I observe a strange behavior with one of out UniversalForwarders.
First I've added a new logfile on the forwarder with CLI. Events looks good on a search.
After that I'vre removed the monitor a...
...nstallation but they appear to be garbled nonsense of some sort. What do I need to do to make my Windows events show up correctly on my server.
Here is an example of what I see when I click event and c...
I've moved the Windows Event log Forwarded Events log to another partition because I expect it to out grow the C partition on our W2K16 machine. In my input conf, before I moved the log I had it s...
...econd search (on Tracking error) starts to output the complete event ( in the red box in output) instead of filtered out keywords (in the green box in output) for some cases. Output : Those events...
...ny performance benefits?
If so, how, exactly? (To "abort" reading malformed/garbled input lines sooner rather than later?)
The default value of 128 exceeds the longest possible time stamp value; I...
I'm looking over an XML log and in the Splunk viewer there are events with long strings of the following:
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
I can't seem to find this s...
I have events with a field that contains a desired destination index (see index=* below).
[timestamp] index=layer1 message="123456"
[timestamp] index=layer2 message="123456"
[timestamp] i...
We have set up UDP inputs for syslog data on splunk indexers. We have set up a load balancing pool on a citrix netscaler to forward data to splunk. We are getting messages in splunk from the devices...