Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Enterprise
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- help with setting Line Breaker and Event Time need...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-04-2020
05:23 AM
Hello,
I have following security log entries:
***********************************************************************************
****** SECURITY WARNING ******
***********************************************************************************
Wed Nov 4 04:39:25 2020
Error: Permission denied (-13), Access denied [http_rewrite.c 4012]
CONNECTION (id=2738/2739):
used: 1, type: default, role: Server(1), stateful: 0
nihdl: -1, ssl: (nil), protocol: HTTPS(2)
local host: XXX:42217 ()
remote host: XXX:443 () - (-)
system:
proxy prot local host: XXX:443
own remote host: XXX:35636
[Thr 140203996280576] Address Offset REQUEST:
[Thr 140203996280576] ------------------------------------------------------------------------
[Thr 140203996280576] 7f83d21ec910 000000 47455420 2f666176 69636f6e 2e69636f |GET /favicon.ico|
[Thr 140203996280576] 7f83d21ec920 000016 20485454 502f312e 310d0a68 6f73743a | HTTP/1.1..host:|
....
....
[Thr 140203996280576] 7f83d21ecce0 000976 702d7561 2d70726f 746f636f 6c3a2068 |p-ua-protocol: h|
[Thr 140203996280576] 7f83d21eccf0 000992 74747073 0d0a0d0a |ttps.... |
[Thr 140203996280576] ------------------------------------------------------------------------
***********************************************************************************
Then they repeat in the above format.
How and where (which config file) would I set the correct line breaking and event time setting?
Kind Regards,
Kamil
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-09-2020
03:01 AM
I managed to solve it with the below configuration:
[webdispatcher]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
LINE_BREAKER= \*{83}\n\*{6} {30}SECURITY WARNING {25}\*{6}\n\*{83}- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-09-2020
03:01 AM
I managed to solve it with the below configuration:
[webdispatcher]
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true
LINE_BREAKER= \*{83}\n\*{6} {30}SECURITY WARNING {25}\*{6}\n\*{83}
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Tech Talk Recap | Mastering Threat Hunting
Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...
Observability for AI Applications: Troubleshooting Latency
If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
