...o that in forwarder or indexer or search head???
is there any reference that map theconfiguration files to which datapipeline applies ?? for example : if i want to do field extraction >>&g...
...nCallGroup=ProductionServices
I need a way when setting up an Alert Action in Splunk to say that one of theparameters it should pass is OnCallGroup. I see no way to add such extra information to theconfiguration...
...hich processes the raw ticket data ingested from the ticketing system via DBX.
In reality, I have a dozen different buckets, ~50 different groups, and a similar number of keywords. I only have one b...
...vent logs?, with an excellent answer by jervin involving using SEDCMD in props.conf to trim the description off.
The problem is, per Configurationparametersandthedatapipeline, a universal f...
Hello,
Is it possible to configure 'REST' data input with a 'payload' parameter (bolded section in below 'curl' command)?
I am looking to configure below curl command as a 'REST API' input in the...
The following sourcetype works fine when we upload a file against this sourcetype, but via the forwarder the csv fields are not being detected?
[incidentinfo]
DATETIME_CONFIG =
I...
Hi,
Trying to correlate failed logon attempts (event 4776) with the IIS OWA logs, I realized that the OWA logs are in UTC by default and I am in CEST time (Madrid).
According to the official d...
I am new to splunk and trying to add a static field (action) using a lookup file. It needs to be a partial match with the log entry.
I would prefer doing it in the forwarder because the indexer i...