...erver Authentication" configurations are both available in Splunk On-Prem which aren't in Splunk Cloud.
Only the "Advanced" configuration shows in both platforms. Is anyone seeing the same? or Is t...
A large kv lookup table (>2M entries and growing) holds metadata and is processed on a regular schedule to solve some complex correlations. The task at hand is to make accessing the last 5k e...
If I have a basic input which sets the sourcetype, configuring a timezone offset works great:
In inputs.conf:
[monitor:///path/to/foo.log]
sourcetype = foo
In props.conf:
[foo]
TZ = G...
This is the first time I am using an advanced conditional alert in savedsearches.conf.
I'd like to get some feedback about current configurations I have around monitoring scheduled jobs.
If a...
Folks,
Does anyone know when we configureadvanced secution in Source Type (Settings>SourceTypes and Edit), where is original configuration file where theadvanced view shows?
I choose "l...
Hello, I am creating some reports to measure the uptime of hardware we have deployed, and I need a way to filter out multiple date/time ranges the match up with maintenance windows. We a...
I'm using a set of universal forwarders to send data to a central indexer.
I would like to send events from "WinEventLog:Security" only if, for example, the Event Code is 552 (EventCode=552)....
...n the heavy forwarder which data stream needs to go where? Now I'm just receiving errors that a certain index does not exist on an indexer (which is correct). If I can just ignore the error, it's a...
A lot of the Windows Security Events we see in Splunk, come from system-users that we're not interested in. I know there's a way to configure Splunk to filter out events based on the event content, b...
Hi,
I'm using a Splunk Heavy Forwarder with props.conf, transforms.conf and outputs.conf to selectively send events to different splunk Indexers based on the sourcetype. That works well.
But n...