I'm trying, as an admin, to delete a couple of lookups, but I don't see a way to do it via the interface. Is there a way to do it? I'm not the owner of them ...
It's interesting that for some of t...
Hi everyone. I have logs that are sent to me in Central Standard Time (-6 hours) but there isn't anything in the TA noting that, so all my logs look like they are 6 hours behind.
As such, I went ...
Hello All, I need to work on building SPL to fetch information related to corrupt data. The conditions I narrowed to to determine if data is corrupt or not are: - 1. Improper breaking of data into...
Hi
I have installed splunk indexer on a linux machine under installation directory /opt and there are quite a few forwarders sending data to this indexer
Later on we decided to move the indexer...
I have configured heavy weight forwarders to get the JMX server data. While forwarding the data to indexers, source field displays the path of those servers. I want to reduce the unwanted strings and...
...onsequently on boot, defeating the purpose of the systemd setup. Using chattr to make the service file immutable is a current workaround. This behavior seems specific to CentOS Stream 9. How to r...
hi phantom team, I have a simple use case to rename a filename in vault. As its immutable, I copied the contents to vault temp dir and renamed it there. And before adding the renamed file into v...
Hello,
I have huge volume of data coming in under different source types (or indexes) for different applications/projects. Most of the cases ACCOUNTID and IPAddress are the unique fields for each o...
We have following log file which we need to import in Splunk:
"cdrRecordType","globalCallID_callManagerId","globalCallID_callId","nodeId","directoryNum","callIdentifier","dateTimeStamp","numberPa...
...o what looks like a random string.
Trying to outsmart it, I set outputs.conf on the forwarder and inputs.conf on the indexer with the immutable flag. (chattr +i outputs.conf) and I can see the e...