×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ProPoPop
Loves-to-Learn Lots
Member since: ‎11-09-2022
‎04-23-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-09-2022
Activity Feed
View All

Problem with DC windows Secure logs sending

by in Getting Data In
‎04-23-2025 03:22 PM
‎04-23-2025 03:22 PM
Hello team! We have a problem with sending data from several Domain Controllers to our splunk instance. We are collecting and sending logs by using Splunk Universal Forwarder. Often there are no problems with sending, but sometimes we are "losing" logs.  DCs have very big load of data, and when the amount of logs reach the top they are start to overwriting oldest logs. As I noticed, that problem affected only at Windows Security journals. Problem: Splunk Universal Forwarder  doesn't has time to get and send data from DC before logs got been overwritten. Could this be related to the Splunk process execution priority or load from other processes at DC? How to solve this problem? Do you have the same experience or advices to rid this problem? ... View more
Labels

How to create ILO5 props.conf?

by in Splunk Enterprise
‎03-28-2023 04:06 AM
‎03-28-2023 04:06 AM
Hello, I need to parse ilo5 logs. I have tryed a lot of variants of props.conf, but no one had worked. I need to create a sourcetype for this. Here is an example of log Feb 13 10:14:32 11.34.20.65 1 2022-01-13T07:170:23Z ILOZY556597X4 iLO5 - - - Host REST logout: System Administrator ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2025 03:05 PM