Getting Data In

Ask a Question

Discussions

Thread Info

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Split JSON array into individual events on HF

We've logs coming to HEC as nested JSON in chunks; We're trying to break them down into individual events at the HEC ...

by Builder in

Loosing logs for a specific host in several hours.

Hi All. Using Splunk for collecting logs from different devices. But logs from on devices on the network , is not...

by New Member in

Streamfwd pcap filter compilation error

I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwa...

by New Member in

sc4s index re-route

Hi Folks,New to Splunk and SC4S deploymenet. So far I have been able to make good progress. I have setup 2 SC4S serve...

by Engager in

CITRIX onboard via SC4S - no events in splunk

Hi, I am running splunk standalone 8.4.1 with Citrix add-on installed 8.2.3. Also, I have SC4S running version 3.3...

by Contributor in

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

Hi all, I'm struggling with an issue related to collecting Fortinet Fortios events through SC4S. If I use UDP proto...

by Engager in

UF not in CMC

Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwa...

by Explorer in

call not properly authenticated

Response Code: 401Response text: <?xml version="1.0" encoding="UTF-8"?><response><messages><msg type="WARN">call not ...

by Explorer in

UF keep looking for removed input stanza

I have this kind of weird custom app (and dangerous too) that changes the UF Instance GUID. Basically, I created a ....

by Explorer in

Defining Timestamp for HEC Input

I'm running into a strange issue where Splunk is using the current time for a HTTP Event Collector input rather than ...

by Communicator in

SourceTypes being changed by GUI

Hi All, Help please. Can I get people to agree with me that the following is a bug/design flaw - as my splunk cas...

by Path Finder in

Syslog Configuration required for custom sourcetypes

I think Splunk doesn't have a built-in/defined sourcetype for ExtremeCloud XIQ logs. Can we define a custom sourcetyp...

by Explorer in

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

2025-05-06T13:50:00.857Z error helper/transformer.go:118 Failed to process entry {"otelcol.component.id": "filelog", ...

by New Member in

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Hi Splunkers!!, We have recently configured SSO in Splunk using Keycloak, and it's working fine — users are able to...

by Motivator in

Redirecting specific logs using a regex

Hi splunk community, I have a question on logs cloning/redirection Purpose : Extract logs containing "network-gue...

by Path Finder in

Remove the index distributed setup

Hi, After setting up a test index and ingesting a test record, I’m now planning to remove the index from the distri...

by Path Finder in

Onboarding MOVEit Server Database logs to Splunk

How to onboard MOVEit Server Database logs which is hosted on prem to Splunk Cloud? What is the preferred method?

by Explorer in

Enabling of Splunk PDF scheduler

Hi Splunk Community, I would appreciate your guidance regarding enabling Scheduled PDF Delivery in Splunk. Currentl...

by Motivator in

DB connection errors- no Http Event Collectors available

Hi,We have db connect connections & inputs created in Splunk HF. We see that it has status=FAILED sometimes and below...

by Explorer in

How to upload a csv from a host that has a universal forwarder?

We have a universal forwarder and the customer has a csv file on this machine that he would like to ingest. The custo...

by Motivator in

How to Drop Events Larger Than 10,000 Bytes Before Indexing?

Hi everyone, I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they ge...

by New Member in

Do not run Powershell script when Splunk starts

Hi, I want to run a Powershell script on a Windows universal forwarder according to a cron schedule. My input looks...

by New Member in

When using the Field Extractor can you use the same name for a field? will it append or add to the original field create

When using the Field Extractor can you use the same name for a field? will it append or add to the original field cre...

by Communicator in

Capability to upload image in Splunk Dashboard Studio

Hi All, Which Capability do i assign to Splunk user to upload image in Dashboard Studio

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Answers Content Calendar May 2025 🎉

Ask Questions, Get Help about Data Manager for Splunk Cloud

Split JSON array into individual events on HF

Loosing logs for a specific host in several hours.

Streamfwd pcap filter compilation error

sc4s index re-route

CITRIX onboard via SC4S - no events in splunk

Fortinet logs collected through syslog TCP with SC4S are not splitted correctly

UF not in CMC

call not properly authenticated

UF keep looking for removed input stanza

Defining Timestamp for HEC Input

SourceTypes being changed by GUI

Syslog Configuration required for custom sourcetypes

Splunk Answers Content Calendar May 2025 🎉

i am using openshift 4.16.32 and i used helm for splunk-otel-collector and i get this error in the pods

Hybrid Login with SSO and Traditional Login in Splunk (SSO + Local Auth)

Redirecting specific logs using a regex

Remove the index distributed setup

Onboarding MOVEit Server Database logs to Splunk

Enabling of Splunk PDF scheduler

DB connection errors- no Http Event Collectors available

How to upload a csv from a host that has a universal forwarder?

How to Drop Events Larger Than 10,000 Bytes Before Indexing?

Do not run Powershell script when Splunk starts

When using the Field Extractor can you use the same name for a field? will it append or add to the original field create

Capability to upload image in Splunk Dashboard Studio

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

Streamfwd pcap filter compilation error

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions