I have tons of log lines coming from the Apache accesslog that look something like this:
11/19/19 1:39:01.000 PM 192.168.1.1 - - [19/Nov/2019:13:39:01 -0500] "GET /jquery/jquery-ui.min.js HTTP/1...
...nd kinesis firehose stream? Or do I need to access the logs in this archive logging account from another account? Maybe I am not asking this question correctly but it seems like the control tower m...
The background:
I have multiple types of logs from multiple groups being piped into Splunk into 1 index
The index=index1
The sourcetype=syslog
The scenario:
One of my groups wants to access...
Hi, I'm trying to get the audit logs from github cloud into splunk instance which has limited network access.
the problem is that ip of github that sends the data to splunk often changes.
I...
...otal |
eval percent= round(count*100/total,2) |
where status_group="fail" Looking at nginx accesslogs for a web application. This query tells me the amount of failures (n...
Hi I have configured Splunk AWS plugin to get files stored in a s3 bucket. These files come from a Apache server and have Apache accesslog format. I use an s3 generic input and it seems to b...
...ecords every 60 seconds in the bucket as well. The problem is that I don't see these accesslogs in Splunk until hours (up to 3 or 4) after the files exist in the log on S3. If this is checking e...
Hi,
We have deployed splunk on-prem components, heavy forwarder, syslog-ng and deployment server.
Configured it correctly, we think, we can install the universal forwarder on an endpoint an...