I have a log that has multiple timestamps like this inside, but not all lines have such a date entry.
NOTE: 24DEC17:09:05:53.121 start executig macro main() syscc=0
The log creation date is 201...
...achieved this by setting the "time" key in the event metadata. For TCP, I believe I'll have to configure timestamp recognition in props.conf as described in Splunk docs.
Why I'm asking this q...
I have read multiple threads about getting data into Splunk but just about every one is for Splunk on-prem and not Cloud. Right now, I get most of my data in using multiple HEC's (Http Event Collecto...
I've heard that using Splunk's default sourcetype detection is flexible, but can be hard on performance. What is the best way to define sourcetypes that keeps performance speedy?
...ocked away under the netflow_elements: field, which contains no human readable data.
https://docs.splunk.com/Documentation/AddOns/released/CitrixNetScaler/ConfigureIPFIXinputs This document says t...
Hi, I just started using this app today, and the data I receive when I search "sourcetype=airport" has the year 2013 for one airport and 2012 for another. I notice in the actual syslog data there i...
Hey,
We are having some difficulties getting accurate timestamping on files with the same names, which are being fowarded from multiple servers to a single indexer. We have differently formatted time...
Hello,
where can I find some comparison between Splunk and ELK Stack Elasticsearch?
In terms of comparing Security, Infrastructure, deployment etc, what are the benefits of Splunk compared to ...