...ourcetype, Source or Host. However my sourcetypes and sources are fairly generic, so I wanted to see if there was a way to alias based on host tag?
For example, I have tagged all my VPN hosts (e.g. tag...
...tatements with an explicit -sourcetype.
The only other option I can see is to setup TAGs on each of the source statements based on filename (Can tags be managed automatically for certain sources, p...
I have Splunk Enterprise 6.1, I've had the same issue on 6.0, and Enterprise Security 3.0 running. I pull in a datasource like normal and everything is looking good until I create tagsand field aliases...
...elated = stats
tags = tags
Any reason that when trying to use the alias I get the following:
Command:
* | my field=ex_field db=ex_db
Unknown search command 'my'.
Any idea why this could / w...
I have a distributed environment with 2 independent search heads. I run the same search on both, and one shows a field that the other does not. I can't figure out why. I can't f...
I would like to find a detaild tutorial on how to create a splunk app to parse syslogs, with pre-defined field names, not the automatic key/value that splunk is able to detect. I have syslogs with d...
I am noob with Splunk. I am trying to join two indexes in one search - index="idx-enterprise-tools" sourcetype="spectrum:alarm:json"
| eval Host=substr(host,1,9) Second Index - index=idx-...
Dears,
We need your support to convert below search to tstats search.
(index=os_windows OR index=workstation*) tag=authentication user!=*$ action=success EventCode=4624 Logon_Type=10 O...