Good morning everyone, I am trying to ingest a log that does not roll over after a new, only when the service that writes the log is restarted. We have done some testing using cRcSalt and s...
Hello everyone, I am struggling with extracting the fields of a custom WAF log file as there is no sourcetype that parses the fields correctly. My regex experience is very limited so any help w...
I have a script that creates a customlog file to gather all Splunk certs and uses openssl to print out all of the details about each cert (.pem files). This log file is then tracked as a data i...
I am new to Splunk and I am trying to parse an Aide scan log file to display each line. Currently, Splunk just reads all the lines as a single event. I know I may have to build a regex once I h...
...otal_objects": 529020
}
] Can this community please help to identify what the correct settings should be for my custom sourcetype, ibcapacity? Why is the Splunk log getting cut off at 349 lines when u...
Hi all,
I'm trying to modify the SplunkforSquid app to read my squid customlog file format correctly. As per squid.conf it is-
logformat test %ts.%03tu %6tr %>a %Ss/%03Hs 0 %03Hs %st %r...
hello. I'll preference this with I'm not by any means a regex user.
I'm working with a custom Apache format that Splunk 6 is not extracting correctly. I'm just loosely trying to assign each A...
I don't see my custom alert action's logs as the documentation suggests I should.
import sys
# splat
# Run with arbitrary input, e.g., index=_internal | head 1 | sendalert splat
if _...
Hi, We have a requirement to push events/logs from our applications to different customers using splunk enterprise/cloud(events only specific to customer). Our application is a cloud solution and r...
I am working with a custom application that generates log files and I think I need to create a new source type and then during the indexing phase extract the fields.
I know that they say t...