Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
228 results
Sorted by:
04-03-2021
10:09 AM
...moketest_json_dyn_tcp". Similar inputs are configured with unique sourcetype names; they are making REST calls to the same destination to collect different metrics. Since the same field names are being returned b...
Labels
- Labels:
-
JSON
-
props.conf
-
transforms.conf
09-17-2022
09:12 AM
...tatement like below in UI and its working fine but im not sure how to deploy this in props.conf
index=index_name sourcetype=sourctype_name log_level=NOTICE
|eval message =case(method_name='p...
- Tags:
- @splunkers
12-09-2021
02:44 AM
Hi All, Having an issue trying to route events to an index by source, posting as a new question as I've not found anything that's helped me understand how /where to configure this. We have events b...
Labels
12-06-2021
10:33 AM
...alculate this timestamp difference using strptime("alert.created_at") but the conversion of that time to epoch is relative to the viewers timezone. The duration changes based on how you configure t...
Labels
- Labels:
-
eval
01-15-2018
09:15 AM
...plunk App Add-on Builder
pulldown_type = 1
# Fields Aliases
...
Anyone has an idea about where those duplicate values come from ?
Thanks for your help
04-06-2016
11:33 AM
We have the following -
logTime 2016-04-06 06:12:32,251 UTC
eventStartTime 2016-04-06 01:12:32.177
_time 2016-04-06T01:12:32.251-05:00
Is it possible to set the _time field to have t...
05-06-2016
03:54 AM
1 Karma
...s are not usable with lookup, but...
The props.conf documentation says something else:
"Splunk processes calculated fields after field extraction and field aliasing but before lookups"
- Tags:
- splunk-enterprise
12-15-2016
07:02 PM
...he logs.
Here are the example for each:
test@test.com
3234-1234-5678-5678
As I need to configure props.conf and transforms.conf under $SPLUNK_HOME/etc/system/local/
Specifically, in props...
06-08-2019
09:36 AM
1 Karma
...t; i should do that in Search head and configure props.conf and transforms.conf
i just found those 2 articles but i still confused.
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Configur...
- Tags:
- splunk-enterprise
03-29-2019
04:12 AM
...earch head, it seemed not to be able to communicate with the rest of our infrastructure.
After debugging the logfiles we found out that some of our defined FIELDALIAS'es in the props.conf on one of o...
