Hello Splunkers,
I have a question, would it be possible to assign a specific sourcetype to some logs inside a input stanza, depending on the content of the log itself (based on the key / fields ex...
Hello, Are there any queries I can run from SPLUNK search head to find: 1. all configured DB Connections and their associated index/source Types in SPLUNK. Any help will be highly appreciated!...
I'm trying to specify a single stanza in props.conf, with FIELDALIAS and EVAL expressions, for two different sourcetypes, "Snare:Security" and "XmlWinEventLog". However, when I use an OR pipe to s...
...he REGEX. I deployed using a Deployment Server on my Heavy Forwarders an app contaning the following files: fields.conf props.conf transforms.conf in fields.conf I inserted [fieldname]
I...
Our Splunk environment is producing many Windows eventlog entries with broken sourcetypes.
When looking at the source log line, it's clear with no strangeness, but the sourcetype appears broken....
Hi I have currently 5-6 index setup where consider abc as fieldname , which is extracted at index time and same fieldname is called with different name in different indexes like cde, efg . Now...
Greetings, I am trying to get different log types such as security and audit logs for example from a single IP source from my HF instance, how exactly should I be settings my settings in Inputs, Tra...
...inline regex function in props with the same regex (without quotes) and it does not work. I have also used a transforms.conf with the stanza as follows
[hostname]
FORMAT = Hostname::$1
R...
...ystem via syslog, Indexer must receive all the logs, Third Party system must receive a subset of these data (three sourcetypes) using syslogs (udp). I used the available documentation (https://d...