I am working with a custom application that generates log files and I think I need to create a new source type and then during the indexing phase extract the fields.
I know that they say t...
Hi all,
I'm trying to modify the SplunkforSquid app to read my squid customlog file format correctly. As per squid.conf it is-
logformat test %ts.%03tu %6tr %>a %Ss/%03Hs 0 %03Hs %st %r...
...ocs.docker.com/engine/admin/logging/splunk/). I can only find containers which uses main index.
How can I retrieve container logs that use tokens referencing to this custom index?
Thank you.
I intend modify my app/script so that it will write out a completely customlog file format for Splunk to monitor and index in real-time.
What is the best, most optimal format to use for my custom...
Hi Splunk community,
For Log A, I would like to extract out all the values of a specific field that matches a specific condition.
Then with the values extracted from Log A, I would like to use...
...ense to writing a custom bit of code to forward the data directly to Splunk from my application without writing to a physical log. I'm new enough to Splunk that I didn't manage to find the relevant docs. I...
Hello there, We are looking to use the Custom option to send vpc flow log data to Splunk Cloud. Previously we were using the default set of fields. There's a need to ingest additional fields w...
I am using the UF to try and collect logs from a custom windows application. Below is my inputs.conf stanza. How I am not seeing the logs. How can I see if they are getting collected and how can s...
...or some time. I am running SSL on port 9997 between my forwarders and my Indexer. Certs being used are custom.
I recently have had a problem with two Universal Forwarders. They are not f...
What is the best timestamp format to use for my customlog to be indexed by Splunk?
Sensible choices are:
Round-trip pattern 2010-08-06T16:43:04.1291862-04:00
Full pattern Friday, A...