This is my local/eventtypes.conf file
[juniper_sslvpn_auth]
search = sourcetype=juniper_sslvpn_mag "authentication successful" OR "authentication failed"
[juniper_sslvpn_authz]
priority = 6
s...
Currently I have two separate search heads. I'm trying to consolidate my configuration files so I can make use of searchhead pooling new in v. 4.2. What would be the easiest way to do this? I coul...
This is the unbelievably ridiculous content of eventtypes.conf from the TA-FireEye_v3 app ( https://splunkbase.splunk.com/app/1904 😞
[eventtype=fe]
alert = enabled
attack = enabled
e...
I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event T...
...aster\)\s+\w\w\s+\w\w"
But in eventypes.conf this does not work.
[gtu-master-data]
search = regex _raw="gtu.* \(master\)\s+\w\w\s+\w\w"
Does regex not work in *eventypes.conf
...ead knowledge bundle. But, I have added distsearch.conf in TA where eventtype resides and I can see macros.conf in knowledge bundle getting replicated to search peers. still I am not able to get r...
Hi,
I have two different eventtypes in which I have defined two different events given below:
event_attachment contains index=abc sourcetype=xyz "is attachment"
event_extract contains i...
...ould result in the event having two eventtypes: WeightOK and TooBig .
What would be the most efficient way of doing it? I don't think we could just have an evaluated field in props.conf / t...
...ata and saved it as eventtype in eventtypes.conf in Splunk_SA_CIM/local/ and then in the tags.conf gave a tag for that eventtype to match data to data model using the tag.
My question here is do i n...
...nything else I can do to make the other feeds to work? Such as
U-verse Eventtypes,
Firewall Events
ICMP Events
Allowed Inbound traffic (Pinhole)
etc....
Thanks