Getting Data In

Thread Info

How get _time vaules same format?

My query index= nonjVs source = nonjavs | stats vaules(_time ) as start time values(_time) as endtime by empid Di...

by Explorer in

Is forwarder inactive and how can I check?

If there is no file update for a quite long time and later then is update in the file, then only after forwarder serv...

by Explorer in

How do I route based on host and source type?

Hi, I am routing traffic to a 3rd party. I have done some of this based on a host and others based on the source t...

by Path Finder in

Why is Splunk showing wrong hostname?

Hi,I have a zscaler NSS connected to splunk. I've been running some tests to see how splunk reacts to change in DNS e...

by Explorer in

Using delete command for hadoop archived index?

Hi folks, Can I delete the data in a virtual index like "Hadoop" using the delete command in the SPL. ...

by Path Finder in

Windows TA not extracting key_path as registry_path from registry_type="baseline"

Is it an omission that the latest Windows TA will only extract registry_path if the registry_type field contains "\w+...

by SplunkTrust in

Cisco Umbrella Log Files- How do I create the custom event types to get there source and destination IP addresses?

I am able to sync my data from the Cisco managed S3 bucket to a local folder on my heavy forwarder. The files are co...

by Observer in

Why is indexed extraction not working if json HEC event payload is more than 512KB?

With INDEXED_EXTRACTIONS=JSON, indexed extraction is not working if json HEC event payload is more than 512KB. ...

by Splunk Employee in

Upgrade DBConnect version

Hi, I currently have an outdated version of DBConnect and need to go through the upgrade process. I have several qu...

by Builder in

Critical Syslog Server Tricks

Hi all, I have a large environment to deploy Splunk cloud and trying to leverage the syslog server (Rsyslog) in fro...

by Explorer in

What is the significance of log file size for splunk ingestion?

If the file size in GB's would create any issue in indexing performance?

by Observer in

Why is my Azure Event Hub not sending data?

Good morning, I am having an issue on-boarding our main Eventhub into the Splunk Add-On for Cloud Services (latest...

by Communicator in

Is it possible to send logs to S3 from a heavy forwarder?

Is it possible to send logs to S3 from a heavy forwarder? I have seen information about being able to ingest from S3...

by New Member in

Is it better to send all the winevent logs in AWS instances to a HF in AWS and then forward those to our Splunk Cloud?

WE have ALOT of aws instances with universal forwarders sending winevent logs and some are sending logs to an on prem...

by Path Finder in

Can you hide the credentials in the curl command from the CLI to prevent my Splunk credentials from getting syslogged?

I need to update ownership of searches after converting to a search head cluster environmen,t and from my understandi...

by Explorer in

How do you reload config files via the CLI or REST API?

I need to do the equivalent of this: https://oursplnkserver.com/en-GB/debug/refresh?entity=admin/conf-inputs b...

by Builder in

How to troubleshoot Zscaler logs not coming out right?

Hi,I have a Zscaler NSS connected to splunk. I made a change in the dns entries so that my em1 (interface that is con...

by Explorer in

HF having "Ingestion Latency" & "Large and Archive File Reader" & "Real-time Reader" issues

Hi Splunkers, I'm trying to troubleshoot an issue with Splunk that I'm facing:I have a Splunk heavy forwarder sett...

by Path Finder in

How to get stackname as a field in Splunk Cloud logs?

Hi we are using aws cloud to run and maintain our infrastructure. So now we are using splunk indexer in log configura...

by Loves-to-Learn in

Why do I have data ingestion issues on newly setup standalone server?

I installed Splunk standalone with https://splunk.github.io/splunk-ansible/Version 9.0.4 on Ubuntu jammy 22.04.2 I...

by Explorer in

HF third party forwarding plus events whitelisting

Hi Splunkers, my colleague and I are going to perform, this week, a change to forward data from Splunk HF to a thir...

by Contributor in

ERROR TcpOutputFd - Read error. Connection reset by peer : splunkforwarder

Hi , I am pretty much new to Splunk. I want to forward audit.log of one of my Linux servers to view in Splunk Web....

by New Member in

How to resolve Host metadata override?

Hi all, I'm trying to do something that seems pretty easy conceptually. I'm ingesting a .txt report into Splunk ...

by Loves-to-Learn Everything in

Azure connection concern

Hi I know there are many splunk add on's available to collect azure monitor metrics which collects the logs using ...

by Path Finder in

How to route a monitor input to specific indexer?

I have a Syslog collector receiving logs from multiple Syslog devices and writing them in a directory-structured log ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How get _time vaules same format?

Is forwarder inactive and how can I check?

How do I route based on host and source type?

Why is Splunk showing wrong hostname?

Using delete command for hadoop archived index?

Windows TA not extracting key_path as registry_path from registry_type="baseline"

Cisco Umbrella Log Files- How do I create the custom event types to get there source and destination IP addresses?

Why is indexed extraction not working if json HEC event payload is more than 512KB?

Upgrade DBConnect version

Critical Syslog Server Tricks

What is the significance of log file size for splunk ingestion?

Why is my Azure Event Hub not sending data?

Is it possible to send logs to S3 from a heavy forwarder?

Is it better to send all the winevent logs in AWS instances to a HF in AWS and then forward those to our Splunk Cloud?

Can you hide the credentials in the curl command from the CLI to prevent my Splunk credentials from getting syslogged?

How do you reload config files via the CLI or REST API?

How to troubleshoot Zscaler logs not coming out right?

HF having "Ingestion Latency" & "Large and Archive File Reader" & "Real-time Reader" issues

How to get stackname as a field in Splunk Cloud logs?

Why do I have data ingestion issues on newly setup standalone server?

HF third party forwarding plus events whitelisting

ERROR TcpOutputFd - Read error. Connection reset by peer : splunkforwarder

How to resolve Host metadata override?

Azure connection concern

How to route a monitor input to specific indexer?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions