Splunk Search

What is <14> we see in Splunk logs, each log starts with <14> what does it pertain to ? can anyone answer this please?

jlsiri
Engager

<14> prefix is displayed in splunk logs, what does it mean, why is it displayed? Can anyone answer this question please?

0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

Typically syslog events sent over the network start with a <number> containing information about so called "facility" and severity of the event.  See https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.1

View solution in original post

PickleRick
SplunkTrust
SplunkTrust

Typically syslog events sent over the network start with a <number> containing information about so called "facility" and severity of the event.  See https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.1

jlsiri
Engager

Thank you!

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Precisely, which log? Can you provide an example? (Anonymised as necessary.)

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...