How would I adda permanent search or field to a sourctype? For example: I have a set of a data that I have been able to snag a field out of using this search sourcetype="collectedevents" | r...
...he related add-ons has to do a new override of the sourcetype value and this second override doesn't work. I'd like to have an hint about the two solutions I thought or a different one: if it's p...
Hello 🙂
I am wondering, when it is useful or reasonable to create a new index or sourcetype.
If I have data that I want to analyse for one topic, i would upload it all to the same index, as w...
hi
i would like add some sourcetype.
Adding thoungh Web Browser is easy,
just click create sourcetype button and not need splunk restart
I found a cli command to addasourcetype, but I c...
...ould be called retention and specify retention time based on either index name or sourcetype. That way, when users are browsing web logs, they know that they are retained for 5 years ( retention = 5...
I found the following search to identify Missing / New sourcetypes and made a few changes. I am getting data and my next enhancement is to add the latest date/time asourcetype was 'seen'.
Here i...
...o the "event", it would modify the _json sourcetype (which we wouldn't want). We're assuming the best way around this problem is to duplicate the _json sourcetypeand rename it so that we can addadd...
looHi everybody, i hope you can help me with my pb. i want add fields in a lookup with a request that dont use index .. We dont have result so i use the fillnull option en appendpipe to c...
Hi,
We have been using a custom method to get cloudtrail to Splunk by using log files on a server that has the Cloudtrail data. This custom method was setup sometime back and has been using asourcetype...