I want to setup alert for changing logs.
The service name changed to success from failure then it writes to a log file and vice-versa but we don't know when its value change occurs. It may occur i...
I am trying to setup my splunk enterprise 6.6.1 to be able to injest windows logs from remote pc's but not having much luck. I know I am missing something, or not comprehending something, but c...
The Problem:
I'm attempting to setup an alert for if one of my forwarder machines boots in Safe Mode. The data that's retrieved from Windows Event Viewer and Splunk Web Interface regarding b...
We are wanting to modify our Splunk forwarders on workstations to look at other log files and I am curious how to go about doing this.The location of the log files on the computers are as follows. I...
...orwarder. These are logs that are coming from other sources that don't have the agent. How do we setup the receiver on the universal forwarder to allow it to receive logs via the REST API ?
These a...
hi,
I am evaluating splunk-sdk for node. My application throws up a lot of messages, some info, some warn, some error. I have a requirement to log specific error levels only and the level is d...
...ost appreciated it. From the Ironport log, we see the first MID was generated along with the sender, recipient, and subject, however, once Ironport detected DLP violation and couldn't send using TLS, i...
I've got the following search to identify when a user has more than 20 auth failures.
I'm trying to find a way to remove additional logs of users who have less than 20 auth failures from the E...
On your splunk indexers, can you setup multiple filters for one specific log?
I've been looking around, but maybe i'm not searching correctly.
ex.
/var/log/messages would have lines in it s...
I have a set of long-running processes that are occasionally restarted. They generate a set of "heartbeat" events where only the timestamp of the event changes, but otherwise the same data is r...