...ot matter (everything shows as WinEventLog:Security regardless of search for WinEventLog:Security or wineventlog:security).
However, all these extra sources & sourcetypes are very annoying on t...
...lass that includes just the clients. But a number of the scripts have sourcetypes (auditd, Unix:ListeningPorts, etc.) that are absent from the Settings: (Data) Sourcetypes display, and as a result I c...
...he real time format. But I had perform the search result always with a single sourcetype and created a email alert notification with it. Due to different sourcetypes are available in my log files, s...
.... no events displayed, but I know there are other events which I am trying to narrow down to. Why does adding a fourth Source!= result in the display of no results at all? It happens no matter w...
...earches but just want to perhaps understand why there is a difference and if there is a fix.
eg.
Panel 1 (different types counts)
sourcetype="logs.stats" | timechart count by message_type | f...
When I talk to folks who are new to Splunk, I often struggle to explain the concept of a sourcetype to them. Other basic fields, like host , source and _time , are more easily understood b...
All,
I am looking at Splunk for Unix TA. I see the /var/log/messages input and for the life of me I can't find in this app where it's getting it's sourcetype of "syslog". Skimmed props.conf on t...
Where I can get information about sousre type settings(custom)? I want to set the start and end of the log . What do I do if one дщп has several types of log messages?
...ee nothing, no data is there.
I have rebuilt the app several times as the Splunk user, as root. chmod everything to 777. rebuild sourcetypes and index's. did props conf, treid w...