About mattsutton

mattsutton · ‎04-11-2014

Q quick brush up on regex confirms that, still can't seem to get it working though 😞 it has no problem filtering data for two individual hosts but once I make the host this|that or doesn't like it, I'll keep trying some things.

mattsutton · ‎04-11-2014

Thanks for your reply lukejadamec. I've already tried things like this but don't seem to have gotten anywhere. At least I now know it's based on regex which I'd forgotten originally! Also I'm not entirely sure which stanza would work anyway, since from my experience with regex I think it would need to be (this)|(that) as oppose to (this|that).

mattsutton · ‎04-11-2014

Hi, Does anyone know if it's possible to create a single props.conf stanza that looks for multiple hosts? I've checked the props.conf spec and example files and had a look around Splunk answers but can't seem to find anything about it, although it seems as though it's possible for multiple sources. What I want to do is something like this: [host::(192.168.2.52)|(192.168.69.15)|(winxp01)] TRANSFORMS-null = transform-to-null This would then reference the following stanza in transforms.conf: [transform-to-null] REGEX = . DEST_KEY = queue FORMAT = nullQueue Which would of course send all of the events to the nullQueue, has anyone managed to achieve this? Thanks, Matt

mattsutton · ‎03-27-2014

I've written a blog recently with regards to the DB Connect app. I had this exact issue and hopefully this will help you in solving the problem or at least troubleshooting it.You can find at www.satisnet.co.uk/blog/splunk-db-connect/

Posts	4
Solutions	0
Karma Given	3
Karma Received	3
Member Since	‎06-13-2013

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

Referencing Multiple hosts in Props.conf

Re: Referencing Multiple hosts in Props.conf

Re: Referencing Multiple hosts in Props.conf

Referencing Multiple hosts in Props.conf

Re: Splunk DBConnect Error - Splunkd daemon is not...