I'm wondering if it's possible to set the hostvalue for an eventbasedondata within that event. Essentially I'm capturing snmp traps to a file that is monitored by Splunk. The first line of t...
In the Getting Data In documentation, it says I should be able to sethostbasedoneventdata using props.conf and transforms.conf:
http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/o...
This is related to HEC queue size. When I execute "index=_internal host=abc group="queue" name="httpinputq" | eval name=name+":"+host | stats values(name) by max_size_kb" => max_size_kb value s...
I have a v4.1.4 full forwarder setup to forward the Windows system and application event logs to a v4.1.4 indexer. At this point, events coming from both event logs have the hostname of the f...
...sourcetype]
REGEX = "msg_sourcetype\": \"(?<one>[a-zA-Z]*)"
FORMAT = sourcetype::$1
DEST_KEY = MetaData:Sourcetype
The following is a big help - Sethostvaluesbasedoneventdata
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
...tings for each host in our environment.
I also have events for hosts which each have an ID field which lists one of the many active settings on the host. Each host can generate hundreds of t...
...his already output metric data into an actual metric index for retention and faster searching.
The problem is that when running the search above, the hostvalue for all of my metrics is set to t...
We have events coming from hosts that need to have additional information added to them from two configuration files. One file is a plain text file which contains a label for the set of hosts this p...