Activity Feed
- Got Karma for W3C Fields With Light Forwarder - Still don't have it. 06-05-2020 12:45 AM
- Got Karma for W3C Fields With Light Forwarder - Still don't have it. 06-05-2020 12:45 AM
- Posted Checkpointing scripts for subsequent invocations on Getting Data In. 04-06-2011 10:28 PM
- Tagged Checkpointing scripts for subsequent invocations on Getting Data In. 04-06-2011 10:28 PM
- Posted Re: W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 10:13 PM
- Posted Re: W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 09:24 PM
- Posted Re: W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 03:55 PM
- Posted W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 12:18 AM
- Tagged W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 12:18 AM
- Tagged W3C Fields With Light Forwarder - Still don't have it on Getting Data In. 09-24-2010 12:18 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 2 |
04-06-2011
10:28 PM
I'm writing an Add-on script for the universal forwarder that will read several log files containing complex data and reformat the data so that Splunk can more easily parse it.
Does my script need to implement it's own logic for "where it left off last time it was invoked" or does Splunk help with that somehow?
In other words, is it possible to have 'monitor' functionality, but with my own custom script?
Thanks.
... View more
- Tags:
- script
09-24-2010
10:13 PM
Hi, I will submit an enhancement request. And before I saw you note I got it working sending to a null queue. Thanks for your help!!
... View more
09-24-2010
09:24 PM
gkanapathy, this worked well. Except the header records make it through now too. How can I eliminate them?
... View more
09-24-2010
03:55 PM
Thank you for your excellent response. We do have different sets of fields for different web sites on the same IIS servers so we will need to specify multiple sourcetypes and fields. Thanks for that tip too.
It's things like this that still make me feel that Windows is still a second-class citizen to Splunk.
... View more
09-24-2010
12:18 AM
2 Karma
Please advise.
Linux Splunk Server 4.1.5
Light forwarder is installed on Windows IIS web Servers
Trying to get W3C Extended fields available for searching on the Splunk Server. the data is forwarded, just not with fields defined.
Windows IIS Servers have this inputs.conf
[default]
host = servername
[monitor://C:\WINNT\system32\LogFiles\W*\ex*.log]
SOURCETYPE = iis
Records also display with source types "IIS" "IIS-1" IIS-5" on the Splunk server.
What the best way to configure this to the IIS logs have their W#C Extended fields available for searching?
thanks.
... View more
- Tags:
- iis
- lightforwarder
