Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
510 results
Sorted by:
07-02-2020
02:06 AM
...o do is to deploy a props.conf on the HF to indicate the following: [audittrail]
SHOULD_LINEMERGE = false
SEDCMD = s/\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}\.\d{3}.* INFO AuditLogger - //g &n...
Labels
09-20-2017
08:01 AM
I'm getting this error: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf
Looking at the audit.conf.spec, that key is no longer mentioned. In earlier versions it was....
08-18-2023
05:08 AM
09-26-2023
07:45 AM
Blocked auditqueue can cause random skipped searches, scheduler slowness on SH/SHC and slow UI.
- Tags:
- Search Head
Labels
- Labels:
-
other
11-05-2019
01:04 PM
...ost123.secure.2019080165784.audit.log.1
I want Splunk to have host as "host1" and "hostab" and "host123", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = \/S+([^.])....
06-07-2018
10:03 AM
...ave host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
Also tried
host_regex = /audit/f...
12-07-2021
12:37 PM
...abel = Omega Core Audit for Oracle
is_visible = 1
[triggers]
reload.inputs_templates.conf = simple Note the reload.inputs_templates.conf = simple under [triggers]. So why the failure by A...
- Tags:
- appinspect
Labels
- Labels:
-
app
09-06-2021
12:00 AM
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l...
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
02-08-2023
11:16 AM
...ntire contents of my props.conf file:
[xxx:xxx:audit:xml] MUST_BREAK_AFTER = \</AuditMessage\> KV_MODE = xml LINE_BREAKER = ([\r\n]+) NO_BINARY_CHECK = true SHOULD_LINEMERGE = t...
- Tags:
- parsing
- props.conf
Labels
- Labels:
-
field extraction
-
fields
-
other
04-07-2016
12:57 AM
...86_64
Can't create directory "": No such file or directory
An error occurred: Could not create audit keys (returned 4).
[root@splunk bin]#
As a result Splunk does not start. Please help me to r...
Labels
- Labels:
-
upgrade
