Getting Data In

Community Activity

Forwarding all logs from HF to third-party using syslog and discard tcp output to indexers My goal is to:1. Default send everything from UF agent (excluded syslog source) to syslog group: chron-autolb group.2... by frank_yin Loves-to-Learn Lots in Getting Data In 09-26-2025 0 1	0	1
AD & DC Logs Hello Splunkers,Appreciate if anyone can help me here, I'm after a Best practices guide/ article for Windows Server L... by mohsplunking Path Finder in Getting Data In 09-26-2025 0 2	0	2
syslog-ng configuration I need to onboard CISCO IOS switch logs with splunk, we have a syslog-ng installed on HF, could somebody explain the ... by maheshnc Path Finder in Getting Data In 09-26-2025 0 4	0	4
DELL Switch Configuration I need to integrate Dell Switches with Splunk using syslog-ng which is installed on, On-Prem HF, what are the prerequ... by maheshnc Path Finder in Getting Data In 09-26-2025 0 1	0	1
Request for Guidance on Running PROD Index Servers in another site without Cold Storage I would like to run a copy of PROD Indexer servers’ VMs in another site (DR setup) without mapping Cold Storage, to ... by Nraj87 Explorer in Getting Data In 09-24-2025 0 4	0	4
Ingest old security.evtx files I am running windows version of Splunk Enterprise 9.4.2 stand alone. I have 17 older security logs saved in a separa... by sswigart Explorer in Getting Data In 09-24-2025 0 1	0	1
Dynatrace Audit logs This is a comment rather than a question. Please add the ability to ingest audit logs in to the Dynatrace add-on. by _joe Contributor in Getting Data In 09-22-2025 0 1	0	1
Splunk Add-On Builder UI is Blank/Won't Load I've installed the Splunk Add-On Builder but the UI is blank/won't load...I've tried installing on my HF (Heavy Forwa... by marycordova SplunkTrust in Getting Data In 09-22-2025 0 10	0	10
Forward logs to syslog with metadata Hello everyone, I have a splunk server installed locally and there are logs being ingested already. I'd like to forwa... by prioska Loves-to-Learn in Getting Data In 09-21-2025 0 1	0	1
How to improve indexing thruput if replication queue is full? Here are the configs for on-prem customers willing to apply and avoid adding more hardware cost.9.4.0 and above most ... by hrawat Splunk Employee in Getting Data In 09-20-2025 0 6	0	6
Regex works but transforms.conf extracts only part of the last field I'm working on a transforms.conf to extract fields from a custom log format. Here's my regex:REGEX = ^\w+\s+\d+\s+\d+... by sigma Path Finder in Getting Data In 09-20-2025 0 3	0	3
Is there away to find the exact hostname from the (SQUASHED) details in Splunk? index=_internal [`set_local_host`] source=license_usage.log type="Usage" \| eval h=if(len(h)=0 OR isnull(h),"(SQUAS... by rickymckenzie10 Explorer in Getting Data In 09-19-2025 0 1	0	1
Props.conf Extractions Not Applied to Saved Search (collect) Output in New Index Hi All, i do create new index but the source data is from savedsearch let say i create savedsearch from index=ABC the... by zksvc Contributor in Getting Data In 09-19-2025 0 6	0	6
How can I clone data from a HF to two different splunk instances? How can I clone data from a HF to two different splunk instances? Doubling defaultgroup in outputs.conf does not work... by lucacaldiero Path Finder in Getting Data In 09-16-2025 0 4	0	4
How to use STOP_PROCESSING_IF in transforms.conf Can anyone give me some examples of using STOP_PROCESSING_IF in transforms.conf? Seems there is no examples exists wi... by vincentwhn Engager in Getting Data In 09-16-2025 0 6	0	6
Sending logs from F5 Big-IP to Splunk How can I configure my F5 BIG-IP to forward logs from a load-balanced server pool to Splunk? by Fares_Hossam Engager in Getting Data In 09-16-2025 0 1	0	1
filtering search results not working as expected I have a not-very-complicated query that returns a table of my roles and associated default search indexes. One role ... by utoddl Explorer in Getting Data In 09-15-2025 0 1	0	1
sc4s app_parsers don't seem to work Hello,We're currently having an issue of SC4S tagging Cisco firepower data as nix:syslog, but I was having this issue... by davidoff96 Path Finder in Getting Data In 09-15-2025 0 2	0	2
I wanna forward all data from a single hf to 2 diffenrent splunk instances Hello,I wanna forward all data from a single HF to two splunk different instances. How can i do that? Thanks #splunk ... by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 10	0	10
Specify all hosts or sources in props How can I specify all host or sources in a stanza of props.conf?Thank you @gcusello by lucacaldiero Path Finder in Getting Data In 09-15-2025 0 3	0	3
Are there any ways to whitelist specific fields from json format logs during data-onboarding? Due to privacy concerns, I would like to modify the _raw content during the data onboarding phase in order to impleme... by vincentwhn Engager in Getting Data In 09-15-2025 0 7	0	7
Cannot get logs from specific source to seperate by line I have a source of logs that I want to ingest into splunk, where each line documents a seperate event. After having s... by Ghostoverflow25 Engager in Getting Data In 09-14-2025 0 1	0	1
How does one use an API to pull Splunk Documentation into a repository? What would it take to use something like REST API to pull down documents from Splunk Documentation website? The searc... by jackbenimble New Member in Getting Data In 09-12-2025 0 1	0	1
Missing per_*_thruput metrics on 9.3.x Universal forwarders. Apply following workaround in default-mode.confAdditionally you can also push this change via DS push across thousand... by hrawat Splunk Employee in Getting Data In 09-12-2025 4 17	4	17
Particular sourcetype not appearing in search CentOS 7.7.1908, Splunk v9.1.0.2I want to get an example event for each sourcetype on each host (excluding one host)... by JyPl4wNYu7GV1uL Explorer in Getting Data In 09-12-2025 0 4	0	4