...imezone (US/EST). For this we made changes in splunk forwarder (/opt/splunkforwarder/etc/apps/search/local/props.conf) to add: [sourcetype::log4j] TZ = US/Eastern
but still logs are coming with o...
...tatus=inactive
sourcetype = abc IP = a.b.c.d status=inactive
I want to get a list of IP with status=active, but IP with whose status has changed to inactive should get filtered out.
Like in the e...
...pp to make it py2 and py3 compatible. Now, I don't have access to any file system. I am told by looking at btool debug logs, I can find out if any custom changes are applied to any app. I just d...
...ee an answer that has resolved this as yet, from what I have read it looks like we may need to try and change the way that Windows writes the eventlog. Im not even sure if we can do this but I was h...
Hi,
Earlier we used to receive mimecast held messages in below format:
date=2018-01-15T02:38:00+0000| mcType=mimecastHeld|to=recipient address|from=sender address|reason="Message Hold Applied -...
Hi Everyone,
I want to create a splunk query which can detect url/domain category change in the proxy logs within last 7 days
Example
Initial domain/url category
Domain/url : abc.com C...
Hi Splunkers,
Ideally what happens is we set threshold for log file and set some retention.
so files do get create like :
audit.log
audit.log.1
audit.log.2
audit.log.3
audit.log.4...
...nstead of seeing aruba:rogue_ap_discovered when a Rogue AP Discovered trap is in the log, instead I see aruba:snmp. I thought I understood this when this was for PAN only it appeared that the t...