...MXWZFOG< >VSTI" mail_reviewcomment="Comment:ÑC<AZR=@P"&"\A"
How do I configure the inputs, props and transform so that it is uploaded correctly in Splunk?
- F...
...F from network devices and then should be sent to my indexers. After going through the set up I get this error message "Search peer splunk_indexer_02 has the following message: Received event for u...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
...uery: "index=_internal sourcetype=splunkd *something*" Am I missing something on the inputs.conf? Am I forced to put a sourcetype? Cant I create my own custom sourcetpe via the gui or do I have to c...
...lass that includes just the clients. But a number of the scripts have sourcetypes (auditd, Unix:ListeningPorts, etc.) that are absent from the Settings: (Data) Sourcetypes display, and as a result I c...
...he fields are not correctly identified: index=oracle_audit sourcetype=ID source=OracleAuditConnection Specifically, what should be fields like TERMINAL, CLIENT_PROGRAM_NAME, and O...
Hi. I'm brand new to using Splunkand just downloaded the SplunkLight trial.
I've followed the tutorial video forsetting up Data Inputs, and then set up one of my own. While I can see that t...
...If I add this settings to a non-forwarder splunk instance it works perfectly. I am able to extract mytest (testname in this example) variable from the source. If I copy the same settings to my u...
I can never remember where I need to configure my various Splunksettings. Some need to be on the forwarder side, some on the indexers and I even sometimes need them on the search head...
So w...