All Apps and Add-ons

I just enabled the time input for Splunk TA Nix and I don't see extractions?

daniel333
Builder

All,

I just enabled the time input for Splunk_TA_nix and I am getting data. But I don't see any extractions. I dug into the Splunk App and I dont see that there are any. was there another app I need to install for this? Can anyone tell me what my field extractions are for setting up the NTP dashboard in Splunk ES?

alt text

Tags (1)
0 Karma

p_gurav
Champion

You can try using below apps:
https://splunkbase.splunk.com/app/1567/
https://splunkbase.splunk.com/app/3154/#/details

Also you can manually extract data using regex.

0 Karma

daniel333
Builder

So I was expecting the default time input from Splunk_TA_nix to have extractions and tags that work with SplunkES. Was I mistaken?

0 Karma

p_gurav
Champion

Where did you installed add-on?

0 Karma

adonio
Ultra Champion

do you have the TA installed on the Search Head as well?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...