I've heard that using Splunk's default sourcetype detection is flexible, but can be hard on performance. What is the best way to define sourcetypes that keeps performance speedy?
I have a log that has multiple timestamps like this inside, but not all lines have such a date entry.
NOTE: 24DEC17:09:05:53.121 start executig macro main() syscc=0
The log creation date is 201...
Hello,
where can I find some comparison between Splunk and ELK Stack Elasticsearch?
In terms of comparing Security, Infrastructure, deployment etc, what are the benefits of Splunk compared to ...
...achieved this by setting the "time" key in the event metadata. For TCP, I believe I'll have to configure timestamp recognition in props.conf as described in Splunk docs.
Why I'm asking this q...
...ocked away under the netflow_elements: field, which contains no human readable data.
https://docs.splunk.com/Documentation/AddOns/released/CitrixNetScaler/ConfigureIPFIXinputs This document says t...
I'm looking for tips & tricks for tracking down props-related configuration issues. These kind of things can be a pain to track down and generally use up a bunch of time getting to the root c...
Hey,
We are having some difficulties getting accurate timestamping on files with the same names, which are being fowarded from multiple servers to a single indexer. We have differently formatted time...