Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Scripted input rlog.sh is indexing multiple same events

remy06
Contributor
‎03-04-2011 08:23 AM

Hi

I've enabled the script input /opt/splunk/etc/apps/unix/bin/rlog.sh to read audit events.

However I noticed there are duplicated events by having the same session id.

I've checked the actual /var/log/audit/audit.log itself there are only 30 events.However when I do a search in splunk there are 90 events,almost triple.

I've noticed that in splunk there are 3 similar events of the each session id,thus causing the events to triple.

Any idea?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

remy06
Contributor
‎03-10-2011 03:42 PM

The solution provided works nix-possible-bug-in-rlog-sh-script

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

remy06
Contributor
‎03-10-2011 03:42 PM

The solution provided works nix-possible-bug-in-rlog-sh-script

0 Karma
Reply
Solved! Jump to solution

remy06
Contributor
‎03-04-2011 09:48 AM

Seems to work after following the solution here: http://answers.splunk.com/questions/5650/nix-possible-bug-in-rlog-sh-script

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...