Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
228 results
Sorted by:
01-17-2019
05:31 AM
...s always "encore". To cheekily resolve that, I tried to alias on the heavy forwarder the sensor field to source (in the estreamer TA), and also on the search head thusly:
FIELDALIAS-e...
11-04-2014
10:10 AM
...'ve tried adding apps, modifying existing local/props and transforms, using the extract command (see error below). I can see the configurations in the GUI and in btool but for some reason when I s...
12-27-2017
10:28 AM
...EF data for CIM compliance, too.
My problem is the same with all Add-on: neither handle the custom labels/fields as I except:
cn2 = 4
cn2Label = TaskNewState
cs2 = 1093
cs2Label = P...
- Tags:
- cef
- splunk-enterprise
09-12-2019
09:09 AM
Since I can't edit .conf files in Splunk Cloud, how can I get more granular insights from my data?
01-28-2014
06:00 AM
...xtractions that occur due to the "=" sign with another field name. For instance ip=190.1.9.15 is automatically extracted giving us a field name "ip" with a value of "190.1.9.15". We would like to map to the c...
12-12-2017
09:53 AM
1 Karma
...aloalto device. sourcetype="paloalto:network:traffic" is defined in the props.conf and whereas sourcetype="paloalto:network:log" defined in the inputs.conf and both the configuration are placed in t...
01-21-2020
07:15 AM
...eads and they all have the aliases in their props.conf (created via GUI) and they all have global permissions.
Is there anything else I can check to see why this might be occurring?
For e...
Labels
- Labels:
-
alias
09-28-2022
04:39 AM
...MXWZFOG< >VSTI" mail_reviewcomment="Comment:ÑC<AZR=@P"&"\A"
How do I configure the inputs, props and transform so that it is uploaded correctly in Splunk?
- Field...
Labels
- Labels:
-
configuration
-
development
02-05-2016
03:38 PM
Hello!
Using the props.conf with no modifications, the field aliases for sourcetype hx_cef_syslog are not working.
For example, the field in my event:
dmac = 00:22:44:66:88:aa
Yet d...
03-03-2021
05:00 AM
I would like to find a detaild tutorial on how to create a splunk app to parse syslogs, with pre-defined field names, not the automatic key/value that splunk is able to detect. I have syslogs with d...
Labels
