Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
8,000 results
Sorted by:
03-21-2013
10:55 AM
Does props.conf go on a forwarder or on the main splunk server?
- Tags:
- props.conf
05-07-2020
08:53 AM
...IMEPREFIX config still need the MAXTIMESTAMPLOOKAHEAD?
props.conf
[mysourcetype]
CHARSET=UTF-8
INDEXEDEXTRACTIONS=json
KVMODE=none
LINEBREAKER=([\r\n]+)
NOBINARYCHECK=true
S...
07-07-2019
12:53 PM
what is the expected impact of increasing the value for TRUNCATE, the log reception upper limit setting value that can be defined in the indexer props.conf.
Also, is there any problem cases with T...
10-29-2019
03:56 PM
...ultiple entries for this same regex line all in one event. Should be separating out into separate events. What am I missing?
PROPS.CONF
[legacyeft:eftpcl]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)^J...
04-23-2020
06:09 PM
When creating the local/props.conf and local/transforms.conf, do I need to copy the entire default/props.conf and default/transforms.conf files into local/ or do I simply start with blank files and a...
08-09-2019
09:11 AM
Hi, this issue has been mentioned here before but still my changes in props.conf are not effective.
Here is the configuration I'm using :
Inputs.conf :
[default]
host = bb1322454b5f
s...
03-27-2020
10:52 AM
I have the following raw data and I am trying to break the individual events starting with timestamp and before another timestamp starts .
2020-03-27 00:00:00.003 [quartzJobExecutor-1] INFO c.c...
03-25-2020
12:48 PM
Hello All ,
I have a json data format , which I am trying to import into splunk .I want to extract the timestamp from the last field value a multivalue field .For instance there is a field calle...
06-24-2020
07:12 AM
Hi All, I'm banging my head against a wall attempting to figure out why a SEDCMD inside of a props.conf on a UF isn't wanting to strip out the value I tell it to. We are wanting to strip out a h...
Labels
03-08-2018
03:18 AM
what is the difference between props.conf and transforms.conf and how its works
