Hi All, trying to identify what datasource/sourcetype is needed for each individual field while performing Data Model CIM normalization. For example for Endpoint->Ports/Data Set (https://d...
Hello All, I need to identify the top log sources which are sending large data to Splunk. Tried Licence master dashboard which isn't helping much. My requirement is to create a table which c...
Hello,
I have two datasources Active Directory (Source 1) and Change Approvals (Source 2). I need to identify any Active Directory record which does not have a corresponding Change Approval. P...
I'm fairly new to Splunk and inherited a messy environment. I'm trying to dissect log sources. I have 3 indexers that are receiving UDP logs and placing them in an index named "firewall" and am t...
I am using Splunk Universal Forwarder to monitor IIS logfiles and send to Splunk Server. All of the fields are getting indexed and the data looks good when I do a search. Splunk automatically i...
I am trying to identify which source types produce data with the same log format. Currently, I am using this query to show the highest percentage log pattern for access logs in my domain:
sourc...
Splun is unable to identify the souce IP of the firewall from this log.
Jun 24 14:17:42 10.0.59.59 id=firewall sn=0017C569F354 time="2013-06-24 14:17:42" fw=10.0.59.59 pri=6 c=1024 m=537 msg="C...
...he source.
What I'd like to do is something like the following (imaginary) inputs.conf:
[monitor:///var/opt/MQHA/FOO/data/FOO/errors]
_whitelist = AMQERR01\.LOG$
field = qmgr = FOO
so t...