...'ve tried adding apps, modifying existing local/props and transforms, using the extract command (see error below). I can see the configurations in the GUI and in btool but for some reason when I s...
...s always "encore". To cheekily resolve that, I tried to alias on the heavy forwarder the sensor field to source (in the estreamer TA), and also on the search head thusly:
FIELDALIAS-e...
...EF data for CIM compliance, too.
My problem is the same with all Add-on: neither handle the custom labels/fields as I except:
cn2 = 4
cn2Label = TaskNewState
cs2 = 1093
cs2Label = P...
...xtractions that occur due to the "=" sign with another field name. For instance ip=190.1.9.15 is automatically extracted giving us a field name "ip" with a value of "190.1.9.15". We would like to map to the c...
...aloalto device. sourcetype="paloalto:network:traffic" is defined in the props.conf and whereas sourcetype="paloalto:network:log" defined in the inputs.conf and both the configuration are placed in t...
...eads and they all have the aliases in their props.conf (created via GUI) and they all have global permissions.
Is there anything else I can check to see why this might be occurring?
For e...
...MXWZFOG< >VSTI" mail_reviewcomment="Comment:ÑC<AZR=@P"&"\A"
How do I configure the inputs, props and transform so that it is uploaded correctly in Splunk?
- Field...
I would like to find a detaild tutorial on how to create a splunk app to parse syslogs, with pre-defined field names, not the automatic key/value that splunk is able to detect. I have syslogs with d...
We have the following -
logTime 2016-04-06 06:12:32,251 UTC
eventStartTime 2016-04-06 01:12:32.177
_time 2016-04-06T01:12:32.251-05:00
Is it possible to set the _time field to have t...