Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
148 results
Sorted by:
01-27-2020
02:30 AM
...t's generating alot of events so I want to discard them.
Tried with the Null Queue but the problem is for 1-minute window the userid is not coming whereas for 5-minute window it is coming.
p...
04-29-2020
08:13 PM
We are using HEC collector endpoint to consume logs from FluentD, we recently identified filtering opportunity and trying to apply props/transforms to send data to null queue which is not working....
04-02-2020
01:29 AM
Hi,
I want to know if there is some mechanism by which i can stop indexing a particular kind of data like if
segment_name="Enforced segment"
From getting indexed.
My inputs.conf has f...
04-15-2014
04:53 PM
1 Karma
Our universal forwarders can no longer connect to the indexer, seemingly after upgrading openssl to the newest version due to the heartbleed vulnerability.
Telneting from UF clients to the i...
- Tags:
- splunk
- tcpinputproc
09-15-2022
11:22 AM
Need regex & Null queue help to send events in /var/log/messages.
Here is regex101:
regex101: build, test, and debug regex
(IP & hostname randomized)
props.conf...
Labels
02-24-2020
09:25 AM
1 Karma
...he data.
I've then done a packet capture and extracted the SQL query being sent to the SQL server and the last line is as follows below.
dbxlookup WHERE "serial" IN (null)
So I'm looking u...
02-21-2011
04:33 AM
3 Karma
Hopefully this is just a stupid regex error:
I'm using SplunkLightForwarder on AIX to send a few .sh_history logs to an indexer on Windows. Unfortunately ksh uses nulls as deliminators between c...
08-22-2011
11:10 AM
...001;06.0.0;2011-08-01 09:31:02;CA114
DATA
...
10000;2011-08-01 09:34:18
I'm not sure how to ignore the header and footer lines. Any help would be very much appreciated.
02-23-2016
08:45 AM
We have configured a default null queue to discard all events that we don't want to allow to be indexed without authorization. Our transforms have the first filter in transform to send to the null...
12-15-2021
06:09 AM
Hello, Due to a specific requirement we have to install a Splunk Universal Forwarder acting as "intermediate forwarder". Basically it will receive data via TCP (to leverage persistent queue), and i...
