Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
274 results
Sorted by:
11-03-2017
12:43 PM
1 Karma
This is my local/eventtypes.conf file
[juniper_sslvpn_auth]
search = sourcetype=juniper_sslvpn_mag "authentication successful" OR "authentication failed"
[juniper_sslvpn_authz]
priority = 6
s...
12-24-2018
12:16 PM
This is the unbelievably ridiculous content of eventtypes.conf from the TA-FireEye_v3 app ( https://splunkbase.splunk.com/app/1904 😞
[eventtype=fe]
alert = enabled
attack = enabled
e...
04-25-2011
01:24 PM
1 Karma
Currently I have two separate search heads. I'm trying to consolidate my configuration files so I can make use of searchhead pooling new in v. 4.2. What would be the easiest way to do this? I coul...
01-10-2012
02:09 PM
I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event T...
11-09-2015
04:51 AM
1 Karma
...aster\)\s+\w\w\s+\w\w"
But in eventypes.conf this does not work.
[gtu-master-data]
search = regex _raw="gtu.* \(master\)\s+\w\w\s+\w\w"
Does regex not work in *eventypes.conf
- Tags:
- eventtypes.conf
- regex
12-09-2016
01:08 PM
...ould result in the event having two eventtypes: WeightOK and TooBig .
What would be the most efficient way of doing it? I don't think we could just have an evaluated field in props.conf / t...
09-17-2015
07:25 AM
Hi,
I have two different eventtypes in which I have defined two different events given below:
eventattachment contains index=abc sourcetype=xyz "is attachment"
eventextract contains i...
11-03-2017
07:27 AM
...ata and saved it as eventtype in eventtypes.conf in SplunkSACIM/local/ and then in the tags.conf gave a tag for that eventtype to match data to data model using the tag.
My question here is do i n...
08-16-2019
02:59 AM
...n ASCII ( MY_nix_addon )But when it comes to eventtypes.conf, somehow the override is NOT working.
Btool output.
/opt/splunk/etc/apps/MY_nix_addon/local/eventtypes.conf [s...
Labels
10-22-2017
08:18 AM
...nything else I can do to make the other feeds to work? Such as
U-verse Eventtypes,
Firewall Events
ICMP Events
Allowed Inbound traffic (Pinhole)
etc....
Thanks
