Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
340 results
Sorted by:
11-03-2017
12:43 PM
1 Karma
This is my local/eventtypes.conf file
[juniper_sslvpn_auth]
search = sourcetype=juniper_sslvpn_mag "authentication successful" OR "authentication failed"
[juniper_sslvpn_authz]
priority = 6
s...
04-25-2011
01:24 PM
1 Karma
Currently I have two separate search heads. I'm trying to consolidate my configuration files so I can make use of searchhead pooling new in v. 4.2. What would be the easiest way to do this? I coul...
12-24-2018
12:16 PM
This is the unbelievably ridiculous content of eventtypes.conf from the TA-FireEye_v3 app ( https://splunkbase.splunk.com/app/1904 😞
[eventtype=fe]
alert = enabled
attack = enabled
e...
01-10-2012
02:09 PM
I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event T...
11-09-2015
04:51 AM
1 Karma
...aster\)\s+\w\w\s+\w\w"
But in eventypes.conf this does not work.
[gtu-master-data]
search = regex _raw="gtu.* \(master\)\s+\w\w\s+\w\w"
Does regex not work in *eventypes.conf
- Tags:
- eventtypes.conf
- regex
04-12-2017
01:48 AM
1 Karma
...ead knowledge bundle. But, I have added distsearch.conf in TA where eventtype resides and I can see macros.conf in knowledge bundle getting replicated to search peers. still I am not able to get r...
09-17-2015
07:25 AM
Hi,
I have two different eventtypes in which I have defined two different events given below:
event_attachment contains index=abc sourcetype=xyz "is attachment"
event_extract contains i...
12-09-2016
01:08 PM
...ould result in the event having two eventtypes: WeightOK and TooBig .
What would be the most efficient way of doing it? I don't think we could just have an evaluated field in props.conf / t...
11-03-2017
07:27 AM
...ata and saved it as eventtype in eventtypes.conf in Splunk_SA_CIM/local/ and then in the tags.conf gave a tag for that eventtype to match data to data model using the tag.
My question here is do i n...
10-22-2017
08:18 AM
...nything else I can do to make the other feeds to work? Such as
U-verse Eventtypes,
Firewall Events
ICMP Events
Allowed Inbound traffic (Pinhole)
etc....
Thanks
