I am trying to create a props.conf to pass a custom timestamp. To do so I wanted to uploaddataand use the set source type page to configure timestamp parameters and then copy the props.conf to c...
i am a beginner in using splunk. I'm doing research on log traffic from Palo Alto. inside i uploaddata to splunk. what is the most appropriate sourcetype for me to choose?
...-mail encryption. I have configured SMTP Conversation Logs to be delivered via syslog into the file onto Splunk indexer server and marked that file as cisco_esa to be recognized by the application....
...ption to Sinkhole the file.
In our case I would not like to keep the file, just use the data for 24h so I will be selecting to Sinkhole it yet I am not sure how to configuredata expiration. When a f...
...age is a view in your app that displays the first time a user launches the app in Splunk Web. This view guides users through the app configuration workflow and prompts them to provide any information r...
I am clear of steps needed for uploading a .tar file but I have a question about how does it work. Splunk indexes the file eventually and stores it in the database which isn't easily human readable....
Hi
I am interested to upload two distinct files form multiple directories. I have done this previously by using Splunk-web, but now I am trying to do it by modifying props.conf and input.conf. S...
...ried the format s (As suggested in the caption).
But in doing so, Splunk is not recognizing the timestamp and as a consequence not uploading the data
How to fix this?
Sample epoch date: 1498892320
...onitor its AD data. But, I am provided with a snippet file of AD logs and should not monitor live data. How do I go about configuring the add-on/uploading the file in a readable format?
for example I want to upload a log file to splunk using universal forwarder. But in that log file there is a lot of log data I don't want to use and I don't want to put it on splunk, I can process i...