Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
14 results
Sorted by:
02-10-2023
10:32 AM
...igh-volume dataset by adding the minor segmentation character '~' at index time.
I've tried these props.conf and segmenters.conf without success. Could anyone provide any insight? <indexer&g...
- Tags:
- segmenters
Labels
- Labels:
-
configuration
01-27-2017
10:46 AM
I have configured monitoring for a set of files. I have configured the props.conf to use the 'last modified' time of the file as the timestamp for each event. However, the events are being indexed for...
05-05-2017
02:33 AM
...f regex processes on each event to work out the sourcetype if you don't manually assign the sourcetype.
I use the data import tool to look at the data (sample below) and it seems to pick up that the...
04-15-2016
08:19 AM
Hello once again. Working with a distributed environment (Universal Forwarder > Heavy Forwarder > Indexer) I have a particular log file that writes a timestamp every line, though the "event" i...
09-12-2019
12:55 PM
Does anyone know where I can find guidance about editing configuration files?
09-12-2019
09:09 AM
Since I can't edit .conf files in Splunk Cloud, how can I get more granular insights from my data?
03-04-2010
03:20 PM
3 Karma
I'm getting an error in Splunk GUI that says my events are exceeding a 500 max limit. How do you tweak Splunk to display an event that is more than 500 lines long?
11-14-2014
02:18 AM
I went through the Exploring Splunk book which states that the data is indexed w.r.t. _time, host , source & sourceType (Ref Table 2-1. Fields Splunk Always Indexes).
I experimented with t...
02-08-2019
05:40 AM
Hi all,
Splunk offers the possibility to customize the way we want data to be segmented in the index files with a regex, like for this timestamp :
segmenters.conf :
[seg_rule]
F...
05-23-2020
11:10 AM
...ame_10
5/22/2020, 2:00:52 PM.
The blocked host name belongs to a domain controller where I just deployed a UF. I'm not receiving any data from this forwarder.
This is harder than I a...
- Tags:
- splunk-enterprise
