...n the indexed event is correct, so there's no way to tell from the indexed event itself.
I have read, among other Splunk documentation, the text following the heading "How Splunksoftware assigns t...
When you have control of the logging in an application, what is the recommendation to make things as easy as possible for Splunk to digest/report on sets of tuples?
What should the log event(s) l...
Anyone here got some recommendations for forwarding Windows event logs to Splunk without installing the Splunk forwarder software? Is there a good tool to send Windows event logs as syslog events? O...
...rom different software) are written in those logs so different format can end up in the log field: raw text, json (escaped by docker) ... etc.
The first thing I'd like to do is to extract the log f...
...ncrease in logs that came in the day of and after that the logging levels dropped to almost none with only the UF metrics getting indexed but no other logs.
• Host OS: Red Hat Linux 7.3
• Syslog software...
Error 1 - ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.
Error 2 - ERROR ExecProcessor - message from ""C:\Program Files\Splunk...
...ormatter for our in-house software that would write logs like this. I'm trying out Splunk, and trying to figure out why it doesn't pick up the timestamps for what they are. Here's a single log entry (the f...
...Besides, some software may actually reset permissions to its own default.
Simply adding the splunk user to the root group may not be quite the desired results either.
If someone has solved t...