My question is what is the difference between an index time extraction and a search time extraction? Can anyone explain with some simple examples?
I have tried to read this :
one:https://d...
...stance and am sending the Panorama syslog feed to the UF - running syslog-ng. I see those log files coming inand saving to /var/log/udp514.log. I set up the UF to connect as a forwarder to the S...
In the old Splunk under Settings -> Knowledge -> Advanced search, I could manage my macros. The 6.4 docs say Settings > Advanced Search > Search macros, but there is no advanced s...
...he best way to use volume tags to abstract these details from the indexes?
My thought is to start with a "hot_warm" volume tag, like the example in the indexes.conf spec, that would be defined in $S...
...nowledge before I start deploying the agent.
Trying to search for this online has proven neigh impossible since CS-->Splunk integration is very common and almost all the search hits focus on in...
...to-subfi.html I know how to achieve the different splits for the different line types.
And SEDCMD seems to be something I can put in the props.conf file.
But . . . the datastream is coming in...
...nvironments” (prod, test, dev) what is the best way to organize the logs coming in by environment. I see I can use tagsand/or indexes, but which way would make more sense.