This is my local/eventtypes.conf file
[juniper_sslvpn_auth]
search = sourcetype=juniper_sslvpn_mag "authentication successful" OR "authentication failed"
[juniper_sslvpn_authz]
priority = 6
s...
I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event T...
...aster\)\s+\w\w\s+\w\w"
But in eventypes.conf this does not work.
[gtu-master-data]
search = regex _raw="gtu.* \(master\)\s+\w\w\s+\w\w"
Does regex not work in *eventypes.conf
...ead knowledge bundle. But, I have added distsearch.conf in TA where eventtype resides and I can see macros.conf in knowledge bundle getting replicated to search peers. still I am not able to get r...
Hi,
I have two different eventtypes in which I have defined two different events given below:
event_attachment contains index=abc sourcetype=xyz "is attachment"
event_extract contains i...
...ould result in the event having two eventtypes: WeightOK and TooBig .
What would be the most efficient way of doing it? I don't think we could just have an evaluated field in props.conf / t...
Hi, I am trying create tags based on index and field name . Log: 1, User.field1, User.field2, User.field3 2, Admin.field1, Admin.field2, Admin.field3 3, Admin.field1...
Hello, I want to limit the access for some external users to all eventtypes.
There are 3 system-default-eventtypes remaining: "internal_search_terms", "splunkd-access", "splunkd-log".
The p...
...rder in ASCII ( MY_nix_addon )But when it comes to eventtypes.conf, somehow the override is NOT working.
Btool output.
/opt/splunk/etc/apps/MY_nix_addon/local/eventtypes.conf [s...