Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

sedcmd no longer being applied after upgrade to 4.2

ajs07635
Explorer
‎03-26-2011 08:07 PM

I have a splunk indexer running on Linux that i recently upgraded to 4.2 and a lightforwarder running on a windows 2k8 that i upgraded to the universal forwarder. After the upgrade, the sedcmd line i have in the props.conf on my indexer doesn't appear to be working any more. I was using it to strip extraneous description text from server 2k8 logs. The logs are still showing up

The line in props.conf looks like this: 

[wmi]
SEDCMD-remwinstr = s/(?ism)(This event is generated|Certificate information is only provided).*//g

I believe there is another question that has been asked that i think might be relevant as its happening here as well:

Universal Forwarder: WMI Hostname Config Ignored

For completeness, here is the wmi.conf file on the universal forwarder:

[WMI:DomainControllerLogs]
server = <host1>, <host2>, <host3>, <host4>
interval = 10
disabled = 0
event_log_file = Security
current_only = 0
Reply
1 Solution
Solved! Jump to solution
Solution

ajs07635
Explorer
‎05-13-2011 03:24 PM

It appears this was the result of a bug that has been fixed in the 4.2.1 release. Both the forwarder AND the indexer must be updated for this issue to be corrected.

View solution in original post

Reply
Solved! Jump to solution
Solution

ajs07635
Explorer
‎05-13-2011 03:24 PM

It appears this was the result of a bug that has been fixed in the 4.2.1 release. Both the forwarder AND the indexer must be updated for this issue to be corrected.

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...