Hello, In one of the windows machine logs (path: C:\servicedesk\logs) sending via the universal forwarder to Splunk. So I created inputs.conf and below are the monitor paths, so now am getting l...
I have this in my inputs.conf
_whitelist=(\.log|log$|^messages|^secure|mesg$|cron$|acpid$|\.out)
Can anyone help me understand what are the " ^ " and the " $ " are used for?
Hi there. A simple question, it's not for a real usage, just a curiosity 😊 Does UF block inputs for system paths by default? An example, teorically an inputs like this [monitor:///...]
w...
...hat it is only running on about 30 devices. Here is the current section in inputs.conf : [WinEventLog://Security] disabled = 0 evt_resolve_ad_obj = 1 checkpointInterval = 5 b...
I have a host that I am receiving logs into my heavy forwarder and that works fine. I now have a new log source on the same host and the entry in my inputs.conf is not passing the data I need t...
...hey talk about modifying the file "props.conf" and "transforms.conf" what is the difference between doing it from inputs.conf and the other way? inputs.log [monitor:///folder/folder/folder/i...
Hi I have a basic questions about the inputs.conf file In our apps, we have a inputs.conf file under etc/apps/test/inputs.conf what is normal But what is the difference between etc/system/l...
I'm working on an input.conf from a universal forwarder when I noticed the first stanza is missing a ] ex: [WinEventLog://Application instead of [WinEventLog://Application] Since I d...
Hi Splunkers, I have a problem with a blacklist filter. On customer's UF, we filtered out some events changing the inputs.conf file. The ones based on comma separated list, like Windows EventID, a...
Im a splunk admin and I got asked to update the inputs.conf file for the app pingfederate. Im a little unsure of how to do it and I figured id ask here instead of bricking our prod system. T...