...s both timestamps do not contain the year, splunk does not manage to correctly index the events.
I therefore override both sourcetypes on a per-event basis.
In props.conf:
[source::.../e...
...n different format. How can we manage the search time extractions which works for both the data formats for same sourcetype. New extractions we use are completely different from the old once. Any s...
...ractise, how do i manage my sourcetypes especially in case of splunkcloud. Is there any way to keep sourcetypes on indexers and Search Heads synchronised?
...earch head is reading the data of the UDP port and forwarding it to Indexers
2 - Install the apps on the search heads but don't use the app to configure the inputs and sourcetypes. Manage them o...
Hi,
Please find below usecase we have currently:
We have the two indexes A having sourcetypes X1,Y1,Z1 and B having sourcetypes namely X2,Y2,Z2. In order to restrict user the access to all source...
I have a Splunk indexer cluster (2 indexers, 1 master node), 1 search head, and multiple forwarders. Is there a way to configure sourcetypes, input ports, etc from a central web interface, or does e...
This question has two parts: Macros vs. Tags Macros vs. Event Types Macros vs. Calculated Fields
To me, it seems that a Macro is almost always a better, more transparent option, so I'm w...
This isn't a question, rather just a place to drop a PDF I put together that I titled "Bare Bones Splunk" I've seen a lot of people try and get started with Splunk, but then get stuck right ...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...