Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
9,000 results
Sorted by:
03-21-2013
10:55 AM
Does props.conf go on a forwarder or on the main splunk server?
- Tags:
- props.conf
07-07-2019
12:53 PM
what is the expected impact of increasing the value for TRUNCATE, the log reception upper limit setting value that can be defined in the indexer props.conf.
Also, is there any problem cases with T...
4 weeks ago
Hello SMEs....Seeking helping hand I got stuck while putting EVAL-<field-name> in props.conf using case command and it is not at all working while the same is working in search bar in GUI. A...
- Tags:
- props.conf
Labels
- Labels:
-
eval
Show results in replies (4)
-
HI @pavanbmishra, The eval -xyz filed name have you used anywhere else in the same props. c...
-
...xact props.conf file
-
Thanks Vardhan for your quick help 🙂 No i am not using that eval-xyz field anywhere in the props...
-
...fter placing the props.conf in search head can you quickly restart and check if it is a single i...
3 weeks ago
Goal is to parse new events based on this source value into multiline events split each time a new date is encountered. Currently the events are not splitting correctly based on the date, as well ...
Labels
- Labels:
-
other
01-26-2021
10:34 AM
Hi, I need help adding a line in my props.conf file that will convert lastupdatedt time from UTC to Mountain time. Example extracted from an event below: "lastupdatedt":"2021-01-26 11:32:4...
Labels
- Labels:
-
props.conf
-
time
02-16-2021
05:26 AM
None of my configurations in props.conf is working and entire file is coming as single event HEADER_FIELD_LINE_NUMBER = 1 is also not working Data is server patching data C...
Labels
- Labels:
-
universal forwarder
02-22-2021
03:47 PM
Hey all, I have a relatively dumb question. I'm trying to familiarize myself with Splunk's props.conf and transforms.conf files. Within one of my props.conf file there's a stanza defined for a c...
Labels
- Labels:
-
props.conf
-
sourcetype
09-23-2020
05:54 AM
...lready have KV_MODE=JSON in my props.conf
Labels
- Labels:
-
field extraction
-
JSON
-
props.conf
08-09-2019
09:11 AM
Hi, this issue has been mentioned here before but still my changes in props.conf are not effective.
Here is the configuration I'm using :
Inputs.conf :
[default]
host = bb1322454b5f
s...
03-08-2018
03:18 AM
what is the difference between props.conf and transforms.conf and how its works
