This is my local/eventtypes.conf file
[juniper_sslvpn_auth]
search = sourcetype=juniper_sslvpn_mag "authentication successful" OR "authentication failed"
[juniper_sslvpn_authz]
priority = 6
s...
I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event T...
...aster\)\s+\w\w\s+\w\w"
But in eventypes.conf this does not work.
[gtu-master-data]
search = regex _raw="gtu.* \(master\)\s+\w\w\s+\w\w"
Does regex not work in *eventypes.conf
...ould result in the event having two eventtypes: WeightOK and TooBig .
What would be the most efficient way of doing it? I don't think we could just have an evaluated field in props.conf / t...
I always saw these "OS" and "Windows" tags on the eventtypes.conf and tags.conf. It's on the production environment and splunkbase applications even we're only using default Splunk CIM. OS- can b...
Hello,
I setup correctly Cisco eStreamer 3.0.0 but I see that is not CIM and Enterprise Security won't see the data correctly.
Does anyone know if there will be a new version of CIM? Or the best...
Hi,
is it possible to use a wildcard in the field value pair settings?
This way doesn't work for me:
field value pair: referral=A*
tag name: campaign1
BR
Heinz
...plunk/etc/apps/unix/default/eventtypes.conf, line 6: dispatch.earliest_time = -15m
Possible typo in stanza [Failed_SU] in /app/splunk/etc/apps/unix/default/eventtypes.conf, line 176: tag = a...