Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
chrissale's Topics
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- chrissale's Topics
chrissale's Topics
02-11-2014
03:27 AM
2 Karma
I am using a Universal Forwarder to collect events from a Windows server. In /etc/system/local I have created custom inputs.conf and outputs.conf to collect events from a log file and forward them o...
See more...
I am using a Universal Forwarder to collect events from a Windows server. In /etc/system/local I have created custom inputs.conf and outputs.conf to collect events from a log file and forward them on to an indexer. However, the indexer is also receiving events of the source type WinEventLog:Application, WinEventLog:System and WinEventLog:Security. How can I disable this?
02-10-2014
05:18 AM
I am using Splunk to collect data from log files generated by a thick client application. The log files contain metadata in the header relating to the user that logged on. I want to be able to search...
See more...
I am using Splunk to collect data from log files generated by a thick client application. The log files contain metadata in the header relating to the user that logged on. I want to be able to search for events using the metadata in the file header (example below).
username: myUser
hostname: myHost
10/02/2014 13:12:03 INFO User did some stuff
10/02/2014 13:12:41 INFO User did some more stuff
10/02/2014 13:14:26 WARNING User did some stuff they weren't supposed to!
In this example a search for 'username=myUser' would return all three events shown. Is that possible?
