...vents (be they success or failure) and discard all the rest. I found a few questions on this subject, but none of the solutions worked in my situation.
I setup a single Splunk server to collect S...
...ith Packet_Type=3 , client IP do only come & get marked under field calling_station_id with Packet_Type=1, username gets marked under both packet_type (1 & 3) , I need to filter out events h...
...he file.
Requirement
want to drop /ignore /filter events before they get sent to the splunk indexer .
for example I have a text "/tmp/gerry.txt"
Want to just send the lines with "e...
...ime;client2;volumn1;N
....
I use the transaction command so that all the events are grouped by client, however, it is spanned since these checks are run as a batch job at a set interval and I w...
...reating a search filter to set search restrictions for this role. The problem is that this security solution uses accelerated data models and this way of filtering is not working on accelerated d...
...ogin time: Wednesday, 25 March, 2015 09:35:59, number of API invocations: 0, user agent: VMware VI Client/4.0.0)
I want to filter only word: "login time".
These are my props.conf and transform.conf...
Hello please I will ask several questions and thank you for taking step by step because I am a student and this is my first time using splunk enterprise: I want to monitor my active directory I fou...
Good Morning,
I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are s...
...snippet from the customized inputs.conf file that I had setup in that directory:
=======
[WinEventLog://System]
disabled = 0
start_from = oldest
current_only = 0
e...