engager in

Save Output from Scripted Input in KV Store

Hello, I have written a Python script that performs an API query from a system. This script is to be executed as sc...

by Explorer in

Is it Possible to Configure a cronjob with Scripted Input

Hello, I have a bash script that basically creates a cronjob. Not sure if this is allowed or not but I am able to ...

by Path Finder in

How to forward events from Splunk Indexer to CyberArk PTA?

Q: Need to forward the data from all the indexes (Windows, Linux, etc...) to CyberArk PTA via Syslog or any other fro...

by Path Finder in

How to Drop All Logs Under a Specific Directory and Its Subdirectories Using props.conf & transforms.conf on a Heavy For

Description: I am using a Splunk Heavy Forwarder (HF) to forward logs to an indexer cluster. I need to configure pr...

by Loves-to-Learn Lots in

Windows 11 ARM Chip Support

As the computer laptop field continues to grow the use of ARM based chips for Windows 11, is there an ETA on a Splunk...

by Engager in

Can I ingest JSON file into an index

Hi,I have a python modular input that populates an index (index_name). This ran into some gateway error issues causin...

by Path Finder in

Data not getting ingested into Splunk for multiple sources

I have configured an app and added 7 different source files in a single inputs.conf with the same index name and sour...

by Path Finder in

Index created in Cluster Master not showing in Heavy Forwarder

Hi, We have configured a data input in HF and there is an option to select index there. I have created new index i...

by Communicator in

Detailed logs from Cortex XDR

I'm trying to extract endpoint data from Cortex XDR, but I don't want to see just alerts in Splunk—I need all the end...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

transforms.conf not working as expected

How to resolve "SSL23_GET_CLIENT_HELLO:unknown protocol" error on our indexer?

Some Windows UF not sending Security logs

traffic events not getting routed to nw_fortigate and non-traffic events not getting routed to os_linux

splunk alert triggering multiple incidents instead of single incident

Configuring Logstash to send files to Splunk

Sending Appdyanmics CPU, Memory and Disk metrics to Splunk

splunk alert raising multiple SNOW tickets that are not stopping until I disable the alert

How to configure the load balancer to handle HEC data?

Do we need to run an indexer rolling restart when getting new HEC data stream?

New source type with regex not working correctly

Creating a new sourcetype and performing transforms on it in the same TA

AIX UF extract checksum error

Line breaking source types

Change a sourcetype at the indexer

ERROR: Tor IP are not updating in lookup

Save Output from Scripted Input in KV Store

Is it Possible to Configure a cronjob with Scripted Input

How to forward events from Splunk Indexer to CyberArk PTA?

How to Drop All Logs Under a Specific Directory and Its Subdirectories Using props.conf & transforms.conf on a Heavy For

Windows 11 ARM Chip Support

Can I ingest JSON file into an index

Data not getting ingested into Splunk for multiple sources

Index created in Cluster Master not showing in Heavy Forwarder

Detailed logs from Cortex XDR

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions