Greetings! I'm still super new to splunk, so please be gentle :)
I am trying to extract a timestamp from CSV records.
A single CSV can contain N records. Each record has its own timestamp, but the ti...
I've implemented per-event sourcetypes assignment as described here: http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Advancedsourcetypeoverrides Basically it works. For events matching a R...
...ynamically change and parse message logs and then parse with good sourcetype stanza and deliver to different index. depends on log type (eg. different OS, or network equipment, etc...)
I am dynamically extracting a sourctype using props.conf and tranform.conf file. But the extraction is not working as expected. The soucetype i am extracting is "e...
Both servers is CentOS 7
One with Splunk Enterprise 7.2.5
Splunk App for Infrastructure 1.2.3
Splunk Add-on for Infrastructure 1.2.3
one with Splunk Universal Forwarder 7.2.5
Error messa...
I've heard that using Splunk's default sourcetype detection is flexible, but can be hard on performance. What is the best way to define sourcetypes that keeps performance speedy?
Hello,
System type: Linux
We have splunk running on our centralized syslog-ng server. We then have other servers forwarding syslog traffic to it. Those logs are then stored in their own f...
...ausing the data to be tagged with both sourcetypes.
DATA1
Aug 2 21:54:32 10.1.2.3 tmm[1853]: Rule syslog_http : HTTP,10.1.2.4:5804,vs_https_oursite,4.4.4.3:49788,oururl.com,/somepath,10.1.2.5:7...