If I'm simply monitoring a directory and I'm not tailing it, doIneed to keep the contents of the directory after it's been indexed? I have no forensic need for the source data.
I've done some s...
Hello Splunkers, I've been in some weird requirement/situation, whichis, we need to validate if events of particular source and sourcetype are getting forwarded by UF or not. For E...
Greetings, I'm finally tackling the topic of data models within my organization, and am coming across situations I am needing to solve for. 1. Windows authentication datawhich has a null values i...
Ineed to send off some of our data to a 3rd party tool as syslog data for automation purposes. I also don't want to lose these logs from being ingested into my splunk instance. Below is the config which...
Hi,
Now I have a problem:
I have a index datawhich has multiple sources and they have the same sourcetype.
index=t_web sourcetype=t_web_pect
source such as :
t_we_a1.txt ,t...
Hi Team,
May be you feel that this is a repetitive questio,n but I didn't get response, so I opened a new question.
i want to create a funnel report in Splunk Ineed to join different datasources...
I have the following source .I want to extract time from source when datais ingesting source="/logs/gs/ute-2024-02-05a/2024-02-05_16-17-54/abc.log" in props T...
Good day experts, to manage the ingestion volume, Ineed apply truncation to a source that sends pretty high volume of data. However, we do not wish to truncate all events from this source, only c...
Dears
Ineed an advice from experts who have past experience on splunk, Please do not advise for splunk professional services or Partner help,
How i can measure approximately the source d...