We have a CEF output that isn't sending events via the cefout command. We can take the scheduled search and just remove the end with the |cefout and CEF events are generated. <Datamodel s...
I've installed and configured the Splunk App for CEF 2.0.0 on Splunk Enterprise 6.6.0. I've created a single CEF output and installed the generated cefout add-on to each indexer. It works fine f...
...hat's generated with |cefout my_routing_group the python script is throwing an error that it's an invalid routing group, which makes sense because the only place that group is defined is in the o...
Has anyone made the cef app output udp instead of tcp?
TCP is the only thin that is supported but there is nothing to stop someone from creating a tcp out and then editing the file and making it u...
...aster. Require firewall and routing is fine. But i am getting below error in cefout.log
DEBUG ARGS: [u'routing=broker']
WARNING Invalid routing group 'broker'
Note:broker is my search name in c...
All,
We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing reasons. Basically a few gigs of a subset of the data. I remember seeing a way to...
...or cefout. Can it even be configured to send UDP?
This is all done in a test environment without a hardware diode for easy troubleshooting but the goal is to set up two splunk servers separated b...
Recently we configured outputs.conf/props.conf/transforms.conf on our Heavy Forwarders to forward 3 specific events to a remote Syslog collector. The configuration worked for several days, and then ...
I am trying to understand the data path for the latest CEF app release ( https://splunkbase.splunk.com/app/1847/ ).
In the new app, on creation of a new output, you need to push out a created TA t...