Getting Data In

Ask a Question

Discussions

Thread Info

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

Is it Possible to Configure a cronjob with Scripted Input

Hello, I have a bash script that basically creates a cronjob. Not sure if this is allowed or not but I am able to ...

by Path Finder in

Windows 11 ARM Chip Support

As the computer laptop field continues to grow the use of ARM based chips for Windows 11, is there an ETA on a Splunk...

by Observer in

Creating a new sourcetype and performing transforms on it in the same TA

If I have a transforms.conf like the below: [ORIGIN2]REGEX = (?:"id":"32605")FORMAT = sourcetype::test-2DEST_KEY = ...

by New Member in

How to Drop All Logs Under a Specific Directory and Its Subdirectories Using props.conf & transforms.conf on a Heavy For

Description: I am using a Splunk Heavy Forwarder (HF) to forward logs to an indexer cluster. I need to configure pr...

by Observer in

Can I ingest JSON file into an index

Hi,I have a python modular input that populates an index (index_name). This ran into some gateway error issues causin...

by Path Finder in

Data not getting ingested into Splunk for multiple sources

I have configured an app and added 7 different source files in a single inputs.conf with the same index name and sour...

by Path Finder in

Index created in Cluster Master not showing in Heavy Forwarder

Hi, We have configured a data input in HF and there is an option to select index there. I have created new index i...

by Communicator in

Detailed logs from Cortex XDR

I'm trying to extract endpoint data from Cortex XDR, but I don't want to see just alerts in Splunk—I need all the end...

by Engager in

Splunkforwarder Startup Error in Docker containers

Commands used to run docker image: docker run -d -p 9997:9997 -p 8080:8080 -p 8089:8089 -e "SPLUN...

by Engager in

Logs to Metric Custom Format

I am having difficulty converting event logs to metric data points https://docs.splunk.com/Documentation/Splunk/9.4...

by Splunk Employee in

Change a sourcetype at the indexer

Hello, I'm to try changing the sourcetype at the indexer level based on the source. First question is that possibl...

by Path Finder in

Send the data to nullqueue except matching event

I want to send the all the event to nullqueue except having match "EventType": 5000. {"EventID": 2154635, "Even...

by Explorer in

Update Splunk Add-on for Salesforce Streaming API for cloud compatibility

The current version is not available for the cloud. According to conversations with Splunk Support, the update addr...

by Engager in

Forwarding indexed data from an old indexer to a new indexer (not clustered)

Hello, I am attempting to forward data from an older indexer to a new indexer so that I can decommission the server...

by New Member in

Splunk for SAP CPQ

Hi All,Is it possible to use Splunk for tracking logs from SAP CPQ, CPI, C4C? I couldn't find relevant information re...

by New Member in

Splunk Not Collecting bash_history Logs from All Hosts in Real-Time

Hello, I am trying to collect bash_history logs in real-time from multiple Linux hosts using Splunk. I have deploye...

by Explorer in

Handle log rolling and index yesterday's log file

we have a scenario where we roll logs everyday. we want Splunk to index log file for yesterday only. We don't want to...

by Path Finder in

What might be the reason for excessive logs in Windows event?

I have around 800 users in my environment and the count of 4624 and 4634 is around 80,000 for the last 15 minutes. Wh...

by Path Finder in

Using existing Splunkweb certificate to secure an addtional port

We have an existing Splunk 9.1.3 Enterprise environment and run Splunkweb at port 8000 using an outside CA signed cer...

by Explorer in

Reindex and create new event for file when modtime changes, regardless of content

I have a file I'm monitoring that changes several times a day. It is likely that sometimes the file contents will be ...

by Path Finder in

Pulling data into splunk via API

What is the best practice to have a Splunk heavy forwarder call out to a third party API and pull logs into Splunk. M...

by Loves-to-Learn Everything in

Splunk Add-on for Google Workspace giving 400 Error

We are using the Splunk Add-On for GWS Version3.0.3 for Splunk Cloud and receiving this error when attempting to pull...

by New Member in

Akamai WAF integration with Splunk

I have installed akamai add on for splunk in our HF. https://splunkbase.splunk.com/app/4310 I followed th...

by New Member in

Splunk Forwarder $xmlregex

I'm looking for support on my $xmlregex Blacklist. I have checked as many previous tickets as I can and I'm still stu...

by New Member in

universal forwarder

Dear all, I have the following outputs.conf configuration: [tcpout] defaultGroup = my_indexers ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Ask Questions, Get Help about Data Manager for Splunk Cloud

Is it Possible to Configure a cronjob with Scripted Input

Windows 11 ARM Chip Support

Creating a new sourcetype and performing transforms on it in the same TA

How to Drop All Logs Under a Specific Directory and Its Subdirectories Using props.conf & transforms.conf on a Heavy For

Can I ingest JSON file into an index

Data not getting ingested into Splunk for multiple sources

Index created in Cluster Master not showing in Heavy Forwarder

Detailed logs from Cortex XDR

Splunkforwarder Startup Error in Docker containers

Logs to Metric Custom Format

Change a sourcetype at the indexer

Send the data to nullqueue except matching event

Update Splunk Add-on for Salesforce Streaming API for cloud compatibility

Forwarding indexed data from an old indexer to a new indexer (not clustered)

Splunk for SAP CPQ

Splunk Not Collecting bash_history Logs from All Hosts in Real-Time

Handle log rolling and index yesterday's log file

What might be the reason for excessive logs in Windows event?

Using existing Splunkweb certificate to secure an addtional port

Reindex and create new event for file when modtime changes, regardless of content

Pulling data into splunk via API

Splunk Add-on for Google Workspace giving 400 Error

Akamai WAF integration with Splunk

Splunk Forwarder $xmlregex

universal forwarder

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

Configuring Splunk OTel Collector for Linux/Window...