I am attempting to set up an initial transactiontypes.conf file in $SPLUNK_HOME/etc/system/local so I can use [searchtxn], however, I am not understanding the documentation and setup correctly.
T...
How is transactiontypes.conf called i.e. is it called by props.conf?
I found this documentation but that's it.
http://docs.splunk.com/Documentation/Splunk/6.0/admin/Transactiontypesconf#transactiontypes...
...ur searches down significantly.
It looks like we should be able to use transactiontypes.conf but I am confused on how to get this to work. We are extracting the event_id in props.conf with e...
...ps_accessReqRejected)| timechart count by nps_callingStation
I use a similar query to find "AcceptedTrasnactions"
If opt to add appropriate code to transactions.conf, is there a way to gather stas based o...
...esources are available. See the Troubleshooting Manual for more information.
I did some changes to distsearch.conf file, but the bundle is still over 3 GB in size.
This is the file stanza:
[r...
I have recently created a field extraction on one search head that I have assigned all apps and users to read and write and was wondering how long is would take for a change done in one search head t...
Cisco ACS logging find CmdAV=interface and then next successful command from same user with CmdAV=no CmdArgAV=shutdown CmgArgAV=. I've been using transaction, but don't seem to be able to figure out ...