Hello, 1) What is the difference between using "| summaryindex" and "| collect"? Thank you for your help. Summaryindex is generated by a scheduled report. I clicked "view recent" and the f...
Hello, community, I wanted to ask a fundamental question regarding specific logs collection. The question is: Do we really pull logs from the AD by sticking an agent on that AD DC machine/s? I h...
Hi Splunkers,
for our customer we collect log from Windows systems. The main configuration details are:
Logs go from DCs to a dedicated HF and then to Splunk Cloud, so the flow is: DCs -> H...
Hi Splunkers, for a customer we are preforming a migration in Windows Logs collection: as suggested by some of you in another topic, we are passing from WMI method to UF one (and it is very, very, v...
...inute. How do I ensure the collector won't miss log entries or duplicate log entries in this scenario? Or are we always at risk of the collector missing the last few log entries that push the&n...
Intermittent text file data collection is not possible.
Initially, it is a collection of csv file data.
After that, if you change only a few characters in the csv, you cannot collect them i...
...| collect index=sec_apps_summary source="savedSearch_1d" And earliest , latest setting as -1@d and @d . There is another SEARCH-2, that invokes the 'saved search' and the SPL starts l...
which mode does the splunk forwarder support ? If push or pull mode is all supported, we want to know how to configure the different mode,and the disad...
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l...
Hi everyone,
I recently took over a project by someone who is no longer with my employer. He made several scheduled searches that write to an index, and it was working great. However last month out...