Getting Data In

Ask a Question

Discussions

Thread Info

Issues with HTTP Status for HEC token

Hey, I am facing following issues when sending data using HEC token. Connection has been established with no issue ...

by Motivator in

Trying to get eval to push multiple values to one field

Currently trying to get eval to give multiple returns | eval mitre_category="persistence,Defense_Evasio...

by Engager in

Props and Transforms doubt

I am new to Splunk admin and please explain this following stanzas: We have a dedicated syslog server which receive...

by Communicator in

import Adaudit logs into Splunk

I want to import Adaudit logs into Splunkbut I don't know howThe important thing is that I want to do this from the o...

by Explorer in

integrate Group-ib DRP with Splunk.

Hello members, i'm trying to integrate splunk wtih Group-ib DRP product but i'm facing issues with the applicat...

by Explorer in

Network logs ingestion

Hi all, Let me explain my infrastructure here. We have a dedicated 6 syslog servers which forwards data from networ...

by Communicator in

Need to give add data capability to user in splunk cloud

Hello All, i have a request where users will add their data(csv) manually every day. we are using splunk cloud vers...

by Motivator in

How do I set up Splunk DB Connect so I only get new log information every time I do a query instead of pulling the whole

How do I set up Splunk DB Connect so I only get new log information every time I do a query instead of pulling the wh...

by New Member in

Aruba Edgeconnect - Logging COnfiguration

Hello, There is an app for Aruba Edgeconnect - https://splunkbase.splunk.com/app/6302 Is there any documentatio...

by Loves-to-Learn in

SplunForwarder Windows strange CPU usage grow on some servers

Hello, I am facing strange issue with a Splunk Forwarder where on some servers of the same role is CPU usage 0-3% a...

by New Member in

SQL audit log not working when using event_time as indexing

Hi, I am using the Db connect 3.18.1 to collect sql audit logs FROM sys.fn_get_audit_file function. When I use eve...

by Observer in

Sourcetype restricted access

Hi all, We have specific AD group for specific application and we create index for that app and restrict access to ...

by Path Finder in

Best practice to restrict access to view events by sourcetype?

Is there a best practice to restrict access to events in Splunk by index and sourcetype? I have tested using the ...

by Path Finder in

Props and Transforms doubt

I am pretty new to Splunk and my project is also new. Can someone please explain the configurations given in our clus...

by Path Finder in

How to stop powershell running when the UF is restarted?

Has anyone figured out how to run powershell only at scheduled time? In addition to scheduled time, it is running eve...

by New Member in

Powershell script input on a schedule

Not sure if this is a bug or just weird behaviour, I don't seem to be able to work around it. I have loads of powe...

by Path Finder in

What is the disadvantage of having a lot of small buckets and rotating them frequently?

So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instea...

by Contributor in

Drop Windows Event Logs with EventID 5156 and not RFC 1918

HI All, So i wrote this in attempt to reject all RFC1918 TO RFC1918 logs for windows event logs with WID 5156. ...

by Path Finder in

Solution : index renaming not working when using _TCP_ROUTING

Hello, if you are using _TCP_ROUTING and index rename on target platform, logs may go to "last chance index" ...

by Motivator in

WEF - Universal Forwarder multiple Windows TA's / performance issues

Hi, We currently have a centralized WEF collection server that collects all windows logs across the environment.Th...

by Explorer in

Configuring Splunk OTel Collector for Linux/Windows Log Collection (Splunk Cloud/Enterprise)

As you may know, the Splunk OTel Collector can collect logs from Kubernetes and send them into Splunk Cloud/Enterpris...

by Splunk Employee in

TA for HP Storage

Hei, We have onboarded data from HP Storage and I am not sure if there is any TA for this technology or how to ext...

by Engager in

interval as a data input parameter

I want my customer to be able to set the "interval" and control how frequent the module runs. I started with this: ...

by Explorer in

Troubleshooting Slow Search Performance in Splunk with Large Datasets

How can I troubleshoot slow search performance in Splunk when searching across large datasets?"

by New Member in

How can I find a listing of all universal forwarders that I have in my Splunk environment?

Hello , Can you help me out How can I find a listing of all universal forwarders that I have in my Splunk envir...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Issues with HTTP Status for HEC token

Trying to get eval to push multiple values to one field

Props and Transforms doubt

import Adaudit logs into Splunk

integrate Group-ib DRP with Splunk.

Network logs ingestion

Need to give add data capability to user in splunk cloud

How do I set up Splunk DB Connect so I only get new log information every time I do a query instead of pulling the whole

Aruba Edgeconnect - Logging COnfiguration

SplunForwarder Windows strange CPU usage grow on some servers

SQL audit log not working when using event_time as indexing

Sourcetype restricted access

Best practice to restrict access to view events by sourcetype?

Props and Transforms doubt

How to stop powershell running when the UF is restarted?

Powershell script input on a schedule

What is the disadvantage of having a lot of small buckets and rotating them frequently?

Drop Windows Event Logs with EventID 5156 and not RFC 1918

Solution : index renaming not working when using _TCP_ROUTING

WEF - Universal Forwarder multiple Windows TA's / performance issues

Configuring Splunk OTel Collector for Linux/Windows Log Collection (Splunk Cloud/Enterprise)

TA for HP Storage

interval as a data input parameter

Troubleshooting Slow Search Performance in Splunk with Large Datasets

How can I find a listing of all universal forwarders that I have in my Splunk environment?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

Splunk Stream Addon Setup for Edgerouter X