Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
181 results
Sorted by:
02-14-2017
11:26 PM
I am trying to use a filed in calculated fields from props.conf to replace space in one of my field values but not getting any results in Splunk 6.2.
Below is EVAL stanza from props.conf -
E...
04-21-2020
10:38 PM
...ransform. I follow the same naming conventions for other normal field extractions with transforms and it works well.
props.conf
[sourcetype]
REPORT-IP = REPORT-IP
transforms.conf
[REPORT-IP]
F...
11-12-2019
08:23 AM
I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input.
The files are either XML or txt files but the names all follow the same f...
08-29-2017
09:42 PM
...o properly use props.conf and transforms.conf my only (or best) approach?
What if I want to retain the unique details “just-in-case” and don’t want it removed prior to indexing?
Apologies if m...
10-04-2017
12:12 PM
3 Karma
...his a bug or something that I have to configure to fix it?
03-25-2015
07:12 AM
Hi,
I have this in my props.conf
[emailAlerts2]
EVAL-Application = if(match(_raw,"\<EcomLogEntry\>\nDate:\s+\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d-0400"),"MyApp",Application)
But I'm b...
07-23-2020
08:12 PM
Hi Guys, Would you know why does the Selected fields are missing after i enable this specific Calculated fields ? And when i delete that calculated field the the default selected fields are s...
Labels
- Labels:
-
calculated field
04-09-2020
07:09 AM
Hi
I have a .csv file without header but with fixed fields which i would like to send to my Splunk server with the universal forwarder on the according Linux host.
I understand that i need to configure...
07-20-2020
05:32 PM
Hi As I see many documents and comments here, Universal forwarder do not break line. with "LINE_BREAKER" in props.conf. It is the role of Indexer. This is what I am understanding. But I t...
Labels
- Labels:
-
universal forwarder
03-13-2019
04:38 AM
...ttps://wiki.splunk.com/Community:HowIndexingWorks. But this doesn't tell where to configure inputs.conf exactly.
One more thing below configurations are already added in props.conf on universal f...
