...o a file and the UF is set to monitor the directories. No issues there, however I do run into an issue why I try to source type or set an index for these logs. I have edited the indexes.conf...
Hi, I have an issue here with the fishbucket of the Universal Forwarder. I have tried to look for quite a lot of documentation, but it seems that there is too little documentation, and there are a...
...loudparsing transforms.conf [cloudparsing] REGEX = \"event_sub_type\":\"(WAN Firewall|TLS)\" DEST_KEY = queue FORMAT = nullQueue Can someone please guide how to exclude these events whose “e...
...orks fine in regex101 however it's not extracting all field values in Splunk
For ex: | rex field=_raw "region":\s(?P<_region>"\w+-\w+-\d)"
the above rex is only extracting us-east-1 region o...
my app contains the index.conf which declares the index that is installed on the heavy forwarder and it is not installed on the indexer. The problem is that data does not land on the indexer &n...
Hi All, I am trying to create an efficient way to pull out certain win events for my report but I am not sure it would return the results I want. It truncates some of the results. I might be doing s...
Hello world, I'm trying to use rex to rename the part of the strings below where it says "g0" to "GRN". So the output would read 01-GRN1-0, 01-GRN2-0etc. I have been unable to get it to work and any...