×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
pcontreras
Explorer
Member since: ‎07-21-2022
‎10-27-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎07-21-2022
Activity Feed
View All

Re: Splunk Dashboard - <eval>

by SplunkTrust in Dashboards & Visualizations
‎10-28-2023 01:48 AM
‎10-28-2023 01:48 AM
I am using enterprise and it works without quotes with -7d@h ... View more

Re: Why are there duplicate MV Fields with JSON da...

by SplunkTrust in Getting Data In
‎11-28-2022 10:10 PM
‎11-28-2022 10:10 PM
One common mistake is described in Structured Data Header Extraction and configuration. * When 'INDEXED_EXTRACTIONS = JSON' for a particular source type, do not also set 'KV_MODE = json' for that source type. This causes the Splunk software to extract the JSON fields twice: once at index time, and again at search time. * Default: not set ... View more

Re: How to send data to Splunk from Azure Event Hu...

by in Getting Data In
‎10-31-2022 06:00 AM
‎10-31-2022 06:00 AM
if you're familiar with Azure Logic Apps, you could consider using those to get events from the Event Hub and push them to a Splunk HEC input. The logic app can then also contain some logic to assign different index/sourcetype etc. to the data (as part of the HEC metadata fields). I just noticed someone also built a Splunk App around that approach: https://splunkbase.splunk.com/app/6223 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-27-2023 06:45 PM
Karma from
View All