I am trying to setup my splunk enterprise 6.6.1 to be able to injest windows logs from remote pc's but not having much luck. I know I am missing something, or not comprehending something, but c...
I want to setup alert for changing logs.
The service name changed to success from failure then it writes to a log file and vice-versa but we don't know when its value change occurs. It may occur i...
The Problem:
I'm attempting to setup an alert for if one of my forwarder machines boots in Safe Mode. The data that's retrieved from Windows Event Viewer and Splunk Web Interface regarding b...
I've got the following search to identify when a user has more than 20 auth failures.
I'm trying to find a way to remove additional logs of users who have less than 20 auth failures from the E...
...orwarder. These are logs that are coming from other sources that don't have the agent. How do we setup the receiver on the universal forwarder to allow it to receive logs via the REST API ?
These a...
We are wanting to modify our Splunk forwarders on workstations to look at other log files and I am curious how to go about doing this.The location of the log files on the computers are as follows. I...
...ost appreciated it. From the Ironport log, we see the first MID was generated along with the sender, recipient, and subject, however, once Ironport detected DLP violation and couldn't send using TLS, i...
hi,
I am evaluating splunk-sdk for node. My application throws up a lot of messages, some info, some warn, some error. I have a requirement to log specific error levels only and the level is d...
On your splunk indexers, can you setup multiple filters for one specific log?
I've been looking around, but maybe i'm not searching correctly.
ex.
/var/log/messages would have lines in it s...
I'm trying to setup .log file monitoring so splunk would pull the context of the .log files in to the indexer and nothing i try seems to work.....
Can someone please help? I'm a newbie at this w...