Getting Data In

Ask a Question

Discussions

Thread Info

Splunk Answers Content Calendar May 2025 🎉

Hello Splunk Community! Welcome to the first post of the Splunk Answers Content Calendar  This week, I'll...

by Community Manager in

Ask Questions, Get Help about Data Manager for Splunk Cloud

Hello from Splunk Data Manager Team, We are excited to announce the preview of Data Manager for Splunk Cloud. Befor...

by Splunk Employee in

I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

I am getting the below error. Unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_T...

by Engager in

Duplicate and Missing Logs After Splunk Universal Forwarder Pod Restart in EKS

We are experiencing consistent log duplication and data loss when the Splunk Universal Forwarder (UF) running as a He...

by Loves-to-Learn in

Citrix NetScaler sourcetype for HEC

The current Netscaler guidance is that logs should be exported via HEC. However, it seems like the app doesn't have a...

by Contributor in

Modify Security Events for EventCode 4624)

Hello! I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logon...

by Engager in

error on dbx connect : DBX Server is not available, please make sure it is started and listening on 9998 port or consult

Hello, im facing a problem on my Dbx connect : Cannot communicate with task server, please check your s...

by Explorer in

About Upload File

Hi guys, I am new here and I want to explore some things in splunk. I have a txt file, I uploaded it and I want to ...

by New Member in

Need help receiving and parsing IPFIX data in Splunk using Splunk Stream

Hello everyone, I have a network monitoring system that exports data via IPFIX using Forwarding Targets. I am try...

by Explorer in

Cannot parse linux logs

My linux logs cannot parsed in dashboard. My renderxml is setted to false

by Observer in

Data not reaching Splunk Cloud after Migrating to new Universal Forwarders

Hello, I am having issues getting data into Splunk Cloud with two new Universal forwarders. I have two existing U...

by Explorer in

How to forward csv data files from sharepoint online to splunk cloud

I don't mean SharePoint activity, admin or audit logs. I mean actual data files (that will be converted later to look...

by Path Finder in

Log formatting not as expected

Jun 26 13:46:12 128.23.84.166 [local0.err] <131>Jun 26 13:46:12 GBSDFA1AD011HMA.systems.uk.fed ASM:f5_asm=PROD vs_nam...

by Communicator in

Why for f5 data we use [UDP://9514] instead of using syslog?

I came across in our repo a monitoring stanza for f5, which is [UDP://9514]. I wonder if there is any reason not to u...

by Motivator in

Splunk HEC/kafka raw logs parsing / addons

Hello, is it possible in Splunk HEC from Kafka to receive raw events on HF in order to parse fields with addons? It...

by Motivator in

Index time based retention - based on indexed time or event time?

This information is probably located in one of the docs but didn't find it in anything I've read just now. Under norm...

by Motivator in

Filter events on UF

I have a data source of significant size and I want to filter a large percentage of the data on the UF so it isnt sen...

by SplunkTrust in

Perfmon counters not coming in after Universal Forwarder update to 9.2.6.0 from 9.2.0.1

Thought I would post here in the community as well since I have this opened with support. A couple weeks ago, another...

by Explorer in

using mcollect to collect metric data

Hi, I am using mcollect to collect data from certain metrics into another metric index. I have created the new metr...

by Contributor in

Struggling to correctly parse JSON data

Hello, We have multiple fortigate devices forwarding to a logstash server that is storing all the device's logs in ...

by Explorer in

Warnings

Hey mates, I'm new to Splunk and while ingesting the data from my local machine to Splunk this message shows up. "T...

by New Member in

Windows UF stop after batch mode is finished

Hello, I have a Windows machine with an UF installed that logs various logs such as wineventlog. These logs work corr...

by Explorer in

Finding forwarders that have not sent data

Hello , Can anyone please provide me a query which lists out all forwarders that have not send data over the last...

by Loves-to-Learn Lots in

Rest apis for metric data/ values

I am trying to fetch metric values of the infra i am monitoring using rest apis, so far all the apis i have tried are...

by New Member in

exclude winevent older than 7 days from ingest

Hello, I am about to onboard 1000+ Windows UF. Those have windows event logs going back many years. Is there a way ...

by Explorer in

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Hi Splunk Community, We’re currently onboarding SUSE Linux (SLES/OpenSUSE) logs into Splunk Enterprise Security (ES...

by Observer in

Lost AWS events after ingestion

I am in the middle of a Splunk migration. One of the tasks is to moved data from some sourcetypes onto the new server...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Answers Content Calendar May 2025 🎉

Ask Questions, Get Help about Data Manager for Splunk Cloud

I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

Duplicate and Missing Logs After Splunk Universal Forwarder Pod Restart in EKS

Citrix NetScaler sourcetype for HEC

Modify Security Events for EventCode 4624)

error on dbx connect : DBX Server is not available, please make sure it is started and listening on 9998 port or consult

About Upload File

Need help receiving and parsing IPFIX data in Splunk using Splunk Stream

Cannot parse linux logs

Data not reaching Splunk Cloud after Migrating to new Universal Forwarders

How to forward csv data files from sharepoint online to splunk cloud

Log formatting not as expected

Why for f5 data we use [UDP://9514] instead of using syslog?

Splunk HEC/kafka raw logs parsing / addons

Index time based retention - based on indexed time or event time?

Filter events on UF

Perfmon counters not coming in after Universal Forwarder update to 9.2.6.0 from 9.2.0.1

using mcollect to collect metric data

Struggling to correctly parse JSON data

Warnings

Windows UF stop after batch mode is finished

Finding forwarders that have not sent data

Rest apis for metric data/ values

exclude winevent older than 7 days from ingest

What Log Files Should Be Monitored in SUSE Linux for Splunk ES, and How Do They Differ from Standard Linux Monitoring?

Lost AWS events after ingestion

Splunk Answers Content Calendar, July Edition I

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions