Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Enterprise
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- help with setting Line Breaker and Event Time need...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-04-2020
05:23 AM
Hello,
I have following security log entries:
***********************************************************************************
****** SECURITY WARNING ******
***********************************************************************************
Wed Nov 4 04:39:25 2020
Error: Permission denied (-13), Access denied [http_rewrite.c 4012]
CONNECTION (id=2738/2739):
used: 1, type: default, role: Server(1), stateful: 0
nihdl: -1, ssl: (nil), protocol: HTTPS(2)
local host: XXX:42217 ()
remote host: XXX:443 () - (-)
system:
proxy prot local host: XXX:443
own remote host: XXX:35636
[Thr 140203996280576] Address Offset REQUEST:
[Thr 140203996280576] ------------------------------------------------------------------------
[Thr 140203996280576] 7f83d21ec910 000000 47455420 2f666176 69636f6e 2e69636f |GET /favicon.ico|
[Thr 140203996280576] 7f83d21ec920 000016 20485454 502f312e 310d0a68 6f73743a | HTTP/1.1..host:|
....
....
[Thr 140203996280576] 7f83d21ecce0 000976 702d7561 2d70726f 746f636f 6c3a2068 |p-ua-protocol: h|
[Thr 140203996280576] 7f83d21eccf0 000992 74747073 0d0a0d0a |ttps.... |
[Thr 140203996280576] ------------------------------------------------------------------------
***********************************************************************************
Then they repeat in the above format.
How and where (which config file) would I set the correct line breaking and event time setting?
Kind Regards,
Kamil
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-09-2020
03:01 AM
I managed to solve it with the below configuration:
[webdispatcher]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
LINE_BREAKER= \*{83}\n\*{6} {30}SECURITY WARNING {25}\*{6}\n\*{83}- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-09-2020
03:01 AM
I managed to solve it with the below configuration:
[webdispatcher]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
LINE_BREAKER= \*{83}\n\*{6} {30}SECURITY WARNING {25}\*{6}\n\*{83}
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
