Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Fields in Splunk Cloud from Heavy Forwarder (Add-on Windows and Linux)

sachaz
Explorer
‎09-02-2019 02:53 PM

I've installed Splunk Add-on for Windows and Splunk Add-on for Unix and Linux in the Heavy forwarder. I only edited inputs.conf file with the routes I want to monitor, but whit the sourcetype linux_secure and bash_history, when I check on my Splunk Cloud the are no fields like "src", "dest", etc. I'm missing something? Any ideas how to resolve this?

0 Karma
Reply

vliggio
Communicator
‎09-02-2019 03:17 PM

The src and dest field extractions take place at search time, so you have to put a ticket in and request that Splunk install the add-ons on to your Splunk Cloud environment. If you look in the Splunk_TA_nix, you'll see the props.conf has a bunch of FIELDALIAS settings, which, if you refer to https://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings, you will see that FIELDALIAS is a search time configuration.

Reply

sachaz
Explorer
‎09-03-2019 01:16 PM

I'm waiting for a few days ago the splunk support response, I was in doubt if I should do something else before, thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...