Hi,
I have configured a Windows universal forwarder on one of my Windows server. I do not want any of the event logs or performance monitoring on this machine, so I did not select any of that w...
Hi,
I'm trying to monitor some Apache logs and I can't seem to get the statement correct.
I'm trying to monitor "access_log.*" , "error_log.*" , access_log, error_log, and the gzs to go w...
Have this problem with linebreaks in the logs from McAFee database mon tool. Tried a couple of configs on props.conf, but didn't help. Basically trying on a test machine and no new logs are coming i...
Hi,
I have a forwarder on a Windows server that is pulling logs from a folder. Logs are in a single file (multiple lines - each line per event).
Each event for that index contains multiple l...
Hello Splunk Guru,
In our environment, we have many Universal forwarders, few indexers and couple of search heads.
Files to monitor from many forwarders
/application/app1/logs/*
/a...
We have been a long time linux shop for monitoring syslog data. However recently we have needed to switch to winOS since we are trying to convert to syslog over TCP. I am running into issues now w...
Hi,
I need to monitor two catalina logfiles that are in the same directory, but have different formats (and sourcetypes).
The naming convention is ../catalina.YYYY-MM-DD.log and catalina.out...
Hello,
Our Splunk Enterprise structure are 1 Master, 2 Search Head and 4 Indexer Cluster. The Master will configure Forwarder Management and the deployment apps stay there.
Now I want to index s...
Using Splunk 6.4.1
I am trying to monitor the WinEventLog://Security; however, I only need to monitor two EventCodes (4732 and 4624). Additionally, we are looking to remove all service accounts f...